Logfile of HijackThis v1.99.1
Scan saved at 4:27:54 PM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PestPatrol\PPMemCheck.exe
C:\PestPatrol\PPControl.exe
C:\PestPatrol\CookiePatrol.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Mom\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsm6B.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmldfw.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PPMemCheck] C:\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.shockwave.com/content/ricoch ... Loader.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyw ... der_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Pest Patrol Log
Scan of 03/20/2006 4:19:57 PM
Pests found: 6
Area scanned: C:
Volume Name:
File System Name: NTFS
Volume Serial No: 1680960057
Windows Version: Windows XP
Product Edition: Corporate
PestPatrol.exe: 12/27/2004 4.4.4.81
PPClean.exe: 03/17/2006 4.5.9.156
Pest Database: 03/17/2006
PestPatrolCL.exe: 12/15/2004 4.4.4.80
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Michael\Local Settings\Temp\mndcntas.tmp PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 02/12/2006 12:09:04 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Low. Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Mom\Local Settings\Temp\mndcntas.tmp PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 03/16/2006 7:17:16 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Low. Advice: Delete
Action: Ignored
~~~
Pest: TrafficSector
Pest Info: Category: Browser Helper Object Author: http://www.trafficsector.com Release Date: 1/1/2005 0:00:00 Background Info: Click here
File Info: In File: C:\Documents and Settings\Mom\Local Settings\Temp\ts_b2search_0303.exe PVT: -636158537 MD5: 34cb9354f1d9d98ed6ed629c8e6408e0 Date: 03/17/2006 12:59:44 AM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irismon.dll PVT: 1679581175 MD5: 34b2b0f264ebfcbb379dba8ff75d681c Date: 03/16/2006 7:17:12 PM Company Name: File Description: irismon dll File Version: 1, 14, 0, 1 Internal Name: irismon.dll Legal Copyright: Copyright © 2005 Original Filename: irismon.dll Product Version: 1, 14, 0, 0 File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irsmldfw.dll PVT: 912569897 MD5: 1fed856606b6cd003b4f95f23f97129c Date: 03/16/2006 7:17:14 PM File Description: RieMon Module File Version: 2, 18, 0, 3 Internal Name: RieMon Legal Copyright: RieMon LLC, Copyright 2005 Original Filename: RieMon.DLL Product Name: RieMon Module Product Version: 2, 18, 0, 0 File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~
Pest: SafeSurfing
Pest Info: Category: Key Logger Release Date: 6/9/2005 0:00:00 Background Info: Click here
File Info: In File: C:\WINDOWS\system32\irssyncd.exe PVT: 1980470481 MD5: 03f45e0b9f6a90cd604e4a511112eff2 Date: 03/16/2006 7:17:16 PM File Analysis: Look up with MD5 (recommended) or PVT.
Certainty: Confirmed Threatens: Confidentiality, Integrity, Availability, Liability Risk: Moderate - this file can be executed! Advice: Delete
Action: Ignored
~~~