Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • Please log in to reply
1 reply to this topic

#1 kenneth

kenneth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 20 April 2005 - 03:03 AM

Please help me to read the log

Logfile of HijackThis v1.99.1
Scan saved at 10:28:30 AM, on 19/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\ati2plxx.exe
C:\Program Files\Dell\OpenManage\ihv\CIO\IOMGR.EXE
C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Dell\OpenManage\ihv\CIO\PORTSERV.EXE
C:\Program Files\Dell\OpenManage\RAC\MN\racsrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCCM.EXE
C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCEV.EXE
C:\Program Files\Dell\OpenManage\ihv\CIO\CIONOTIFIER.EXE
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\Atiptaxx.exe
C:\WINNT\system32\BacsTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell\OpenManage\RAC\VNC\RACWinVNC.exe
A:\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [AuCaption] DSA OMSA Reminder
O4 - HKLM\..\Run: [AuFlag] 
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{685AEC55-28E1-474A-9F26-63E455B5BA3B}: NameServer = 202.85.128.33,202.85.128.32
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E59F483-885D-467A-96BF-564191236D63}: NameServer = 203.194.239.32,202.85.128.33,202.85.138.234
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2plxx.exe
O23 - Service: CIO Array Management Service 4.01 (CIOArrayManagement) - Adaptec, Inc. - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMGR.EXE
O23 - Service: CIOArrayManager RPC Command - Unknown owner - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCCM.EXE
O23 - Service: CIOArrayManager RPC Event - Unknown owner - C:\Program Files\Dell\OpenManage\ihv\CIO\IOMRPCEV.EXE
O23 - Service: CIO Event Notifier (CIOEventNotifier) - Unknown owner - C:\Program Files\Dell\OpenManage\ihv\CIO\CIONOTIFIER.EXE
O23 - Service: Dell OpenManage Server Agent Event Monitor (dcevt32) - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
O23 - Service: Dell OpenManage Server Agent (dcstor32) - Dell Computer Corporation. - C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: NobleNet Portmapper - Unknown owner - C:\Program Files\Dell\OpenManage\ihv\CIO\PORTSERV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Remote Access Controller (RAC) Service (RACSRVC) - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\RAC\MN\racsrvc.exe
O23 - Service: RAC VNC Service (racwinvnc) - Unknown owner - C:\Program Files\Dell\OpenManage\RAC\VNC\RACWinVNC.exe" -service (file missing)
O23 - Service: Server Administrator - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:15 AM

Posted 20 April 2005 - 09:46 PM

Hi kenneth. I don't see any issues in this log. It's clean.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users