Diane
Incident Status Location
Adware:adware/comet Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/Owner/Cookies/[email protected][2].txt]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@azjmp[1].txt.dat[Documents and Settings/Owner/Cookies/owner@azjmp[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@belnk[1].txt.dat[Documents and Settings/Owner/Cookies/owner@belnk[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@belnk[2].txt.dat[Documents and Settings/Owner/Cookies/owner@belnk[2].txt]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@bravenet[1].txt.dat[Documents and Settings/Owner/Cookies/owner@bravenet[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.dat[Documents and Settings/Owner/Cookies/[email protected][1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.dat[Documents and Settings/Owner/Cookies/[email protected][2].txt]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@xiti[1].txt.dat[Documents and Settings/Owner/Cookies/owner@xiti[1].txt]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@xiti[2].txt.dat[Documents and Settings/Owner/Cookies/owner@xiti[2].txt]
Spyware:Cookie/Yadro Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@yadro[1].txt.dat[Documents and Settings/Owner/Cookies/owner@yadro[1].txt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:38 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
= http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://www.security2...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class -
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program
files\mcafee.com\mps\mcbrhlpr.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
- c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adorons Easy Security -
{F2570A0D-001D-477D-93D1-D05EF5EB95CD} - C:\Program
Files\Adorons\Adorons Easy Security\ETB.dll
O3 - Toolbar: McAfee VirusScan -
{BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital
Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder]
"C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software
Group\SpyHunter\SpyHunter.exe -scan
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program
Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program
Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe]
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart
11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter
Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSP Notifier] C:\Program
Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital
Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program
Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program
Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program
Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &ieSpell Options -
res://C:\Documents and Settings\Owner\My
Documents\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -
res://C:\Documents and Settings\Owner\My
Documents\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
file://C:\Documents and Settings\Owner\My
Documents\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
file://C:\Documents and Settings\Owner\My
Documents\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and
Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and
Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra button: (no name) -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and
Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and
Settings\Owner\My Documents\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) -
{F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no file)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adorons.com
O15 - Trusted Zone: *.altavista.com
O15 - Trusted Zone: *.comcast.net
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: *.msn.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B}
(TTestGenXInstallObject) -
http://asp.mathxl.co...lers/TestGenXIn
stall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com
Operating System Class) -
http://download.mcaf...tl/4,0,0,99/mci
nsctl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}
(HpProductDetection Class) -
http://h20270.www2.h...PProductDetecti
on.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson
Installation Assistant 2) -
http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
(DwnldGroupMgr Class) -
http://download.mcaf...r/1,0,0,26/mcgd
mgr.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson
MathXL Player) -
http://asp.mathxl.co.../MathPlayer.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: instcat - 8@ (file missing)
O20 - Winlogon Notify: 8@ - 8@ (file missing)
O20 - Winlogon Notify: @H - @H (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee,
Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee,
Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) -
McAfee Corporation -
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP -
C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: StarWind iSCSI Service (StarWindService) -
Rocket Division Software - C:\Program Files\Alcohol
Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner
- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 13348 bytes