Logfile of HijackThis v1.99.1
Scan saved at 12:38:53 AM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\Explorer.exe
J:\WINDOWS\system32\LEXBCES.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\system32\LEXPPS.EXE
J:\WINDOWS\system32\RunDll32.exe
J:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
J:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
J:\WINDOWS\system32\sistray.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
J:\Program Files\ewido\security suite\ewidoctrl.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\WINDOWS\System32\svchost.exe
j:\windows\system32\cgkmcv.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Documents and Settings\Administrator\My Documents\Downloads\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe J:\WINDOWS\Nail.exe
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - J:\WINDOWS\ceres.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sgqgtva] j:\windows\system32\cgkmcv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = J:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = J:\Program Files\InterVideo\WinDVD4PR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = J:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://j:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://j:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://j:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://j:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://j:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1111535760999
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - J:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - J:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - J:\WINDOWS\svcproc.exe
ACTIVE SCAN RESULTS
Incident Status Location
Adware:Adware/Transponder No disinfected J:\WINDOWS\system32\DrPMon.dll
Adware:Adware/Transponder No disinfected j:\windows\system32\cgkmcv.exe
Adware:Adware/Ucmore No disinfected J:\Program Files\thesearchaccelerator
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/nCase No disinfected J:\Program Files\180solutions
Spyware:Spyware/ISTbar No disinfected Windows Registry
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Betting.lnk
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected J:\WINDOWS\inf\farmmext.inf
Adware:Adware/SideFind No disinfected J:\Program Files\SideFind
Adware:Adware/EliteBar No disinfected J:\Documents and Settings\Administrator\Favorites\Casino & Carrers
Adware:Adware/ExactSearch No disinfected Windows Registry
Spyware:Spyware/YourSiteBar No disinfected J:\Program Files\YourSiteBar
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Betting.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Casino Palace.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Casino.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Games.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Fun & Games\Horoscope.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Going Places\Air Tickets.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Going Places\Car Rentals.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Going Places\Hotel Deals.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Going Places\Luggage.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Going Places\Travel.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Living\Dating.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Living\Find a Degree.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Living\Find a job.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Living\Home.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Living\Insurance.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Auctions.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Books.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Computers.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Discount.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Flowers.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Golf.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Jewelry.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Movies.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Music.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Online Store.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Perfume.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Shop\Sleepwear.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Technology\Adware Remover.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Technology\Anti-Virus.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Technology\PC Cleaner.lnk
Adware:Adware/CWS No disinfected J:\Documents and Settings\Administrator\Favorites\Technology\Tech & gadgets.lnk
Adware:Adware/Transponder No disinfected J:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\678RATCV\svcproc[1].exe
Adware:Adware/Transponder No disinfected J:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8FL7VN26\DrPMon[1].dll
Adware:Adware/Transponder No disinfected J:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8HYNG1EN\Poller[1].exe
Adware:Adware/Transponder No disinfected J:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GH6V4LMZ\Nail[1].exe
Adware:Adware/IPInsight No disinfected J:\WINDOWS\farmmext.ini
Spyware:Spyware/BetterInet No disinfected J:\WINDOWS\inf\ceres.inf
Adware:Adware/IPInsight No disinfected J:\WINDOWS\inf\farmmext.inf
Adware:Adware/Transponder No disinfected J:\WINDOWS\Nail.exe
Adware:Adware/Transponder No disinfected J:\WINDOWS\svcproc.exe
Adware:Adware/Transponder No disinfected J:\WINDOWS\system32\cgkmcv.exe
Adware:Adware/Transponder No disinfected J:\WINDOWS\system32\DrPMon.dll
Virus:Application/Restart No disinfected J:\WINDOWS\system32\Tools\Restart.exe
EWIDO SCAN RESULTS
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:18:46 AM, 5/16/2005
+ Report-Checksum: E543D657
+ Date of database: 5/16/2005
+ Version of scan engine: v3.0
+ Duration: 42 min
+ Scanned Files: 30665
+ Speed: 12.01 Files/Second
+ Infected files: 18
+ Removed files: 18
+ Files put in quarantine: 18
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: No
+ Scanned items:
J:\
+ Scan result:
J:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
J:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
J:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
J:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
J:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind -> Cleaned with backup
J:\WINDOWS\.exe -> Spyware.BetterInternet -> Cleaned with backup
J:\WINDOWS\Buddy.exe -> Spyware.BetterInternet -> Cleaned with backup
J:\WINDOWS\ceres.dll -> Spyware.BetterInternet -> Cleaned with backup
J:\WINDOWS\farmmext.exe -> Spyware.ConsCorr -> Cleaned with backup
J:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
J:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
J:\WINDOWS\system32\aim.exe -> Backdoor.SdBot -> Cleaned with backup
J:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
J:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
J:\WINDOWS\system32\jmlmmn.exe -> Trojan.Agent.cp -> Cleaned with backup
J:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
J:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
J:\WINDOWS\ucmoreiex.exe -> Spyware.Ucmore.a -> Cleaned with backup
::Report End
any help is apprecieated,
Thank you in advance.