Logfile of HijackThis v1.99.1
Scan saved at 6:44:25 PM-Path, on 5/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BESAlert.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\bentaa\beremote.exe
C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BlackBerryServer.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Mssql7\Binn\sqlmangr.exe
C:\WINNT\system32\mmc.exe
F:\Hacking Tools\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = discovery:80
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - Startup: Routing and Remote Access.lnk = C:\WINNT\system32\rrasmgmt.msc
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dtsi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{587A9145-47B9-47C0-9FA4-5FC804ABAA80}: NameServer = 154.6.105.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{F639284A-9674-4776-A25D-CC7019B880C2}: NameServer = 172.16.1.37
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dtsi.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dtsi.com
O23 - Service: Backup Exec 8.x Agent Accelerator (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\bentaa\beremote.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Research In Motion Limited - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
O23 - Service: BESAlert - Research In Motion Limited - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Controller - Research In Motion Limited - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Database Consistency Service - Research In Motion Limited - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\MDS\bin\DBConsistency.exe
O23 - Service: BlackBerry Mobile Data Server pathfinder - Unknown owner - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\MDS\bin\BMDS.exe" -s jvmpath="C:\Program Files\Java\j2re1.4.2_06\bin\client\jvm.dll" -XX:+DisableExplicitGC -Xss64K -Xmx128M -Xms64M -XX:NewSize=24M -XX:MaxNewSize=64M -XX:NewRatio=2 classpathdir="C:\Program Files\Research in Motion\BlackBerry Enterprise Server\MDS\classpath" wrkdir="C:\Program Files\Research in Motion\BlackBerry Enterprise Server\MDS\Servers\pathfinder" -log.console -rbes "pathfinder (file missing)
O23 - Service: BlackBerry Server pathfinder - Research In Motion Limited - C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BlackBerryServer.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: System Driver Mgr (drvmgr) - Unknown owner - C:\WINNT\system32\drvmgr.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSBackup Service (msupdate) - Unknown owner - c:\program files\windowsupdate\panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\nkadm.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\update.exe" /service (file missing)
O23 - Service: MS System Monitor (sysmon) - Unknown owner - c:\winnt\java\classes\svchost.exe (file missing)
O23 - Service: Task Manager (TskMan) - Unknown owner - C:\WINNT\system32\tskman.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
Any help would be appreciated...
Sign In
Create Account
