2 replies to this topic

[hereintheusa]

Could someone please take a look at this log and let me know whats what.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:33 AM, on 1/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\RSGUIProvider.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://worknet.auth.wellpoint.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://worknet.auth.wellpoint.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://worknet.auth.wellpoint.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {418C9DDE-B6CA-454A-B047-C0CFAD712DE3} - C:\DOCUME~1\spadogn\LOCALS~1\Temp\pmnoOFuu.dll
O2 - BHO: (no name) - {5dccde58-255a-4307-ae4b-46eefa51822c} - C:\WINDOWS\system32\sosarure.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [EnableCache] C:\WINDOWS\system32\msiexec.exe /fu {47DD019F-7DCB-47D1-A261-1BCEB444CD90} /qn
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [AMO] C:\TNGAM\AGENTS\USERINV.LNK
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [SybaseFix] C:\Windows\Options\Scripts\Sybase_AccessUsersFix.vbs
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\spadogn\LOCALS~1\Temp\orgzpl.dll",run
O4 - HKCU\..\Run: [jiyakedagi] Rundll32.exe "C:\WINDOWS\system32\fasapako.dll",s
O4 - HKCU\..\Run: [CPMff60086c] Rundll32.exe "C:\WINDOWS\system32\pofolehe.dll",a
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Office Startup.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://worknet.auth.wellpoint.com/
O15 - Trusted Zone: http://inw2kgen01.corp.anthem.com
O15 - Trusted Zone: http://webimage.wellpoint.com
O15 - Trusted IP range: http://30.128.190.121
O15 - Trusted IP range: http://30.37.205.23
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {897F5787-EAB8-4C0D-8EE7-D296E3E1CCAF} (ipdWebControl.CRegistry) - http://30.34.14.74/u...dWebControl.cab
O16 - DPF: {8C28EFF4-767B-11D1-844B-0060972DC2AC} - http://30.37.205.23/...o.Quickview.cab
O16 - DPF: {C1A30C78-808C-4ADF-B5EF-27F164626548} (SamuraiCtrl Class) - http://vaw2kvrntsr04.corp.anthem.com/ultra...intPlayback.cab
O16 - DPF: {C411B4F7-7FB2-4E3C-934F-5CF43A6B4CCF} (Desktop.DeskCtrl) - http://va2k3amg01/es...top/desktop.cab
O16 - DPF: {E512705A-3850-4CD2-84F3-80B2BFAFACDE} (ipdFormLetter.FormLetterProxy) - http://30.34.14.74/u...dFormLetter.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://myconnection.wellpoint.com/dana-cac...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com
O17 - HKLM\Software\..\Telephony: DomainName = us.ad.wellpoint.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS
NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK.
COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS
NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK.
COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us.ad.wellpoint.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS
NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK.
COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IN.TRIGON.COM,CORP.ANTHEM.COM,CORP.TGHNET.COM,AICI.COM,US.AD.WELLPOINT.COM,EBCBS
NY.WELLCHOICE.INC,BCBS-GA.COM,COBALT-CORP.COM,EMPIREBCBS.COM,BCBSWI.COM,BCBSMO.COM,UWSI.COM,WELLPOINT.COM,HEALTHLINK.
COM
O20 - Winlogon Notify: EARSWlNotify - EARSWlNotify.dll (file missing)
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
O23 - Service: BMC_ConfigMgr (BMCConfigMgr) - BMC Software, Inc. - C:\program files\BMCCM\tuner\Tuner.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: DameWare Mini Remote Control (DWRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\bin\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Removable Storage Service (RemovableStorageService) - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\RemovableStorageService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10937 bytes

[1972vet]

Are you a Blue Cross employee? Is this a Blue Cross company computer? I'm afraid you are going to have to answer both of those questions before anyone here can help you with this particular computer. Also, tell us what issues you are experiencing.Thanks!

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.