Logfile of HijackThis v1.99.1
Scan saved at 4:14:07 PM, on 1/23/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\Cache\explorer.exe
C:\PROGRA~1\POWERC~1\pcns.exe
C:\Program Files\jvm\bin\java.exe
C:\Program Files\Trend\Smex\InstMon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Trend\Smex\RMonitor.exe
C:\Program Files\Trend\Smex\RMonUI.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Trend\Smex\InstRTS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\Trend\Smex\SmexVS.exe
C:\Program Files\Trend\Smex\SMEXMA.exe
C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe
C:\Program Files\Trend\Smex\WebRoot\SmexHS.exe
c:\windows\system32\inetsrv\w3wp.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\inetsrv\w3wp.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
E:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jucheck.exe
C:\WINDOWS\regedit.exe
E:\Program Files\CA\eTrust Antivirus\InoRT.exe
E:\Program Files\CA\eTrust Antivirus\InoTask.exe
E:\Program Files\CA\eTrust Antivirus\InoRpc.exe
E:\Program Files\CA\eTrust Antivirus\InocIT.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\WINDOWS\explorer.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\CalHelper.exe
e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBConvert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RWSADM~1.HIG\LOCALS~1\Temp\3\Rar$EX00.547\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AuCaption] DSA OMSA Reminder
O4 - HKLM\..\Run: [AuFlag]
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [Realtime Monitor] E:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135879884671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = higoodwill.org
O17 - HKLM\Software\..\Telephony: DomainName = higoodwill.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{43E25F67-60B1-466E-B535-027804EC0554}: NameServer = 10.0.1.5,10.0.2.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = higoodwill.org
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: BlackBerry Attachment Service (BBAttachServer) - Unknown owner - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\AttachServer\BBAttachServer.exe" 1900 1999 3 32 (file missing)
O23 - Service: BlackBerry Controller - Research In Motion Limited - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryController.exe
O23 - Service: BlackBerry Dispatcher - Research In Motion Limited - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BlackBerryDispatcher.exe
O23 - Service: BlackBerry Mobile Data Service - Unknown owner - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\bin\bmds.exe" -s jvmpath="C:\Program Files\Java\j2re1.4.2_08\bin\client\jvm.dll" -XX:+DisableExplicitGC -Xss64K -Xmx256M -Xms96M -XX:NewSize=32M -XX:MaxNewSize=96M -XX:NewRatio=2 classpathdir="e:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\classpath\\" wrkdir="e:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\MAIL\\" webserverdir="e:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver\\" -log.console -rbes "MAIL (file missing)
O23 - Service: BlackBerry Policy Service - Research In Motion Limited - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\ITAdminServer.exe
O23 - Service: BlackBerry Router - Research In Motion Limited - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BypassRouter\BlackberryRouter.exe
O23 - Service: BlackBerry Alert (BlackBerry Server Alert) - Research In Motion Limited - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\BESAlert.exe
O23 - Service: BlackBerry Synchronization Service (BlackBerry SyncServer) - Unknown owner - e:\Program Files\Research In Motion\BlackBerry Enterprise Server\SyncServer\BlackBerrySyncServer.exe" -BES "MAIL (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DHCP Controller (dhcpcl) - Unknown owner - C:\WINDOWS\system32\dhcpcl.exe (file missing)
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Network Service (NETSVC) - Unknown owner - C:\WINDOWS\system32\wbem\netsvc.exe (file missing)
O23 - Service: PowerChute network shutdown (PowerChuteNetShut) - APC - C:\PROGRA~1\POWERC~1\pcns.exe
O23 - Service: ScanMail_MailAction - Trend Micro Inc. - C:\Program Files\Trend\Smex\SMEXMA.exe
O23 - Service: ScanMail_Monitor - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstMon.exe
O23 - Service: ScanMail_RealTimeScan - Trend Micro Inc. - C:\Program Files\Trend\Smex\InstRTS.exe
O23 - Service: ScanMail_Web - Trend Micro Inc. - C:\Program Files\Trend\Smex\WebRoot\InstWeb.exe