Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:13 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCiscoCisco AnyConnect VPN Clientvpnagent.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesISSProventia Desktopblackd.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:WINDOWSsystem32inetsrvinetinfo.exe
C:Program FilesMcAfeeVirusScan EnterpriseEngineServer.exe
C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
C:WINDOWSsystem32mfevtps.exe
C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnmsftesql.exe
C:Program FilesMicrosoft SQL ServerMSSQL.2MSSQLBinnsqlservr.exe
C:Program FilesMicrosoft SQL ServerMSSQL.3OLAPbinmsmdsrv.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesISSProventia DesktopRapApp.exe
C:Program FilesCommon FilesICWMPrinterRDIConverterService.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
C:Program FilesUiTVUiPlayermsrv.exe
C:Program FilesISSProventia Desktopvpatch.exe
C:WINDOWSsystem32CCMCLICOMPRemCtrlWuser32.exe
C:WINDOWSsystem32CCMCcmExec.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
C:WINDOWSsystem32mqsvc.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSsystem32msiexec.exe
C:WINDOWSExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe
C:Program FilesMcAfeeCommon Frameworkudaterui.exe
C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE
C:WINDOWSsystem32ctfmon.exe
C:Documents and SettingswxuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesWinZipWZQKPICK.EXE
C:WINDOWSsystem32taskmgr.exe
C:Program FilesMcAfeeCommon FrameworkMcTray.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = https://intranet.membersunited.org
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = https://intranet.membersunited.org
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = proxy.prod.mstates.local:8080
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = il.membersunited.org;ny.membersunited.org;*.local;
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesMcAfeeVirusScan Enterprisescriptsn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [WatchDog] C:Program FilesInterVideoDVD CheckDVDCheck.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [Acrobat Assistant 7.0] "C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:Program FilesMcAfeeCommon Frameworkudaterui.exe" /StartedFromRunKey
O4 - HKLM..Run: [ShStatEXE] "C:Program FilesMcAfeeVirusScan EnterpriseSHSTAT.EXE" /STANDALONE
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingswxuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKUSS-1-5-21-3699590251-2700444154-4223713684-1022..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User bankerapp)
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User SYSTEM)
O4 - HKUSS-1-5-18..RunOnce: [RunNarrator] Narrator.exe (User SYSTEM)
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User Default user)
O4 - HKUS.DEFAULT..RunOnce: [RunNarrator] Narrator.exe (User Default user)
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra Tools menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra Tools menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:Program Fileswebexwebex350atonecli.dll (HKCU)
O9 - Extra Tools menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:Program Fileswebexwebex350atonecli.dll (HKCU)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://cpc.on.intercall.com/confmgr/in ... nstall.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://ny.membersunited.org/CACHE/stc/ ... vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4549932909
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5253843808
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://paymentsuniversity.webex.com/cl ... eatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = PROD.MSTATES.LOCAL
O17 - HKLMSoftware..Telephony: DomainName = PROD.MSTATES.LOCAL
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = PROD.MSTATES.LOCAL
O17 - HKLMSystemCS4ServicesTcpipParameters: Domain = PROD.MSTATES.LOCAL
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:Program FilesISSProventia Desktopblackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:Program FilesMcAfeeVirusScan EnterpriseEngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:Program FilesMcAfeeCommon FrameworkFrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:Program FilesMcAfeeVirusScan EnterpriseMcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:Program FilesMcAfeeVirusScan EnterpriseVsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:WINDOWSsystem32mfevtps.exe
O23 - Service: MHN Investment Sweep Service (MHNInvestSweepService) - Members Health Network, LLC - C:WorkHealthBankerInvestSweepServicebinMembersHealth.HealthBanker.WindowsService.InvestSweepService.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:Program FilesISSProventia DesktopRapApp.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:Program FilesCommon FilesICWMPrinterRDIConverterService.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:Program FilesHPQSharedSierra WirelessWin32UnicodeSWIHPWMI.exe
O23 - Service: Windows Network Media Service (UiPlayer) - UiTV Corporation - C:Program FilesUiTVUiPlayermsrv.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:Program FilesISSProventia Desktopvpatch.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:Program FilesCiscoCisco AnyConnect VPN Clientvpnagent.exe
--
End of file - 12169 bytes
Read More...
No comments:
Post a Comment