Logfile of HijackThis v1.99.1
Scan saved at 1:01:53 AM, on 10/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\devldr32.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Ramjjjsg] C:\Program Files\Arnrvtb\Iqrs.exe
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\System32\clubbox.exe" -l
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c420.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102396117627
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartph...x/PCAXSetup.cab?
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:59:03 PM, 09/08/2005
+ Report-Checksum: C7FA24B1
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-6CB0-410C-8C3D-8FA8D2011D0A} -> Spyware.iMesh : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CABCF5E7-0C79-4F1C-909D-B9CF68FED746} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{DB9A4E78-35DF-4A54-B6C5-C5190CEAF949} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WSG.WSGObj\Clsid -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\system32\LogFiles\A7151400.so -> TrojanDropper.Agent.ns : Cleaned with backup
C:\WINDOWS\system32\ole32vbs.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\intmon.exe -> Trojan.Puper.af : Cleaned with backup
C:\WINDOWS\sc22dppt.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\All Users\Documents\arun.exe -> Trojan.Zapchast : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP254\A0013604.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP254\A0013605.dll -> Trojan.Puper.ah : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP254\A0013606.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015004.DLL -> Trojan.Puper.ah : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015024.dll -> Trojan.Agent.ff : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015025.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015026.EXE -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015040.dll -> Trojan.Puper.ah : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015047.dll -> Trojan.Puper.ah : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015051.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015052.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP260\A0015053.EXE -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP243\A0013517.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP243\A0013522.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP244\A0013535.exe -> Trojan.Puper.ag : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP244\A0013536.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP244\A0013545.exe -> Trojan.Favadd.af : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP244\A0013546.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP244\A0013555.exe -> Trojan.Agent.fw : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP251\A0013591.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP251\A0013592.exe -> Trojan.Small.eu : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014603.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014604.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014609.dll -> Trojan.Puper.ah : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014709.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014710.exe -> Trojan.Puper.af : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014711.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014714.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014736.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014737.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014741.exe -> Trojan.Puper.ag : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014747.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014748.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{0C9B3F14-A712-449B-9377-4AD7F0BD0382}\RP258\A0014751.EXE -> Spyware.WebSearch : Cleaned with backup
::Report End