Logfile of HijackThis v1.99.1
Scan saved at 9:03:35 AM, on 9/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avsynmgr.exe
d:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
c:\winnt\system32\domtimec.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\VsStat.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avconsol.exe
C:\WINNT\system32\DACONFIG.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINNT\system32\wuaepl40.exe
C:\Program Files\WinAntiSpyware 2005\was5.exe
C:\Program Files\Bxctqs\Nyyyeqp.exe
D:\Program Files\Microsoft Office\Office\Findfast.exe
D:\Program Files\Microsoft Office\Office\Osa.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\TEMP\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on
O4 - HKLM\..\Run: [DACONFIGEXE] DACONFIG.EXE R
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [s79O35g] wuaepl40.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2005] C:\Program Files\WinAntiSpyware 2005\was5.exe
O4 - HKLM\..\Run: [Enknofp] C:\Program Files\Bxctqs\Nyyyeqp.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122581022058
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ctlaerospace.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: Domain = ctlaerospace.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CE8C589-31A0-47DE-B178-C91A33BF28F2}: NameServer = 216.68.1.100,216.68.2.100
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\PROGRA~1\NETWOR~1\VIRUSS~2\Avsynmgr.exe
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - d:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Domain Time Client - Greyware Automation Products
Web: http://www.greyware.com
FTP: ftp://ftp.greyware.com
Email: [email protected]
Phone: 972-867-2794 - c:\winnt\system32\domtimec.exe
O23 - Service: IBM Nodelock License Server (IBM LUM NDL) - IBM - C:\IFOR\WIN\BIN\I4LLMD.EXE
O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
O23 - Service: OracleClientCache80 - Unknown owner - D:\orant\BIN\ONRSD80.EXE