Logfile of HijackThis v1.98.2
Scan saved at 15:37:53, on 08/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\SQLLIB\bin\db2sec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\JavaSoft\JRE\1.3.1_01\bin\javaw.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\SQLLIB\bin\VWD.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\SQLLIB\bin\IWH2SERV.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\IBM\IMNNQ\HTTPDL.exe
C:\IBM\IMNNQ\imnsvdem.exe
C:\Data\downloads\spybot\New Stuff\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\zmjuxy\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xansa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://settings.xansa.com/def55.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-cache.xansa.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;10.*.*.*;interact*;xansanet.*;*.xansa.*;*.figroup.co.uk;*.xansarecruitment.*;*.methodabc.com;192.168.*.*;*.lscdev.local;<local>
O1 - Hosts: 172.18.72.152 zmjuxy.mypc
O1 - Hosts: 172.18.71.149 rtw_ifx_01
O1 - Hosts: 172.18.71.150 rtwifx02
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [kix32msi] msiexec /fo c:\i386\installs\003005\003005.msi /q
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Start HTML Search Server.lnk = C:\SQLLIB\bin\db2nq.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://xansanet.xansa.com
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xone.xansa.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xone.xansa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = xone.xansa.com
Scanned at: 15:30:32 on: 08/02/2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
The script did not recognize the services listed below.
This does not mean that they are a problem.
To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"
########################################
ServiceFilter 1.1
by rand1038
Microsoft Windows 2000 Professional
Version: 5.0.2195 Service Pack 4
Feb 8, 2005 15:41:29
---> Begin Service Listing <---
Unknown Service # 1
Service Name: Ati HotKey Poller
Display Name: Ati HotKey Poller
Start Mode: Auto
Start Name: LocalSystem
Description: Ati HotKey ...
Service Type: Own Process
Path: c:\winnt\system32\ati2evxx.exe
State: Running
Process ID: 564
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: False
Unknown Service # 2
Service Name: CentennialClientAgent
Display Name: CentennialClientAgent
Start Mode: Auto
Start Name: LocalSystem
Description: CentennialClientAgent...
Service Type: Own Process
Path: "c:\centenn.ial\audit\cagent32.exe"
State: Running
Process ID: 612
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 3
Service Name: CentennialIPTransferAgent
Display Name: CentennialIPTransferAgent
Start Mode: Auto
Start Name: LocalSystem
Description: CentennialIPTransferAgent...
Service Type: Own Process
Path: "c:\centenn.ial\audit\xferwan.exe"
State: Running
Process ID: 624
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 4
Service Name: CWShredder Service
Display Name: CWShredder Service
Start Mode: Auto
Start Name: LocalSystem
Description: CWShredder ...
Service Type: Own Process
Path: c:\data\downloads\spybot\new stuff\cwshredder.exe service
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False
Unknown Service # 5
Service Name: DB2
Display Name: DB2 - DB2
Start Mode: Manual
Start Name: xone\zmjuxy
Description: DB2 - ...
Service Type: Own Process
Path: c:\sqllib\bin\db2syscs.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 6
Service Name: DB2ControlCenterServer
Display Name: DB2 JDBC Applet Server - Control Center
Start Mode: Manual
Start Name: xone\zmjuxy
Description: DB2 JDBC Applet Server - Control ...
Service Type: Own Process
Path: c:\sqllib\bin\db2ccs.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 7
Service Name: DB2CTLSV
Display Name: DB2 - DB2CTLSV
Start Mode: Manual
Start Name: xone\zmjuxy
Description: DB2 - ...
Service Type: Own Process
Path: c:\sqllib\bin\db2syscs.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 8
Service Name: DB2DAS00
Display Name: DB2 - DB2DAS00
Start Mode: Manual
Start Name: xone\zmjuxy
Description: DB2 - ...
Service Type: Own Process
Path: c:\sqllib\bin\db2syscs.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 9
Service Name: DB2GOVERNOR
Display Name: DB2 Governor
Start Mode: Manual
Start Name: xone\zmjuxy
Description: DB2 ...
Service Type: Own Process
Path: c:\sqllib\bin\db2govds.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 10
Service Name: DB2JDS
Display Name: DB2 JDBC Applet Server
Start Mode: Manual
Start Name: LocalSystem
Description: DB2 JDBC Applet ...
Service Type: Own Process
Path: c:\sqllib\bin\db2jds.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 11
Service Name: DB2LICD
Display Name: DB2 License Server
Start Mode: Manual
Start Name: LocalSystem
Description: DB2 License ...
Service Type: Own Process
Path: c:\sqllib\bin\db2licd.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 12
Service Name: DB2NTSECSERVER
Display Name: DB2 Security Server
Start Mode: Manual
Start Name: LocalSystem
Description: DB2 Security ...
Service Type: Own Process
Path: c:\sqllib\bin\db2sec.exe
State: Running
Process ID: 652
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service #13
Service Name: DefWatch
Display Name: DefWatch
Start Mode: Auto
Start Name: LocalSystem
Description: DefWatch...
Service Type: Own Process
Path: c:\progra~1\symant~1\symant~1\defwatch.exe
State: Running
Process ID: 664
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 14
Service Name: Jconfigd
Display Name: Hummingbird Jconfig Daemon
Start Mode: Auto
Start Name: LocalSystem
Description: Hummingbird Jconfig ...
Service Type: Own Process
Path: c:\winnt\system32\hummingbird\connectivity\7.10\jconfig\jconfigdnt.exe
State: Running
Process ID: 708
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 15
Service Name: MDM
Display Name: Machine Debug Manager
Start Mode: Auto
Start Name: LocalSystem
Description: Machine Debug ...
Service Type: Own Process
Path: "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
State: Running
Process ID: 744
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 16
Service Name: Multi-user Cleanup Service
Display Name: Multi-user Cleanup Service
Start Mode: Auto
Start Name: LocalSystem
Description: Multi-user Cleanup ...
Service Type: Own Process
Path: c:\lotus\notes\ntmulti.exe
State: Running
Process ID: 776
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service #17
Service Name: Norton AntiVirus Server
Display Name: Symantec AntiVirus Client
Start Mode: Auto
Start Name: LocalSystem
Description: Symantec AntiVirus ...
Service Type: Own Process
Path: c:\progra~1\symant~1\symant~1\rtvscan.exe
State: Running
Process ID: 848
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 18
Service Name: Oracleorahome811Agent
Display Name: Oracleorahome811Agent
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811Agent...
Service Type: Own Process
Path: c:\oracle81\bin\dbsnmp.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 19
Service Name: Oracleorahome811ClientCache
Display Name: Oracleorahome811ClientCache
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811ClientCache...
Service Type: Own Process
Path: c:\oracle81\bin\onrsd.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 20
Service Name: Oracleorahome811CMAdmin
Display Name: Oracleorahome811CMAdmin
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811CMAdmin...
Service Type: Own Process
Path: c:\oracle81\bin\cmadmin.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 21
Service Name: Oracleorahome811CMan
Display Name: Oracleorahome811CMan
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811CMan...
Service Type: Own Process
Path: c:\oracle81\bin\cmgw.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 22
Service Name: Oracleorahome811DataGatherer
Display Name: Oracleorahome811DataGatherer
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811DataGatherer...
Service Type: Own Process
Path: c:\oracle81\bin\vppdc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 23
Service Name: Oracleorahome811HTTPServer
Display Name: Oracleorahome811HTTPServer
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811HTTPServer...
Service Type: Own Process
Path: c:\oracle81\apache\apache\apache.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 24
Service Name: Oracleorahome811ManagementServer
Display Name: Oracleorahome811ManagementServer
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811ManagementServer...
Service Type: Own Process
Path: c:\oracle81\bin\omsntsrv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 25
Service Name: Oracleorahome811PagingServer
Display Name: Oracleorahome811PagingServer
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811PagingServer...
Service Type: Own Process
Path: c:\oracle81/bin/pagntsrv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 26
Service Name: Oracleorahome811TNSListener
Display Name: Oracleorahome811TNSListener
Start Mode: Manual
Start Name: LocalSystem
Description: Oracleorahome811TNSListener...
Service Type: Own Process
Path: c:\oracle81\bin\tnslsnr
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 27
Service Name: OracleServiceZMJUXY
Display Name: OracleServiceZMJUXY
Start Mode: Manual
Start Name: LocalSystem
Description: OracleServiceZMJUXY...
Service Type: Own Process
Path: c:\oracle81\bin\oracle.exe zmjuxy
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 28
Service Name: OracleSNMPPeerEncapsulator
Display Name: OracleSNMPPeerEncapsulator
Start Mode: Manual
Start Name: LocalSystem
Description: OracleSNMPPeerEncapsulator...
Service Type: Own Process
Path: c:\oracle81\bin\encsvc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 29
Service Name: OracleSNMPPeerMasterAgent
Display Name: OracleSNMPPeerMasterAgent
Start Mode: Manual
Start Name: LocalSystem
Description: OracleSNMPPeerMasterAgent...
Service Type: Own Process
Path: c:\oracle81\bin\agntsvc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 30
Service Name: RP32Service
Display Name: Remotely Possible/32
Start Mode: Manual
Start Name: LocalSystem
Description: Remotely ...
Service Type: Own Process
Path: c:\program files\avalan\remotely possible\rp32serv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False
Unknown Service # 31
Service Name: vwd
Display Name: Warehouse agent daemon
Start Mode: Auto
Start Name: LocalSystem
Description: Warehouse agent ...
Service Type: Own Process
Path: "c:\sqllib\bin\vwd.exe"
State: Running
Process ID: 952
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 32
Service Name: vwkernel
Display Name: Warehouse server
Start Mode: Auto
Start Name: LocalSystem
Description: Warehouse ...
Service Type: Own Process
Path: "c:\sqllib\bin\iwh2serv.exe"
State: Running
Process ID: 1140
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True
Unknown Service # 33
Service Name: vwlogger
Display Name: Warehouse logger
Start Mode: Auto
Start Name: LocalSystem
Description: Warehouse ...
Service Type: Own Process
Path: "c:\sqllib\bin\iwh2log.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1067
Accept Pause: False
Accept Stop: False
---> End Service Listing <---
There are 91 Win32 services on this machine.
33 were unrecognized.
Script Execution Time: 1.574219 seconds.