Jump to content

hereintheusa

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by hereintheusa

  1. Could someone please take a look at this log and let me know whats what. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:19:33 AM, on 1/17/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\RSGUIProvider.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\regedit.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://worknet.auth.wellpoint.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://worknet.auth.wellpoint.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://worknet.auth.wellpoint.com/ R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {418C9DDE-B6CA-454A-B047-C0CFAD712DE3} - C:\DOCUME~1\spadogn\LOCALS~1\Temp\pmnoOFuu.dll O2 - BHO: (no name) - {5dccde58-255a-4307-ae4b-46eefa51822c} - C:\WINDOWS\system32\sosarure.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sDJobCheck] triggusr.exe O4 - HKLM\..\Run: [EnableCache] C:\WINDOWS\system32\msiexec.exe /fu {47DD019F-7DCB-47D1-A261-1BCEB444CD90} /qn O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe /p O4 - HKLM\..\Run: [AMO] C:\TNGAM\AGENTS\USERINV.LNK O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKCU\..\Run: [sybaseFix] C:\Windows\Options\Scripts\Sybase_AccessUsersFix.vbs O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\spadogn\LOCALS~1\Temp\orgzpl.dll",run O4 - HKCU\..\Run: [jiyakedagi] Rundll32.exe "C:\WINDOWS\system32\fasapako.dll",s O4 - HKCU\..\Run: [CPMff60086c] Rundll32.exe "C:\WINDOWS\system32\pofolehe.dll",a O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Office Startup.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://worknet.auth.wellpoint.com/ O15 - Trusted Zone: http://inw2kgen01.corp.anthem.com O15 - Trusted Zone: http://webimage.wellpoint.com O15 - Trusted IP range: http://30.128.190.121 O15 - Trusted IP range: http://30.37.205.23 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {897F5787-EAB8-4C0D-8EE7-D296E3E1CCAF} (ipdWebControl.CRegistry) - http://30.34.14.74/ultera/Download/ipdWebControl.cab O16 - DPF: {8C28EFF4-767B-11D1-844B-0060972DC2AC} - http://30.37.205.23/components/Brio.Quickview.cab O16 - DPF: {C1A30C78-808C-4ADF-B5EF-27F164626548} (SamuraiCtrl Class) - http://vaw2kvrntsr04.corp.anthem.com/ultra...intPlayback.cab O16 - DPF: {C411B4F7-7FB2-4E3C-934F-5CF43A6B4CCF} (Desktop.DeskCtrl) - http://va2k3amg01/esm/desktop/desktop.cab O16 - DPF: {E512705A-3850-4CD2-84F3-80B2BFAFACDE} (ipdFormLetter.FormLetterProxy) - http://30.34.14.74/ultera/Download/ipdFormLetter.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://myconnection.wellpoint.com/dana-cac...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com O17 - HKLM\Software\..\Telephony: DomainName = us.ad.wellpoint.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK. COM O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK. COM O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK. COM O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK. COM O20 - Winlogon Notify: EARSWlNotify - EARSWlNotify.dll (file missing) O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll O23 - Service: BMC_ConfigMgr (BMCConfigMgr) - BMC Software, Inc. - C:\program files\BMCCM\tuner\Tuner.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: DameWare Mini Remote Control (DWRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\bin\omtsreco.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\bin\ONRSD.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Removable Storage Service (RemovableStorageService) - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\RemovableStorageService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10937 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.