Thank you
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:50 PM, on 8/6/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\Documents and Settings\secondadmin\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
c:\centenn.ial\audit\CAgent32.exe
c:\centenn.ial\audit\xferwan.exe
C:\Program Files\Citrix\Licensing\LS\lmgrd.exe
C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
C:\Program Files\Symantec\Backup Exec\DLO\dlomaintsvcu.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\Licensing\LS\CITRIX.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\Citrix\system32\cdmsvc.exe
C:\Program Files\Citrix\System32\ctxxmlss.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Citrix\system32\encsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Citrix\System32\wfshell.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\secondadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\secondadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1802775417-3232460409-2919711924-1119\..\RunOnce: [tscuninstall] "%systemroot%\system32\tscupgrd.exe" (User 'Ctx_SmaUser')
O4 - HKUS\S-1-5-21-203641612-3859587353-3240750082-2465\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" (User 'symantecbackup')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\secondadmin\windows\system32\mswsock.dll' missing
O15 - Trusted Zone: http://*.kitconet.com
O15 - Trusted Zone: http://api.wxbug.net
O15 - Trusted Zone: http://*.yimg.com
O15 - ESC Trusted Zone: http://rmd.atdmt.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.belarc.com
O15 - ESC Trusted Zone: http://www.citrixonline.com
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://broker.gotoassist.com
O15 - ESC Trusted Zone: http://*.kitconet.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.rimrock.com
O15 - ESC Trusted Zone: http://entsearch.symantec.com
O15 - ESC Trusted Zone: http://entsupport.symantec.com
O15 - ESC Trusted Zone: http://maillist.entsupport.symantec.com
O15 - ESC Trusted Zone: http://searchg.symantec.com
O15 - ESC Trusted Zone: http://seer.entsupport.symantec.com
O15 - ESC Trusted Zone: http://www.symantec.com
O15 - ESC Trusted Zone: http://*.symantec.com
O15 - ESC Trusted Zone: http://ftp.support.veritas.com
O15 - ESC Trusted Zone: http://seer.support.veritas.com
O15 - ESC Trusted Zone: http://symantec.webex.com
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://l.yimg.com
O15 - ESC Trusted Zone: http://us.js2.yimg.com
O15 - ESC Trusted IP range: http://192.168.1.250
O15 - ESC Trusted IP range: http://68.142.201.31
O15 - ESC Trusted IP range: http://192.168.1.2
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bluecoat.webex.com/client/T26L/ ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXX.local
O17 - HKLM\Software\..\Telephony: DomainName = XXXXX.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDD7B614-F7B0-4FD1-BD20-93B1F080911F}: NameServer = 192.168.1.3,192.168.1.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXXXX.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXXXX.local
O23 - Service: Citrix Activation Host Service (ActivationServiceHost) - TODO: <Company name> - C:\Program Files\Citrix\Access Gateway\Bin\ActivationServiceHost.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Embedded Database (ASANYs_sem5) - iAnywhere Solutions, Inc. - C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
O23 - Service: Ataman TCP Remote Logon Services - Unknown owner - C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beserver.exe
O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
O23 - Service: Client Network (CdmService) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\cdmsvc.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - c:\centenn.ial\audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - c:\centenn.ial\audit\xferwan.exe
O23 - Service: Citrix SMA Service - Citrix Systems Inc. - C:\Program Files\Citrix\Sma\SmaService.exe
O23 - Service: Citrix Virtual Memory Optimization - Citrix Systems, Inc. - C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
O23 - Service: CitrixLicensing - Macrovision Corporation - C:\Program Files\Citrix\Licensing\LS\lmgrd.exe
O23 - Service: Citrix XTE Server (CitrixXTEServer) - Citrix Systems, Inc. - C:\Program Files\Citrix\XTE\bin\XTE.exe
O23 - Service: Citrix Licensing WMI (Citrix_GTLicensingProv) - Unknown owner - C:\Program Files\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
O23 - Service: Citrix Print Manager Service (cpsvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\CpSvc.exe
O23 - Service: Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpubal.exe
O23 - Service: Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe
O23 - Service: Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpuusync.exe
O23 - Service: Citrix XML Service (CtxHttp) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\ctxxmlss.exe
O23 - Service: Citrix Deployment Server (CtxMsamDeployment) - Citrix Systems, Inc. - C:\Program Files\Citrix\Access Gateway\Bin\Citrix.Msam.Deployment.Service.exe
O23 - Service: Citrix Resource Aggregation Server (CtxMsamResAgg) - Citrix Systems, Inc. - C:\Program Files\Citrix\Access Gateway\Bin\ResAggSvc.exe
O23 - Service: Secure Gateway (CtxSecGwy) - Citrix Systems, Inc. - C:\Program Files\Citrix\Secure Gateway\bin\CtxSGSvc.exe
O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
O23 - Service: Backup Exec DLO Administration Service (DLOAdminSvcu) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOAdminSvcu.exe
O23 - Service: Backup Exec DLO Maintenance Service (DLOMaintenanceSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\dlomaintsvcu.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\encsvc.exe
O23 - Service: Citrix Activation Engine Service (EngineMgrService) - TODO: <Company name> - C:\Program Files\Citrix\Access Gateway\Bin\EngineMgrService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\mfcom.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Symantec Endpoint Protection Manager (semsrv) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
O23 - Service: Shavlik Remote Scheduler Service (Shavlik Scheduler) - Shavlik Technologies, LLC - C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 15696 bytes