TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Chris Call on May 02, 2005, 05:05:19 PM
-
Logfile of HijackThis v1.99.1
Scan saved at 4:57:28 PM, on 5/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec\SBAS\Scanner\Bin\bmagent.exe
C:\Program Files\Symantec\SBAS\Scanner\Bin\av_cleaner.exe
C:\Program Files\Symantec\SBAS\Scanner\Bin\harvester.exe
C:\Program Files\Symantec\SBAS\Scanner\Bin\bmserver.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
D:\Program Files\Symantec\Symantec Web Security\igear.exe
C:\Program Files\Symantec\SBAS\ControlCenter\Tomcat\jakarta-tomcat-4.1.27\bin\tomcat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\logon.scr
C:\Program Files\Symantec\SBAS\Scanner\Bin\conduit.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\BacsTray.exe
C:\WINNT\system32\hpnra.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\system32\cmd.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Chippery
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.6:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.2;192.168.1.8;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: AutoAdmin II.lnk = D:\Program Files\AA2\AA2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe (http://\"http://www.xblock.com/download/xclean_micro.exe\")
O16 - DPF: {FDE06BCA-D866-4273-B45F-6BF5C8B90C11} (PjAdoInfo Class) - http://192.168.1.8/ProjectCentral/objects/pjclient.cab (http://\"http://192.168.1.8/ProjectCentral/objects/pjclient.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thechippery.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC7789AF-B544-4B56-91C5-DCFC63D0C369}: NameServer = 192.168.1.3,165.215.165.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thechippery.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thechippery.com
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Brightmail Agent (BMIAGENTSVC) - Symantec Corporation - C:\Program Files\Symantec\SBAS\Scanner\Bin\bmagent.exe
O23 - Service: Brightmail Virus Cleaner (BMICLEANERSVC) - Symantec Corporation - C:\Program Files\Symantec\SBAS\Scanner\Bin\av_cleaner.exe
O23 - Service: Brightmail Conduit (BMICONDUITSVC) - Symantec Corporation - C:\Program Files\Symantec\SBAS\Scanner\Bin\conduit.exe
O23 - Service: Brightmail SMTP Harvester (BMIHARVESTERSVC) - Symantec Corporation - C:\Program Files\Symantec\SBAS\Scanner\Bin\harvester.exe
O23 - Service: Brightmail Server (BMISERVERSVC) - Symantec Corporation - C:\Program Files\Symantec\SBAS\Scanner\Bin\bmserver.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\pduncan\Desktop\CWShredder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Symantec Web Security - Unknown owner - D:\Program Files\Symantec\Symantec Web Security\igear.exe
O23 - Service: Tomcat - Alexandria Software Consulting - C:\Program Files\Symantec\SBAS\ControlCenter\Tomcat\jakarta-tomcat-4.1.27\bin\tomcat.exe