==========
Hijack This
==========
Logfile of HijackThis v1.99.1
Scan saved at 6:29:45 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative....015/CTSUEng.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zon...ry/ZAxRcMgr.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...aploader_v6.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
==========
Ewido Scan
==========
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:23:50 PM, 10/18/2005
+ Report-Checksum: 68ED2ABC
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rrin.exe -> Trojan.Pakes : Cleaned without backup
:mozilla.8:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned without backup
:mozilla.22:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.28:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.32:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.42:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.44:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.46:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.47:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.48:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.49:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.50:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
:mozilla.52:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.53:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned without backup
:mozilla.54:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned without backup
:mozilla.55:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned without backup
:mozilla.59:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.60:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.61:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.63:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.64:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.86:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.87:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.88:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.89:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\dr521u3b.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\
[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Brandon\Cookies\brandon@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned without backup
C:\WINDOWS\system32\ddiana.exe -> Trojan.Pakes : Cleaned without backup
C:\WINDOWS\system32\ddmbcbr.exe -> Trojan.Pakes : Cleaned without backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned without backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned without backup
C:\WINDOWS\system32\wwkpq.dat -> Trojan.Pakes : Cleaned without backup
::Report End