Ewido 1:
+ Created on: 2:06:30 AM, 9/24/2005
+ Report-Checksum: 53FE2C52
+ Scan result:
C:\WINDOWS\system32\mllmj.dll -> Trojan.Crypt.o : Cleaned with backup
C:\Documents and Settings\Renee LaRosa\Cookies\renee larosa@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
::Report End
Ewido 2:
+ Created on: 3:45:32 PM, 9/24/2005
+ Report-Checksum: ACE1D530
+ Scan result:
C:\WINDOWS\system32\mllmj.dll -> Trojan.Crypt.o : Cleaned with backup
::Report End
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 3:13:55 PM, on 9/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Renee LaRosa\My Documents\Downloads\Spyware Scans\Geekstogo\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 193.108.95.97 a1204.g.akamai.net
O1 - Hosts: 207.126.123.20 adoption.about.com
O1 - Hosts: 136.148.6.248 archive.museophile.org
O1 - Hosts: 65.167.9.28 browse.barnesandnoble.com
O1 - Hosts: 66.129.67.102 channel9.msdn.com
O1 - Hosts: 67.19.38.148 hallromance.com
O1 - Hosts: 207.235.5.52 hardtofindbooks.com
O1 - Hosts: 216.77.188.41 home.bellsouth.net
O1 - Hosts: 63.209.52.86 images-eu.amazon.com
O1 - Hosts: 216.57.205.41 learn.serebra.com
O1 - Hosts: 209.136.7.65 mccpl.lib.al.us
O1 - Hosts: 205.180.85.40 media.fastclick.net
O1 - Hosts: 207.234.156.33 midiworld.com
O1 - Hosts: 69.20.118.58 officedepot.crossmediaservices.com
O1 - Hosts: 143.166.224.180 outlet.us.dell.com
O1 - Hosts: 64.233.187.104 pagead2.googlesyndication.com
O1 - Hosts: 216.73.89.41 preferences.email.bn.com
O1 - Hosts: 216.239.115.141 reviews.cnet.com
O1 - Hosts: 208.237.178.123 search.barnesandnoble.com
O1 - Hosts: 207.241.148.80 southernfood.about.com
O1 - Hosts: 64.85.22.120 sqljunkies.com
O1 - Hosts: 66.70.36.11 www.allbookstores.com
O1 - Hosts: 207.171.163.32 www.amazon.ca
O1 - Hosts: 207.171.166.149 www.amazon.co.uk
O1 - Hosts: 207.171.175.29 www.amazon.com
O1 - Hosts: 63.240.84.73 www.audible.com
O1 - Hosts: 69.93.142.42 www.audiblesavvy.com
O1 - Hosts: 212.58.235.182 www.audiobookcollection.com
O1 - Hosts: 69.93.203.2 www.audiobookdeals.com
O1 - Hosts: 69.43.132.50 www.audiobooks.com
O1 - Hosts: 65.167.9.21 www.barnesandnoble.com
O1 - Hosts: 69.45.79.9 www.bestbuy.com
O1 - Hosts: 66.186.18.10 www.bestwebbuys.com
O1 - Hosts: 198.77.206.100 www.bhphotovideo.com
O1 - Hosts: 170.171.249.31 www.booksontape.com
O1 - Hosts: 38.115.177.160 www.bookwire.com
O1 - Hosts: 205.217.72.100 www.brillianceaudiobooks.com
O1 - Hosts: 84.53.144.144 www.buy.com
O1 - Hosts: 170.20.0.25 www.cbs.com
O1 - Hosts: 66.224.47.132 www.cbtnuggets.com
O1 - Hosts: 212.58.235.172 www.chivers.co.uk
O1 - Hosts: 198.5.148.3 www.circuitcity.com
O1 - Hosts: 66.216.120.39 www.comehearbooks.com
O1 - Hosts: 12.148.247.41 www.crockpot.com
O1 - Hosts: 64.82.99.178 www.digitalcameradepot.com
O1 - Hosts: 208.223.104.55 www.dignitymemorial.com
O1 - Hosts: 63.241.170.70 www.hsn.com
O1 - Hosts: 216.177.233.162 www.inetsupermall.com
O1 - Hosts: 204.2.104.49 www.inksolution.net
O1 - Hosts: 69.20.16.230 www.jofbusiness.biz
O1 - Hosts: 209.126.231.168 www.journalsandbooks.com
O1 - Hosts: 198.175.228.193 www.ktb.net
O1 - Hosts: 168.103.247.113 www.lclsonline.org
O1 - Hosts: 205.158.154.24 www.letstalkbooks.org
O1 - Hosts: 66.226.64.13 www.lobbystore.com
O1 - Hosts: 67.96.18.80 www.mem.com
O1 - Hosts: 216.239.115.137 www.mp3.com
O1 - Hosts: 62.93.193.21 www.nero.com
O1 - Hosts: 206.129.139.246 www.newandusedbooks.com
O1 - Hosts: 66.163.161.45 www.neworleansshowcase.com
O1 - Hosts: 206.251.189.200 www.obesityhelpevents.com
O1 - Hosts: 205.157.102.30 www.officedepot.com
O1 - Hosts: 69.28.204.232 www.officesuppliesnow.com
O1 - Hosts: 209.68.63.122 www.online-shopping-help.com
O1 - Hosts: 204.3.218.3 www.overnightinkjets.com
O1 - Hosts: 67.110.105.200 www.overstock.com
O1 - Hosts: 63.146.189.101 www.preplogic.com
O1 - Hosts: 64.156.13.20 www.pricegrabber.com
O1 - Hosts: 69.20.62.201 www.pricewatch.com
O1 - Hosts: 167.23.9.2 www.quixtar.com
O1 - Hosts: 170.171.252.12 www.randomhouse.com
O1 - Hosts: 65.61.165.229 www.recordedbooks.com
O1 - Hosts: 12.148.247.42 www.rivalproducts.com
O1 - Hosts: 161.165.200.20 www.samsclub.com
O1 - Hosts: 66.150.51.164 www.searchfeed.com
O1 - Hosts: 81.29.75.140 www.seasidekaraoke.co.uk
O1 - Hosts: 199.106.238.242 www.selftestsoftware.com
O1 - Hosts: 204.248.22.156 www.sessolutions.com
O1 - Hosts: 216.10.104.217 www.shop.com
O1 - Hosts: 63.240.226.111 www.simonsays.com
O1 - Hosts: 69.28.238.99 www.simplyaudiobooks.com
O1 - Hosts: 66.39.51.78 www.sleevetown.com
O1 - Hosts: 161.58.186.93 www.stacksandstacks.com
O1 - Hosts: 170.37.16.51 www.staples.com
O1 - Hosts: 207.171.163.31 www.target.com
O1 - Hosts: 204.92.117.18 www.theinkpros.com
O1 - Hosts: 199.106.238.222 www.transcender.com
O1 - Hosts: 198.175.228.89 www.truthorfiction.com
O1 - Hosts: 64.224.98.68 www.univenture.com
O1 - Hosts: 208.187.218.180 www.veniproducts.com
O1 - Hosts: 161.170.254.20 www.walmart.com
O1 - Hosts: 143.166.83.38 www1.us.dell.com
O1 - Hosts: 69.43.132.53 www3.payperlisten.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\mllmj.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Renee LaRosa\Desktop\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://inputenterpr...ent/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?322
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe