This is the Ewido Report
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:59:02 PM, 15/05/2005
+ Report-Checksum: F9CC6432
+ Date of database: 16/05/2005
+ Version of scan engine: v3.0
+ Duration: 47 min
+ Scanned Files: 81001
+ Speed: 28.39 Files/Second
+ Infected files: 82
+ Removed files: 82
+ Files put in quarantine: 82
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Kevins\Cookies\kevins@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@c5[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@yantis[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Cookies\kevins@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\B141790664\build2.exe -> Spyware.Isearch -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\kevins@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Kevins\Local Settings\Temp\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0E9CA8FD-76A7-4AB1-B954-E56CAB.asq -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\AC54E777-9AFB-4A2C-8DB7-432458.asq -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D6E30D7E-8BD7-4278-B334-7B9674.asq -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F8FBC974-B156-4353-8A4B-301927.asq -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B0A5ABA-117B-4353-8589-2165A9\1B744C09-BE07-40B0-A6B1-227DCB -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B0A5ABA-117B-4353-8589-2165A9\380E373D-6833-4BEB-85EC-FD4B0C -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\33916CB0-8683-4BA5-AF9E-1A98C6\ADA70895-4745-49F3-B1BA-73CA46 -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\33916CB0-8683-4BA5-AF9E-1A98C6\B73B72C8-3786-4C6A-99F5-DD32FC -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7E97DC62-8340-4F9B-9835-D9ADBB\29DD15CC-8365-4E44-9680-5B02FB -> Spyware.EZula.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7E97DC62-8340-4F9B-9835-D9ADBB\2AF59EA5-2BA2-4D4B-8625-40B3C4 -> Spyware.EzuLa -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7E97DC62-8340-4F9B-9835-D9ADBB\EF152101-62BC-4E90-97E5-A564B5 -> Spyware.EZula.z -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\84054A45-264E-466C-93F4-DDEA02\4F23A20A-68DE-4898-A629-03C9A0 -> TrojanDownloader.Agent.br -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A429C324-487C-4EDD-AC40-2C12E5\24704C1D-74F0-44FB-B20F-BB615B -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A429C324-487C-4EDD-AC40-2C12E5\C68A5124-25FD-41B1-BBB0-FA22F6 -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A429C324-487C-4EDD-AC40-2C12E5\C90EC9CF-6FE7-4ABD-B01C-837EA4 -> TrojanDownloader.Qoologoc.i -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C818EB9B-F896-401E-823E-88EC6A\0DFED726-E1AA-4EB5-8C22-738521 -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C818EB9B-F896-401E-823E-88EC6A\19797C05-D597-4137-826D-E6C069 -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DAF48E34-9C30-405D-B91C-CD5833\A1EEDE59-F077-4FE2-852B-CCADFD -> Spyware.EZula.g -> Cleaned with backup
C:\WINDOWS\ceres.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\iconu.exe -> Spyware.Zestyfind -> Cleaned with backup
C:\WINDOWS\isrvs\desktop.exe -> Spyware.ISearch.d -> Cleaned with backup
C:\WINDOWS\isrvs\ffisearch.exe -> Spyware.Isearch -> Cleaned with backup
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.ISearch.e -> Cleaned with backup
C:\WINDOWS\isrvs\mfiltis.dll -> Spyware.ISearch.d -> Cleaned with backup
C:\WINDOWS\isrvs\msdbhk.dll -> Spyware.Isearch.a -> Cleaned with backup
C:\WINDOWS\system32\carules.dll -> Spyware.CouponAge -> Cleaned with backup
C:\WINDOWS\system32\dxaoaxq.exe -> TrojanDownloader.Qoologic.i -> Cleaned with backup
C:\WINDOWS\system32\seygyeb.dll -> TrojanDownloader.Qoologic.i -> Cleaned with backup
C:\WINDOWS\system32\wυaclt.exe -> Spyware.PurityScan.am -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\kevins@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\Cookies\my
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Temp\upd202.exe -> Spyware.Look2Me.ab -> Cleaned with backup
::Report End
This is a new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 10:03:11 PM, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kevins\Desktop\HiJack\HijackThis.exe
C:\Program Files\WinZip\WZQKPICK.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.runescape.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.shaw.caO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.computerboulevard.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) -
http://www.i-say.ca/...sses/CFJava.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) -
https://www.epost.ca/printing/smsx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....738&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
https://support.micr...ActiveX/odc.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse....iveX/winrep.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://209.56.63.5/a...sCamControl.cabO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai....23/cpbrkpie.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://antu.popcap.c...aploader_v5.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\hr6s05j7e.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe