Logfile of HijackThis v1.99.1
Scan saved at 3:46:37 PM, on 5/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cox.net/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.lexmark.c...0409&os=5&src=1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [sgx] C:\WINDOWS\System32\sgx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:05:26 AM, 5/22/2005
+ Report-Checksum: 50CBCC79
+ Date of database: 5/22/2005
+ Version of scan engine: v3.0
+ Duration: 39 min
+ Scanned Files: 71867
+ Speed: 30.42 Files/Second
+ Infected files: 20
+ Removed files: 11
+ Files put in quarantine: 11
+ Files that could not be opened: 0
+ Files that could not be cleaned: 9
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@90594700[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\DrTemp\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> Spyware.ImiBar.d -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD4.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD5.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\bnpynandw30102lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\tvpxbsp.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\vtbuejqhm.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
::Report End