Logfile of HijackThis v1.99.1
Scan saved at 8:03:15 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Documents and Settings\Mudds\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.c...ers/p365vip.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topcon...vex/website.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0029.exe
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
And here is my Ewido security log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:19:48 PM, 6/5/2005
+ Report-Checksum: A4180AF6
+ Date of database: 6/5/2005
+ Version of scan engine: v3.0
+ Duration: 84 min
+ Scanned Files: 59505
+ Speed: 11.79 Files/Second
+ Infected files: 33
+ Removed files: 30
+ Files put in quarantine: 30
+ Files that could not be opened: 0
+ Files that could not be cleaned: 3
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ddcc.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
C:\Documents and Settings\Mudds\Local Settings\Temp\DelF5.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Mudds\Local Settings\Temp\f39812487.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\Documents and Settings\Mudds\Local Settings\Temp\tp7543.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\Documents and Settings\Mudds\Local Settings\Temporary Internet Files\Content.IE5\SPMJC5AR\website[1].ocx -> TrojanDownloader.Agent.ex -> Cleaned with backup
C:\Documents and Settings\Mudds\My Documents\SmileyCentralSetup2.0.3.20.exe -> Spyware.MyWebSearch -> Cleaned with backup
C:\Documents and Settings\Mudds\Shared\kgnsw.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Documents and Settings\Mudds\Shared\Norton.System.Works.2005.Incl.Keygen-SSG.rar/kgnsw.exe -> Spyware.Hijacker.Generic -> Error during cleaning
C:\WINDOWS\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\dbccgvgeitv.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\m67m.ocx -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\m67m.ocx -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex -> Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\shop1004.exe -> Spyware.Sahat.m -> Cleaned with backup
C:\WINDOWS\stubinstaller5356.exe -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\WINDOWS\stubinstaller5975.exe -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll_tobedeleted -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\system32\elitegvm32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitehmu32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitemoj32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitenzh32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch -> Cleaned with backup
C:\WINDOWS\system32\kptkef.exe -> Spyware.Adstart.b2 -> Cleaned with backup
C:\WINDOWS\system32\nugruf.exe -> Spyware.Adstart.b2 -> Cleaned with backup
C:\WINDOWS\system32\qqyyk.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\rraapp.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
::Report End