0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:59 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Kontiki\KService.exe
C:\windows\system32\libusbd-nt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Documents and Settings\MARIO\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080507 serial=--------------------------- lang=EN
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: my.ebay.com
O15 - Trusted Zone: www.ebay.com
O15 - Trusted Zone: www.lowes.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\windows\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\windows\system32\libusbd-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 8450 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:16:32 PM 7/25/2007
+ Scan result:

C:\Xnews\downloads\today\350_plugins_TC.part01.rar/350_plugins_TC\wfx\wfx\wfx_MS_SQL 1.3.0\crsqlwfx.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\hijackthis\backups\backup-20070120-100359-496.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\hijackthis\backups\backup-20070120-111938-824.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\winnmsn.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
G:\NewsLeech downloads\downloads\alt.binaries.warez.ibm-pc.0-day\Webcam.Zone.Trigger.v1.8.Cracked-F4CG.part2.rar/Webcam.Zone.Trigger.v1.8.Cracked-F4CG\ZoneTrigger.exe -> Dropper.Agent.bv : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\iepv.zip/iepv.exe -> Dropper.Agent.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Hobby Projects\Radio Codes2 and DVD Unlocking Codes\radio-decode-softwares.zip/Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe -> Dropper.Small.gn : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Hobby Projects\Radio Codes2 and DVD Unlocking Codes\radio-decode-softwares\Radio Decode Package\Blaupunkt\Blaupunkt v1.0.exe -> Dropper.Small.gn : Cleaned with backup (quarantined).
G:\downloads\VARIOUS\o-n6316a.zip/Keygen.exe -> Hijacker.Befins.b : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20-RCAPDA.rar/Resco.Audio.Recorder.v3.20-RCAPDA\Resco Audio Recorder v3.20.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA.rar/Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627.zip/keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627.zip/keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627\keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\Resco.Audio.Recorder.v3.20.ARM.PPC.incl.Keygen-RCAPDA\r-000627\keygen\keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
G:\Freeware\Resco.Audio.Recorder.v3.21.RCAPDA.KeyGen.rar/Resco.Audio.Recorder.v3.21.RCAPDA.KeyGen\Resco.Audio.Recorder.v3.21.RCAPDA.Keygen.rar/keygen.exe -> Logger.ProAgent.t : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\mailpv.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\pstpassword.zip/PstPassword.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.a : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\netpass.zip/netpass.exe -> Not-A-Virus.PSWTool.Win32.NetPass.b : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\netscapass.zip/Netscapass.exe -> Not-A-Virus.PSWTool.Win32.NetScaPass.a : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Nice Little Programs that fit on a USB Drive\pspv.zip/pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.b : Cleaned with backup (quarantined).
C:\!KillBox\wingfo32.dll -> Proxy.Agent.lu : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.20:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.30:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.31:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.16:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.17:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.44:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.45:C:\Documents and Settings\MARIO\Application Data\Mozilla\Profiles\default\a9i10q7l.slt\cookies.txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.98:C:\Documents and Settings\MARIO\Application Data\Mozilla\Firefox\Profiles\g4sx4sg2.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\MARIO\Cookies\mario@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\MARIO\Application Data\BitTorrent\incomplete\435c242a-d87c\keygen\keygen.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
G:\downloads\i-iwhc01.zip/iNFECTED.rar/patch_webextra.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\Documents and Settings\MARIO\Desktop\DESKTOP FOLDERS\Axim\PPC Progs\GpsGate\gpsgatev1.03bforwindows.patchfff.zip/GPSGATE.1.03B.FOR.WINDOWS._REGFILE-FFF.RAR/Regpatch.exe -> Trojan.Regpat.a : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wnsapisv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

2
Contributors
8
Replies
9
Views
10 Years
Discussion Span
Last Post by crunchie
0

So,far it seems to be okay.
Initially it was slowing down my computer with activity when not doing anything online. Noticed something about accessing a proxy which alerted me.

I was getting some warnings on ZA about Entriq Mediasphere, but after running SB, AVG, and now uninstalling it, it's seems okay.
Also had something called Kontiki running.
Removed this last and rebooted and it's appears gone.

I'll keep and eye on everything to see if anything comes back.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.