Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:52 AM, on 12/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\system32\enstart.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\winnt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\merlin\merlin.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINNT\system32\Prot_srv.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\RCSERV.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\Merlin\MWIStats.exe
C:\Program Files\Nice Agent\ScreenAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kpnet.kp.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kpnet.kp.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [MWIStats] "C:\Program Files\Merlin\MWIStats.exe"
O4 - HKLM\..\Run: [AGNTREC] "C:\Program Files\Nice Agent\ScreenAgent.exe" -wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [biposeves] Rundll32.exe "c:\winnt\system32\zulagovi.dll",a
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [mazepepora] Rundll32.exe "C:\WINNT\system32\puzohilo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mazepepora] Rundll32.exe "C:\WINNT\system32\puzohilo.dll",s (User 'NETWORK SERVICE')
O4 - Startup: shared.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\npssview.dll
O14 - IERESET.INF: START_PAGE_URL=http://kpnet.kp.org
O15 - Trusted Zone: http://*.appl.kp.org (HKLM)
O15 - Trusted Zone: http://*.moss.kp.org (HKLM)
O15 - Trusted Zone: http://cnbcapphosting.ca.kp.org (HKLM)
O15 - Trusted Zone: http://cnprodapphosting.ca.kp.org (HKLM)
O15 - Trusted Zone: http://cobcapphosting.co.kp.org (HKLM)
O15 - Trusted Zone: http://csbcapphosting.ca.kp.org (HKLM)
O15 - Trusted Zone: http://csprodapphosting.ca.kp.org (HKLM)
O15 - Trusted Zone: http://gabcapphosting.ga.kp.org (HKLM)
O15 - Trusted Zone: http://hibcapphosting.hi.kp.org (HKLM)
O15 - Trusted Zone: http://hiprodapphosting.hi.kp.org (HKLM)
O15 - Trusted Zone: http://mabcapphosting.md.kp.org (HKLM)
O15 - Trusted Zone: http://maprodapphosting.md.kp.org (HKLM)
O15 - Trusted Zone: http://metaframe.kp.org (HKLM)
O15 - Trusted Zone: http://metaframeeast.kp.org (HKLM)
O15 - Trusted Zone: http://metaframewest.kp.org (HKLM)
O15 - Trusted Zone: http://nwbcapphosting.or.kp.org (HKLM)
O15 - Trusted Zone: http://nwprodapphosting.or.kp.org (HKLM)
O15 - Trusted Zone: http://ohbcapphosting.oh.kp.org (HKLM)
O15 - Trusted Zone: http://ohprodapphosting.oh.kp.org (HKLM)
O15 - Trusted Zone: http://rmprodapphosting.co.kp.org (HKLM)
O15 - Trusted Zone: http://seprodapphosting.ga.kp.org (HKLM)
O16 - DPF: Sametime Meeting Room Client ST25PF1 - http://crdc-st01.kp.org/sametime/stmeet ... Client.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://collaboration.kp.org/qp2.cab
O16 - DPF: {46CF8BCA-84A1-4437-847A-DC29496E01A5} (ISiteNonVisual Control 3.3) - http://10.233.49.167/iSite3_3.cab
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://crdc-st01.kp.org/sametime/stmeet ... Loader.cab
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://qc.tic.ca.kp.org:8080/qcbin/Spider91.cab
O16 - DPF: {B8958DE0-BAC9-101C-933E-0000C005958C} (FarPoint DateTime Control) - file://C:\WINNT\TEMP\edt32x20.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://connecture.webex.com/client/T26 ... eatgpc.cab
O16 - DPF: {EB52CF7B-3917-11CE-80FB-0000C0C14E92} (SSDateCombo Control) - file://C:\WINNT\TEMP\sscala32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tom.ca.kp.org.
O17 - HKLM\Software\..\Telephony: DomainName = tom.ca.kp.org.
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tom.ca.kp.org.
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: c:\winnt\system32\nijonina.dll kiramega.dll c:\winnt\system32\patayaru.dll c:\winnt\system32\jowujino.dll c:\winnt\system32\zulagovi.dll
O20 - Winlogon Notify: KPLogOn - C:\WINNT\SYSTEM32\KPLogOn.dll
O21 - SSODL: golojuwom - {84a125f3-aeb6-4dec-8b64-e81ef7554843} - c:\winnt\system32\patayaru.dll (file missing)
O21 - SSODL: koyimorus - {61c9e4cd-25cc-40f1-8b11-1772e5813a05} - c:\winnt\system32\jowujino.dll (file missing)
O21 - SSODL: puyatidur - {0aa3d957-26e6-4296-a882-aa4efac8b11a} - c:\winnt\system32\zulagovi.dll
O22 - SharedTaskScheduler: jugezatag - {84a125f3-aeb6-4dec-8b64-e81ef7554843} - c:\winnt\system32\patayaru.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {61c9e4cd-25cc-40f1-8b11-1772e5813a05} - c:\winnt\system32\jowujino.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0aa3d957-26e6-4296-a882-aa4efac8b11a} - c:\winnt\system32\zulagovi.dll
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: enstart - Unknown owner - C:\WINNT\system32\enstart.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINNT\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\winnt\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\orant\Ora81\bin\ONRSD.EXE
O23 - Service: Pointsec - Unknown owner - C:\WINNT\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINNT\system32\pstartSr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Install Bootstrap Service (REMSTART) - Symantec Corporation - c:\Temp\temp\RemStart.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Tivoli Remote Control Service (TME10RC) - IBM Corporation - C:\WINNT\RCSERV.EXE
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 16128 bytes