Scan saved at 11:42:07, on 13/12/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\sfmsvc.exe
C:\WINDOWS\system32\sfmprint.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wins.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\USBToolbox\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure\FSAUS.PM\bin\bwadmin.exe
D:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3873747241-2024155984-4165086326-1109\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'fsms_COMITSERVER')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - ESC Trusted Zone: http://dl.betanews.com
O15 - ESC Trusted Zone: http://mail.comitmarketing.com
O15 - ESC Trusted Zone: http://www.google.ie
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://ftp-mozilla.netscape.com
O15 - ESC Trusted Zone: http://www.novara.ie
O15 - ESC Trusted Zone: http://www.petri.co.il
O15 - ESC Trusted Zone: http://laotzu.acc.umu.se
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.5
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1146643651597
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comitmarketing.local
O17 - HKLM\Software\..\Telephony: DomainName = comitmarketing.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A46F9B1-1DE8-44A2-B4DD-4AC75B2DC318}: NameServer = 192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comitmarketing.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comitmarketing.local
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Server (FSAUS) - BackWeb - C:\Program Files\F-Secure\FSAUS.PM\bin\server.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Policy Manager Server (fsms) - Unknown owner - C:\Program Files\F-Secure\Management Server 5\apache.exe
O23 - Service: F-Secure Policy Manager Web Reporting (fspmwr) - Unknown owner - C:\Program Files\F-Secure\Management Server 5\Web Reporting\bin\fspmwrservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RAID Storage Manager Agent (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 15059 bytes