Scan saved at 3:14:22 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ojarbl.exe
C:\Documents and Settings\Nelson\Desktop\HJT\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ojarbl.exe reg_run
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:35:32 PM, 7/21/2005
+ Report-Checksum: 2315026D
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3289478746-3866634482-3106427759-1010\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3289478746-3866634482-3106427759-1010\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3289478746-3866634482-3106427759-1010\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
C:\Documents and Settings\Graciela\Cookies\graciela@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\nelson@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nelson\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/AZHPRXY.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/CIMDLG32.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/ciyptui.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/ICETCFG.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/muxml4r.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Nelson\Desktop\l2mfix\backup.zip/SZXCOINS.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00006797.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00006815.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00006819.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00006821.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00006941.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007134.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007136.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007159.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007380.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\NPROTECT\00007381.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\NPROTECT\00007382.TXT -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\NPROTECT\00007483.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007484.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007485.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00007517.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\dvqjiv.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
::Report End