Help with Hijackthis Log please

[leeviker]

We have cleaned a few pieces of malware off our webserver. However, we are experiencing some weird issues and I am afraid there is still somehting hidden in here. Here is the Hijackthis logfile. Would someone please let me know if something is of conceren in here? Thank you...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:15:08 AM, on 4/29/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\termsrv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Symantec\pcAnywhere\awhost32.exe

C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe

C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\System32\llssrv.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINNT\system32\mfevtps.exe

F:\Program Files\Microsoft Operations Manager 2005\MOMService.exe

C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe

C:\Program Files\Dell\SysMgt\RAC3\racsrvc.exe

C:\Program Files\Dell\SysMgt\RAC3\RACWinVNC.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe

C:\WINNT\system32\Dfssvc.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINNT\System32\msdtc.exe

C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\BacsTray.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\rootkit\Sysinternals\RootkitRevealer.exe

C:\WINNT\system32\mmc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [bacstray] BacsTray.exe

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKUS\S-1-5-21-436374069-1303643608-725345543-1005\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'ASPNET')

O4 - HKUS\S-1-5-21-436374069-1303643608-725345543-1017\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NetShowServices')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144775094750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171799478500

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emsed.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{355DDF29-1409-4179-B2B2-22D76E22ACBE}: NameServer = 12.191.238.49,12.191.238.7

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emsed.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emsed.com

O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe

O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe

O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mailing System - Unknown owner - C:\PROGRA~1\Windows Media Player\services.exe (file missing)

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe

O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe

O23 - Service: Remote Access Controller (RAC) Service (racsrvc) - Dell Computer Corporation - C:\Program Files\Dell\SysMgt\RAC3\racsrvc.exe

O23 - Service: RAC Win VNC (RACWinVNC) - Dell Computer Corporation - C:\Program Files\Dell\SysMgt\RAC3\RACWinVNC.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe

O23 - Service: UOMWMMZL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UOMWMMZL.exe

--

End of file - 7738 bytes