 |  |  |  |  |  |  |  |
Help with a Hijackthis log file
 |
Can someone help me with this hijackthis log file, is there anything in this list that looks like a red flag? Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 10:46:40 AM, on 3/29/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PCD32\client32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
D:\SOAPswitch\mysql\bin\mysqld-nt.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\OurCompany\BusinessObjects\bin\WINotify.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
C:\bea\Tuxedo8.1\bin\WSL.exe
C:\bea\Tuxedo8.1\bin\WSH.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\WSL.exe
C:\bea\Tuxedo8.1\bin\WSH.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSRENSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSUQSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMCFLOG.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://shdoclc.dll/hardUser.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://opi.oracleads.com/ADS
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE /M
O4 - HKLM\..\Run: [CSSDashboard] cmd /c "start /min c:\ps\css\LaunchSleep.bat"
O4 - HKLM\..\Run: [WINOTIFY] D:\OurCompany\BusinessObjects\bin\WINotify.exe -auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\PTPNDFLS\PTPNDFLS.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software
Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = our.internaldomain.com
O17 - HKLM\Software\..\Telephony: DomainName = our.internaldomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B85764-6BDC-48EF-A79C-7260ED22147E}: NameServer
= 205.172.148.205,205.172.148.163
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = our.internaldomain.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
our.internaldomain.com,OurCompany.com,us.ourcompany.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B85764-6BDC-48EF-A79C-7260ED22147E}: NameServer
= 205.172.148.205,205.172.148.163
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
our.internaldomain.com,OurCompany.com,us.ourcompany.com
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software
Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Banter Server Manager - Unknown owner - C:\Banter\BANTER~1\bin\RmeMgr.exe
O23 - Service: Banter Trace - Unknown owner - C:\Banter\BanterServer\bin\Banter_trace.exe
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\Tuxedo8.1\bin\tuxipc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PCD32\client32.exe
O23 - Service: OurCompany CSS WhosOn (cssWhosOn) - OurCompany, Inc. -
c:\ps\css\cssWhosOn.exs
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IRES - Alexandria Software Consulting -
d:\homedirectory\class\IREService.exe
O23 - Service: Microsoft Search (MSSEARCH) - Unknown owner - C:\Program Files\Common
Files\System\MSSearch\Bin\mssearch.exe (file missing)
O23 - Service: MySql - Unknown owner - D:\SOAPswitch\mysql\bin\mysqld-nt.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - D:\oracle\product\10.2.0\db_1
\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - D:\oracle\product\10.2.0
\db_1\BIN\TNSLSNR.exe
O23 - Service: OurCompany Configurator Server - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
O23 - Service: OurCompany1-PSJMS - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
O23 - Service: OurCompany CSS Tuxedo Processes (OurCompanyBooter) - OurCompany -
C:\PS\css\cssNTserv.exs
O23 - Service: OurCompany d:\homedirectory (OurCompany_D__PS84) - OurCompany, Inc. -
d:\homedirectory\bin\server\winx86\psntsrv.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: OurCompany Quality EIP Services For SoftwareRelease (qsanlzr) - OurCompany
Incorporated - C:\Program Files\OurCompany Applications\Quality\EIP Service\qsanlzr.exe
O23 - Service: OurCompany Quality Web Services For SoftwareRelease (qserveri) - OurCompany
Incorporated - C:\Program Files\OurCompany Applications\Quality\IA Service\qserveri.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner
- C:\bea\Tuxedo8.1\bin\slisten.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program
Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: WebLogic Server 8.1 - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:46:40 AM, on 3/29/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PCD32\client32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
D:\SOAPswitch\mysql\bin\mysqld-nt.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\OurCompany\BusinessObjects\bin\WINotify.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSANALYTICSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
C:\bea\Tuxedo8.1\bin\WSL.exe
C:\bea\Tuxedo8.1\bin\WSH.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\WSL.exe
C:\bea\Tuxedo8.1\bin\WSH.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSWATCHSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAPPSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSSAMSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSRENSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSUQSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMCFLOG.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGDSP.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMSGHND.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\JSL.exe
C:\bea\Tuxedo8.1\bin\JSH.exe
C:\bea\Tuxedo8.1\bin\JREPSVR.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\bea\Tuxedo8.1\bin\BBL.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSAESRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSDSTSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSPRCSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
d:\homedirectory\BIN\SERVER\WINX86\PSMONITORSRV.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://shdoclc.dll/hardUser.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://opi.oracleads.com/ADS
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] C:\PCD32\CLBOOT32.EXE /M
O4 - HKLM\..\Run: [CSSDashboard] cmd /c "start /min c:\ps\css\LaunchSleep.bat"
O4 - HKLM\..\Run: [WINOTIFY] D:\OurCompany\BusinessObjects\bin\WINotify.exe -auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\PTPNDFLS\PTPNDFLS.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software
Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = our.internaldomain.com
O17 - HKLM\Software\..\Telephony: DomainName = our.internaldomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{01B85764-6BDC-48EF-A79C-7260ED22147E}: NameServer
= 205.172.148.205,205.172.148.163
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = our.internaldomain.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
our.internaldomain.com,OurCompany.com,us.ourcompany.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{01B85764-6BDC-48EF-A79C-7260ED22147E}: NameServer
= 205.172.148.205,205.172.148.163
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
our.internaldomain.com,OurCompany.com,us.ourcompany.com
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache Software
Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Banter Server Manager - Unknown owner - C:\Banter\BANTER~1\bin\RmeMgr.exe
O23 - Service: Banter Trace - Unknown owner - C:\Banter\BanterServer\bin\Banter_trace.exe
O23 - Service: BEA ProcMGR V8.1 - Unknown owner - C:\bea\Tuxedo8.1\bin\tuxipc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PCD32\client32.exe
O23 - Service: OurCompany CSS WhosOn (cssWhosOn) - OurCompany, Inc. -
c:\ps\css\cssWhosOn.exs
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IRES - Alexandria Software Consulting -
d:\homedirectory\class\IREService.exe
O23 - Service: Microsoft Search (MSSEARCH) - Unknown owner - C:\Program Files\Common
Files\System\MSSearch\Bin\mssearch.exe (file missing)
O23 - Service: MySql - Unknown owner - D:\SOAPswitch\mysql\bin\mysqld-nt.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - D:\oracle\product\10.2.0\db_1
\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - D:\oracle\product\10.2.0
\db_1\BIN\TNSLSNR.exe
O23 - Service: OurCompany Configurator Server - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
O23 - Service: OurCompany1-PSJMS - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
O23 - Service: OurCompany CSS Tuxedo Processes (OurCompanyBooter) - OurCompany -
C:\PS\css\cssNTserv.exs
O23 - Service: OurCompany d:\homedirectory (OurCompany_D__PS84) - OurCompany, Inc. -
d:\homedirectory\bin\server\winx86\psntsrv.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: OurCompany Quality EIP Services For SoftwareRelease (qsanlzr) - OurCompany
Incorporated - C:\Program Files\OurCompany Applications\Quality\EIP Service\qsanlzr.exe
O23 - Service: OurCompany Quality Web Services For SoftwareRelease (qserveri) - OurCompany
Incorporated - C:\Program Files\OurCompany Applications\Quality\IA Service\qserveri.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: TListen 8.1 (Port: 3050) (TUXEDO 8.1 Listener on Port 3050) - Unknown owner
- C:\bea\Tuxedo8.1\bin\slisten.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program
Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: WebLogic Server 8.1 - BEA Systems, Inc. - c:\bea\WEBLOG~1
\server\bin\beasvc.exe
|
Similar Threads
- Hi all i'm new to the fourm and need someone to decipher a hijackthis log file PLZ!! (Viruses, Spyware and other Nasties)
- My HiJackThis Log File (Viruses, Spyware and other Nasties)
- HijackThis Log file, not sure what to delete (Viruses, Spyware and other Nasties)
- hijackThis log file (Viruses, Spyware and other Nasties)
- Could u please have a look on my HijackThis Log file? (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Computer as slow as a snail. x_x
- Next Thread: Hijackthis log
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
