---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:10:06 PM, 7/6/2005
+ Report-Checksum: F5CC6A7A
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A01394EE-8B14-B1D4-AE65-22E7424A71D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta
[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\adddf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:txoxkv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ipjk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntsautodial.ini:bcdjfc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:tdvozm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setuplog.txt:kpzyug -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addla.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apirq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cruu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\dsjrq.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\iegs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieqm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntuv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\oanzm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\syscp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysna.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vbaddin.ini:mrhiqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\win.ini:frznkq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:dlbmsb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wincp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\zebvl.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default.pif:bzwspe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:feliq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fxmlo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:uaoxjg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:uxjden -> Trojan.Agent.bi : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 2:35:28 AM, on 7/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Panetta Family\Desktop\Security\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zebvl.dll/sp.html#73077
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zebvl.dll/sp.html#73077
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC91388-6832-49F3-9543-6C83F3F0B132}: NameServer = 206.47.244.91 206.47.244.14
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winpm.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
thanks for the help, but for some reason I can't use norton yet and when I tired to update with live update it couldnt get the new definitons for internet worms