Hijack this log

[cgiul]

Hello. I am running a Windows 2000 Server (sp 4). Right now, when I try to open Regedit or Task Manager, it opens and then shuts immediately. Here is my Hijackthis log. Any help is greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 8:56:09 AM, on 3/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
E:\dev\users\BARRY\HijackThis.exe

O1 - Hosts: 128.122.147.148 dais_01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\System32\hpnra.exe
O4 - HKLM\..\Run: [WinVNC] "e:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Nod32 Free antivirus] nod32krn.exe
O4 - HKLM\..\RunServices: [Nod32 Free antivirus] nod32krn.exe
O4 - HKCU\..\Run: [Nod32 Free antivirus] nod32krn.exe
O4 - HKCU\..\RunServices: [Nod32 Free antivirus] nod32krn.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = E:\imonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .NPSSView: C:\Program Files\Common Files\Crystal Decisions\2.0\crystalreportviewers\activeXViewer\\NPssView.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://pat.webex.com/client/latest/support/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dev.med.nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B1E527-F1D7-42C2-84F1-194C48824EF2}: Domain = med.nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9B1E527-F1D7-42C2-84F1-194C48824EF2}: NameServer = 10.134.9.7,10.134.252.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dev.med.nyu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dev.med.nyu.edu
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: ARCserve Database Engine (ASDBEngine) - Unknown owner - E:\Program Files\ComputerAssociates\ARCserve\DBENG.exe
O23 - Service: ARCserve Discovery Service (ASDiscoverySvc) - Computer Associates - C:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe
O23 - Service: ARCserve Job Engine (ASJobEngine) - Unknown owner - E:\Program Files\ComputerAssociates\ARCserve\jobeng.exe
O23 - Service: ARCserve Message Engine (ASMsgEngine) - Unknown owner - E:\Program Files\ComputerAssociates\ARCserve\msgeng.exe
O23 - Service: ARCserve Tape Engine (ASTapeEngine) - Unknown owner - E:\Program Files\ComputerAssociates\ARCserve\tapeeng.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2plxx.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - e:\cachemgr.exe
O23 - Service: Crystal Cache Server (CacheServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe" -service -name DEVPUB.cacheserver -cache -nops -deleteCache -ns DEVPUB -restart (file missing)
O23 - Service: Cheyenne Alert Notification Server - Cheyenne Division Of Computer Associates International, Inc. - E:\Program Files\ComputerAssociates\ARCserve\Alert\ALERT.exe
O23 - Service: Crystal APS (CrystalAPS) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe" -service -name DEVPUB.aps -restart -threads 50 (file missing)
O23 - Service: Crystal Event Server (CrystalEventServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe" -service -name DEVPUB.eventserver -ns DEVPUB -restart (file missing)
O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe" -service -name Input -ns DEVPUB -restart (file missing)
O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe" -service -name Output -ns DEVPUB -restart (file missing)
O23 - Service: Crystal Report Application Server (CrystalReportApplicationServer) - Unknown owner - C:\Program Files\Common Files\Crystal Decisions\2.0\bin\querysrv.exe" -service -name DEVPUB.RAS -ns DEVPUB (file missing)
O23 - Service: Crystal Report Job Server (JobServer_Report) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe" -service -name DEVPUB.report -ns DEVPUB -objectType CrystalEnterprise.Report -lib procReport -restart (file missing)
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Crystal Page Server (pageserver) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe" -service -name DEVPUB.pageserver -ns DEVPUB -restart -maxDBResultRecords 0 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
O23 - Service: Crystal Web Component Server (WebCompServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe" -service -name DEVPUB.WCS -ns DEVPUB -restart (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - e:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

 

[Osiris]

Remove entries at your own risk


O1 - Hosts: 128.122.147.148 dais_01 Unknown entries within the HOSTS-file should be fixed.

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
Nasty This entry is possibly nasty. Should be fixed.

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://pat.webex.com/client/latest/support/ieatgpc.cab Should be fixed.

O23 - Service: Crystal Web Component Server (WebCompServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe" -service -name DEVPUB.WCS -ns DEVPUB -restart (file missing)
Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (WebCompServer.exe" -service -name DEVPUB.WCS -ns DEVPUB -restart (file missing))

Unnecessary (deactivated) entry that can be fixed.
O23 - Service: VNC Server (winvnc) - Unknown owner - e:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

 

[Osiris]

Remove entries at your own risk


O1 - Hosts: 128.122.147.148 dais_01 Unknown entries within the HOSTS-file should be fixed.

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
Nasty This entry is possibly nasty. Should be fixed.

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://pat.webex.com/client/latest/support/ieatgpc.cab Should be fixed.

O23 - Service: Crystal Web Component Server (WebCompServer) - Unknown owner - E:\Program Files\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe" -service -name DEVPUB.WCS -ns DEVPUB -restart (file missing)
Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (WebCompServer.exe" -service -name DEVPUB.WCS -ns DEVPUB -restart (file missing))

Unnecessary (deactivated) entry that can be fixed.
O23 - Service: VNC Server (winvnc) - Unknown owner - e:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)