Logfile of HijackThis v1.99.1
Scan saved at 9:04:17 PM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
-----About:Buster log------
Scanned at: 8:07:59 PM on: 5/28/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:58:26 PM, 5/28/2005
+ Report-Checksum: 4B030F71
+ Date of database: 5/29/2005
+ Version of scan engine: v3.0
+ Duration: 42 min
+ Scanned Files: 53569
+ Speed: 20.83 Files/Second
+ Infected files: 23
+ Removed files: 23
+ Files put in quarantine: 23
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\
+ Scan result:
C:\Program Files\Common Files\Java\flenclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Common Files\Java\flnclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Common Files\Java\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Common Files\zzqm\zzqmp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\Program Files\Fln\flnclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Fln\Uninst.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\tvs\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\WINDOWS\system32\atiupdate5.exe -> Spyware.Adtomi.e -> Cleaned with backup
C:\WINDOWS\system32\bde3d_refp3.dll -> Spyware.BrillianDigital -> Cleaned with backup
C:\WINDOWS\system32\calsdr.exe -> TrojanDropper.Small.ff -> Cleaned with backup
C:\WINDOWS\system32\chktrust.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\fcxfqyad.exe -> TrojanDropper.Agent.ii -> Cleaned with backup
C:\WINDOWS\system32\flsmngr.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\kavdfwru.exe -> TrojanDropper.Agent.ka -> Cleaned with backup
C:\WINDOWS\system32\kxvkkmby.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\lcinstaller.exe -> Spyware.WinAD -> Cleaned with backup
C:\WINDOWS\system32\nliyxefk.exe -> Spyware.Quaq -> Cleaned with backup
C:\WINDOWS\system32\spoolsrv32.exe -> Spyware.FindSpy.e -> Cleaned with backup
C:\WINDOWS\system32\srpcsrv32.dll -> TrojanDownloader.Adload.g -> Cleaned with backup
C:\WINDOWS\system32\termbdfc.dll -> Backdoor.Srvlite -> Cleaned with backup
C:\WINDOWS\system32\tv2.dll -> TrojanDropper.Miewer.a -> Cleaned with backup
C:\WINDOWS\system32\xrxpesxo.exe -> TrojanDropper.Small.wv -> Cleaned with backup
::Report End