Logfile of HijackThis v1.99.1
Scan saved at 11:20:10 PM, on 10/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
d:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvctrl.exe
C:\WINNT\system32\mssearchnet.exe
D:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
D:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Documents and Settings\Gene Day.GENE-A614A0E0BB\Desktop\antivirusSoftware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINNT\system32\hpE847.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - d:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [pccguide.exe] "d:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "d:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "d:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = D:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://d:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://d:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://d:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://d:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - d:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - d:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
ActiveScan:
Incident Status Location
Adware:Adware/PsGuard No disinfected C:\WINNT\system32\intell32.exe
Adware:adware/securityerror No disinfected C:\WINNT\system32\mssearchnet.exe
Adware:Adware/PsGuard No disinfected C:\WINNT\system32\OLEEXT.dll
Adware:adware/securityerror No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS.WINNT\START MENU\Online Security Center.url
Adware:adware/sidestep No disinfected C:\Documents and Settings\Gene Day.GENE-A614A0E0BB\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
Adware:adware/psguard No disinfected C:\WINNT\SYSTEM32\intell32.exe
Spyware:spyware/smitfraud No disinfected C:\WINNT\SYSTEM32\oleext.dll
Adware:adware/sidesearch No disinfected C:\Documents and Settings\Gene Day.GENE-A614A0E0BB\Application Data\Lycos
Adware:adware/savenow No disinfected Windows Registry
Dialer:Dialer.NO No disinfected C:\Documents and Settings\Gene Day.GENE-A614A0E0BB\Local Settings\Temporary Internet Files\Content.IE5\DHBRTSY9\gdnUS2218[1].exe
Adware:Adware/PsGuard No disinfected C:\WINNT\system32\intell32.exe
Adware:Adware/PsGuard No disinfected C:\WINNT\system32\oleext.dll
Virus:W32/Smitfraud.D Disinfected C:\WINNT\system32\wininet.old