---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:11:23 PM, 8/16/2005
+ Report-Checksum: EE5AD883
+ Scan result:
C:\Documents and Settings\Administrator.JESSICA-70EUVVW\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator.JESSICA-70EUVVW\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\iprn\otra.exe -> TrojanDownloader.PurityScan.w : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDropper.VB.cd : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\kl.exe -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\lxwvbov.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ms1.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\ms2.exe -> TrojanDropper.Microjoin : Cleaned with backup
C:\WINDOWS\ms3.exe -> Backdoor.Small.gv : Cleaned with backup
C:\WINDOWS\svchost.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\sys2253.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2254.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5231.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5235.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5236.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5242.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system\Loader.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\abc.exe -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\system32\abirvalg32.dll -> TrojanProxy.Small.cn : Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\WINDOWS\system32\cz.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\system32\dmprc.exe -> Trojan.Small.fb : Cleaned with backup
C:\WINDOWS\system32\drct16.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\system32\hz.sys -> Backdoor.Haxdoor : Cleaned with backup
C:\WINDOWS\system32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\msnethlp32.dll -> TrojanProxy.Mitglieder.dq : Cleaned with backup
C:\WINDOWS\system32\msnethlp32.exe -> TrojanProxy.Mitglieder.dq : Cleaned with backup
C:\WINDOWS\system32\msudp4.sys -> TrojanSpy.Goldun.bf : Cleaned with backup
C:\WINDOWS\system32\mszx23.exe -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\system32\newdial.exe -> Trojan.Qhost.n : Cleaned with backup
C:\WINDOWS\system32\paydial.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\paytime.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\symcsvc.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\tibs.exe -> TrojanDownloader.Small.mx : Cleaned with backup
C:\WINDOWS\system32\vdmt16.sys -> Backdoor.Haxdoor : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\vxgame3.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\system32\vxgame4.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.l : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq5.exe -> TrojanDownloader.Small.awa : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\system32\winacpi.dll -> TrojanProxy.Cimuz.z : Cleaned with backup
C:\WINDOWS\system32\winlow.sys -> Backdoor.Haxdoor.cg : Cleaned with backup
C:\WINDOWS\system32\wz.sys -> Backdoor.Haxdoor.cg : Cleaned with backup
C:\WINDOWS\system32\~update.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Renos.l : Cleaned with backup
C:\WINDOWS\tool3.exe -> TrojanProxy.Mitglieder.dq : Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\winld32.dll -> TrojanDownloader.Small.anu : Cleaned with backup
::Report End
-----------------------------
smitRem log file
version 2.3
by noahdfear
The current date is: Tue 08/16/2005
The current time is: 16:26:37.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
---------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:15:37 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hispeed.rogers.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hispeed.rogers.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co....cab?10,0,910,0O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
Note: Panda ActiveScan didn't work because I don't have ActiveX controls.