Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:59 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Kontiki\KService.exe
C:\windows\system32\libusbd-nt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Documents and Settings\MARIO\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080507 serial=--------------------------- lang=EN
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: my.ebay.com
O15 - Trusted Zone: www.ebay.com
O15 - Trusted Zone: www.lowes.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\windows\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\windows\system32\libusbd-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 8450 bytes
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:16:32 PM 7/25/2007
+ Scan result:
C:\Xnews\downloads\today\350_plugins_TC.part01.rar/350_plugins_TC\wfx\wfx\wfx_MS_SQL 1.3.0\crsqlwfx.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\hijackthis\backups\backup-20070120-100359-496.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\hijackthis\backups\backup-20070120-111938-824.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\winnmsn.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
G:\NewsLeech downloads\downloads\alt.binaries.warez.ibm-pc.0-day\Webcam.Zone.Trigger.v1.8.Cracked-F4CG.part2.rar/Webcam.Zone.Trigger.v1.8.Cracked-F4CG\ZoneTrigger.exe -> Dropper.Agent.bv : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\iepv.zip/iepv.exe -> Dropper.Agent.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Hobby Projects\Radio Codes2 and DVD Unlocking Codes\radio-decode-softwares.zip/Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe -> Dropper.Small.gn : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Hobby Projects\Radio Codes2 and DVD Unlocking Codes\radio-decode-softwares\Radio Decode Package\Blaupunkt\Blaupunkt v1.0.exe -> Dropper.Small.gn : Cleaned with backup (quarantined).
G:\downloads\VARIOUS\o-n6316a.zip/Keygen.exe -> Hijacker.Befins.b : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20-RCAPDA.rar/Resco.Audio.Recorder.v3.20-RCAPDA\Resco Audio Recorder v3.20.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA.rar/Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627.zip/keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627.zip/keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627\keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627\keygen\keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.21.RCAPDA.KeyGen.rar/Resco.Audio.Recorder.v3.21.RCAPDA.KeyGen\Resco.Audio.Recorder.v3.21.RCAPDA.Keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\mailpv.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\pstpassword.zip/PstPassword.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.a : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\netpass.zip/netpass.exe -> Not-A-Virus.PSWTool.Win32.NetPass.b : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\netscapass.zip/Netscapass.exe -> Not-A-Virus.PSWTool.Win32.NetScaPass.a : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\pspv.zip/pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.b : Cleaned with backup (quarantined).
C:\!KillBox\wingfo32.dll -> Proxy.Agent.lu : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.20:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.30:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.31:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.16:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.17:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.45:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.98:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\MARIO\Application Data\BitTorrent\incomplete\435c242a-d87c\keygen\keygen.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
G:\downloads\i-iwhc01.zip/iNFECTED.rar/patch_webextra.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Axim\PPC Progs\GpsGate\gpsgatev1.03bforwindows.patchfff.zip/GPSGATE.1.03B.FOR.WINDOWS._REGFILE-FFF.RAR/Regpatch.exe -> Trojan.Regpat.a : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wnsapisv.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
