Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknigh...ad.htm#programs
***Security Programs Detected***
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 3:28:16 PM, on 7/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\WINNT\system32\slagent.exe
C:\WINNT\System32\rconsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\SLClient.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\System32\PDesk.exe
C:\WINNT\system32\kmw_run.exe
C:\WINNT\system32\KMW_SHOW.EXE
C:\HighjackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_KMW.DLL (file missing)
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O16 - DPF: {30FEDFBF-391B-45F7-8AFF-796E8A532869} (PCRHTML3.HTML1) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8FAC20B4-0B1D-4BAC-BCE0-59DA519DEE67} (PCRALM.ALARM1) -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://blackbaudeve...ent/ieatgpc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ujc.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{01876636-C5FD-4119-A2AC-6A6E34016D91}: NameServer = 192.168.22.42,192.168.21.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ujc.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{01876636-C5FD-4119-A2AC-6A6E34016D91}: NameServer = 192.168.22.42,192.168.21.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ujc.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{01876636-C5FD-4119-A2AC-6A6E34016D91}: NameServer = 192.168.22.42,192.168.21.3
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: MGABGEXE - Unknown owner - C:\WINNT\System32\mgabg.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Remote Console (RCONSVC) - Unknown owner - C:\WINNT\System32\rconsvc.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINNT\SYSTEM32\SLClient.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
End of KRC HijackThis Analyzer Log.
====================================================================