here it is Logfile of HijackThis v1.99.1
Scan saved at 10:32:43 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\windows\system32\upbipf.exe
C:\Documents and Settings\armgame\Desktop\New Folder (2)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://copart.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [bqmlnqk] c:\windows\system32\upbipf.exe r
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:27:37 PM, 6/27/2005
+ Report-Checksum: 74BF67F2
+ Date of database: 6/28/2005
+ Version of scan engine: v3.0
+ Duration: 17 min
+ Scanned Files: 49344
+ Speed: 46.25 Files/Second
+ Infected files: 49
+ Removed files: 49
+ Files put in quarantine: 49
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\armgame\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\armgame@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\armgame@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\armgame@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\armgame@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\armgame\Desktop\New Folder (2)\backups\backup-20050626-163612-505.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\Documents and Settings\armgame\Local Settings\Temporary Internet Files\Content.IE5\2L0PA5GL\abiuninst[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\armgame\Local Settings\Temporary Internet Files\Content.IE5\2L0PA5GL\Poller[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\armgame\Local Settings\Temporary Internet Files\Content.IE5\7588D7BL\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\armgame\Local Settings\Temporary Internet Files\Content.IE5\7588D7BL\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\armgame\Local Settings\Temporary Internet Files\Content.IE5\DDFNAW2T\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GH0J2L4N\tct101[1].dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I12345OP\nem220[1].dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O789ATUD\DrPMon[2].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0ED3EAC6-21DA-42D9-AC44-400FC8\C2E093EB-3B0A-45A5-9B0F-CFF8A5 -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7CDBB0FB-53AF-4278-88C8-C18693\4C908681-335F-402B-A4BE-157FF2 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8215985B-3245-45C3-9BC9-F7BCBA\ABB3AA65-DAE5-4CFA-BA21-C90652 -> Spyware.180Solutions -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C300FDD1-9E27-446E-8344-56C393\AD322D06-52EC-480E-BE3B-03E0EA -> Spyware.180Solutions -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C708E932-CB8B-44DA-8612-FA64E4\4B30AA8B-9CFF-4701-9FA4-E3E08D -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EF239E4F-538E-4226-8E61-015E74\F16B1B0B-F5A9-49ED-9CDA-6AA104 -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\WINDOWS\lsass.exe -> Backdoor.SdBot.xd -> Cleaned with backup
C:\WINDOWS\qcwsjtpccju.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k -> Cleaned with backup
C:\WINDOWS\system32\rwmuumm.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\service.exe -> Backdoor.RBot.Generic -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\Temp\Del12.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\WINDOWS\Temp\Del28.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res10.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res11.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res12.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res13.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res5.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res6.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res7.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res8.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\res9.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\resB.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\resC.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\resD.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\resE.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\Temp\resF.tmp -> Spyware.180Solutions -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
::Report End
I don't think it fixed it because when eidos is on in normal mode it keeps asking to clean something and that keeps happening
Edited by hamik, 27 June 2005 - 11:36 PM.