Logfile of HijackThis v1.99.1
Scan saved at 11:02:29 AM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys
C:\Program Files\DesktopAuthority\DesktopAuthority.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\ET821A.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Prism Deploy\Client\PTClient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\notes\NLNOTES.EXE
C:\Program Files\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O1 - Hosts: 162.49.66.5 olympus
O1 - Hosts: 162.49.66.11 plato
O1 - Hosts: 162.49.66.23 intranet
O1 - Hosts: 162.49.66.31 webi
O1 - Hosts: 162.49.66.35 SCEA919ML02 #paris
O1 - Hosts: 162.49.66.38 callisto
O1 - Hosts: 162.49.66.39 SESFCB03 #Nemesis2
O1 - Hosts: 162.49.66.47 SESFCB02A #mail1
O1 - Hosts: 162.49.66.172 becks
O1 - Hosts: 162.49.67.17 fosters2
O1 - Hosts: 162.49.67.19 SCEA919ML01 #news
O1 - Hosts: 162.49.67.21 marco
O1 - Hosts: 162.49.67.38 argo
O1 - Hosts: 162.49.67.39 SESFCB03 #Nemesis67
O1 - Hosts: 162.49.67.42 stealth
O1 - Hosts: 162.49.67.44 viper
O1 - Hosts: 162.49.67.47 icarius
O1 - Hosts: 162.49.80.9 blackberry
O1 - Hosts: 162.49.80.36 geosonyaw1
O1 - Hosts: 162.49.80.38 diablo
O1 - Hosts: 162.49.80.56 trinity.playstation.sony.com
O1 - Hosts: 162.49.80.48 matrix.playstation.sony.com
O1 - Hosts: 162.49.86.36 polo
O1 - Hosts: 162.49.86.38 mercury
O1 - Hosts: 162.49.86.39 SESFCB03 #Nemesis86
O1 - Hosts: 162.49.86.47 lucidb
O1 - Hosts: 162.49.86.48 lucid
O1 - Hosts: 162.49.88.10 hestia
O1 - Hosts: 162.49.88.12 castor.playstation.sony.com
O1 - Hosts: 162.49.88.16 heimdall2 #mis
O1 - Hosts: 162.49.88.38 hermes
O1 - Hosts: 162.49.88.39 SESFCB03 #Nemesis88
O1 - Hosts: 162.49.88.41 stealth
O1 - Hosts: 162.49.88.44 webtrends
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Web\WALLPA~1\utilps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [DesktopAuthority GUI] "C:\Program Files\DesktopAuthority\ragui.exe"
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Prism Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://guardian:434...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://guardian:434...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://guardian:434...stall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://guardian:434.../RemoveCtrl.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://volvo.playsta...tor/oajinit.exe
O20 - AppInit_DLLs: rainit.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: utilps - C:\WINDOWS\Web\WALLPA~1\utilps.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Channel Deployer - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\ChannelDeploy.sys
O23 - Service: DesktopAuthority - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DesktopAuthority.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Edited by Goryus, 07 September 2005 - 11:41 AM.