---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:07:31 PM, 10/13/2005
+ Report-Checksum: F64B7B6A
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9089CD5A-7A59-BC2F-2240-3F5977337B7C}\bjuddajQusybj -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19EBCBE0-9245-4397-BC5D-883D34782043}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27C4569F-8728-4958-A920-A607CAE8153C}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{397A208B-3D09-4B3E-93E8-CA171886612E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3C1A06CC-3981-4DB9-B5B6-B4B8ECB1D7F2}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4921DB9C-64EA-430A-ABD2-D016DB5A0AC4}\ProxyStubClsid32\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8D5C4EC6-AF8E-4B85-BA27-64BABE410510}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8E98FAF8-794F-47F9-AF90-15305564ED81}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF15975B-1498-4740-8E6C-90AF78E4198C}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC8C2E5F-D8B4-4997-BCE3-8775C3707956}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F814BE58-1BF9-4B50-829A-E889F86127AD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbHostIE.Bho\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbHostIE.Bho.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbSrv.CoreServices\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbSrv.CoreServices.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbToolbar.HtmlMenuUI\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbToolbar.HtmlMenuUI.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerConfig.Application.1\Clsid\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerUtility.CommBand\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerUtility.CommBand.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1101.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/HDPlugin1101.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/Install.dll\\.Owner -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1101.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1101.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-3307217056-1421531899-4282951562-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-3307217056-1421531899-4282951562-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-3307217056-1421531899-4282951562-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-3307217056-1421531899-4282951562-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
[1600] C:\WINDOWS\System32\jаvaw.exe -> Spyware.PurityScan : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ifaaqkpd.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ifaaqkpd.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ifaaqkpd.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ifaaqkpd.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDKHYB0D\alien[1].cab/mm81.ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx -> TrojanDropper.Agent.or : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\frfnyw.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\jаvaw.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\orrooaeg06.dll -> TrojanDownloader.Lastad.r : Cleaned with backup
::Report End
And here's the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:00:45 PM, on 10/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Washer\washer.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis-1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8368EE70-4C9A-475F-B900-582F5103A99D} - C:\WINDOWS\System32\msqr.dll (file missing)
O2 - BHO: (no name) - {9B2A3C1D-A48A-DF5A-D507-FAADAECC75C1} - C:\WINDOWS\System32\frfnyw.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [huwqog] c:\windows\system32\mpbaefg.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\RunServices: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Pdx] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\RegClean.exe"
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.185.246
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEDB6924-CB64-4F0F-9C55-3588A7C7563F}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5F19C31-8A03-46F2-9183-AE3E1AC42A7C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.166.94,69.31.80.244
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Thans for any and all help!