Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

quicksilver.cab


  • Please log in to reply

#1
cehlers

cehlers

    New Member

  • Member
  • Pip
  • 1 posts
This problem is on an Exchange server...We are getting a bunch of un wanted UPD traffic that I can not identify. My only suspicion is a bug. My HJT log shows "quicksilver.cab" as an entry. I have scan the web and it appears to be a bug. How can I eliminate it. attched please find my HJT log. Thanx in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:56 PM, on 7/25/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
D:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\Program Files\Panda Software\AVNT\PavSrv51.exe
C:\Program Files\Panda Software\AVNT\PsImSvc.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\Program Files\Panda Software\AVNT\AVENGINE.EXE
C:\WINDOWS\TIREMOTE\wuser32.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\hp\hpsmh\bin\hpsmhd.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\PavEx\PavExA\PavEx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dns.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
D:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\Panda Software\AVNT\PSCtrlC.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\mmc.exe
D:\Program Files\Panda Software\Panda Administrator 3\Console\Console.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqteam.exe
D:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\Panda Software\AVNT\PSCtrlC.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\inetsrv\w3wp.exe
X:\Applications\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [PASystemTray] "D:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVNT\PSCtrlC.exe"
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://sam.cnp.net/...ad2.citrix.com
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sam.cnp.net/...oterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125690879281
O16 - DPF: {9D887407-4690-45C0-9451-15CD63E615CA} (BOSIRichEditActiveX Control) - http://192.168.2.2/t...MemoControl.cab
O16 - DPF: {D636032F-E4DE-4851-AA0C-D5D6A66B8318} (BOSIActiveFormX Control) - http://192.168.2.2/t...ActiveXGrid.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CFSC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = CFSC.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{511E0590-2F35-4163-967F-E0E7911B71D7}: NameServer = 192.168.2.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB8DE20-FDB9-4326-89E1-7239CC9FFB25}: NameServer = 192.168.3.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CFSC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\..\{511E0590-2F35-4163-967F-E0E7911B71D7}: NameServer = 192.168.2.7
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - D:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Exchange Connectivity Controller (MSExchangeCoCo) - Unknown owner - D:\Program Files\Exchsrvr\bin\lscntrl.exe" -cexchconn.ini -nCONTROL-SERVICE -pCONTROL-SERVICE -l"D:\Program Files\Exchsrvr\bin" -vMSExchangeCoCo (file missing)
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - D:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software - C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda ExchangeSecure (PAvDCExc) - Panda Software - C:\WINDOWS\System32\PavEx\PAvDCExc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\PavSrv51.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVNT\PsImSvc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Intuit, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe

Edited by cehlers, 25 July 2006 - 02:33 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP