Scan saved at 1:57:46 PM, on 08/28/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PowerPanelPlus\upssrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\PowerPanelPlus\upsio.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
C:\WINDOWS\System32\llssrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
C:\WINDOWS\System32\sbscrexe.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Microsoft Windows Small Business Server\monitoring\WbLogSvc.exe
C:\WINDOWS\system32\Windows Media\Server\WMServer.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\NewTech Infosystems\NTI Backup NOW! 3\Schdlr32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Backup NOW! Scheduler] "D:\Program Files\NewTech Infosystems\NTI Backup NOW! 3\Schdlr32.exe" -s
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.co.../ra/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MiddlesexGlass.local
O17 - HKLM\Software\..\Telephony: DomainName = MiddlesexGlass.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CE24E77-94B6-43C8-94A2-4CF801971F61}: NameServer = 216.41.101.15,216.41.101.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFA9D670-A0C3-4060-ADAB-238EC026A1D6}: NameServer = 192.168.0.50,216.41.101.15,204.17.65.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MiddlesexGlass.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MiddlesexGlass.local
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GTS ComApp (ComAppService) - Unknown owner - E:\GTS\glaspacLX\Communications Applet\ComAppService.exe
O23 - Service: UPS Service (CyberPowerUPS) - Cyber Power Systems, Inc. - C:\PowerPanelPlus\upssrv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intuit Entitlement Service - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\Server\Intuit.EntitlementServerService.exe
O23 - Service: Intuit Master Builder Administrator Service - - C:\Program Files\Intuit\Intuit Master Builder\Administration\Server\MBAdminServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$SBSMONITORING - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe" -sSBSMONITORING (file missing)
O23 - Service: MSSQL$SHAREPOINT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe" -sSHAREPOINT (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - F:\PROGRA~1\Intuit\QUICKB~1.0\QBDBMgrN.exe
O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software, Inc. - C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
O23 - Service: SQLAgent$SBSMONITORING - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE" -i SBSMONITORING (file missing)
O23 - Service: SQLAgent$SHAREPOINT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE" -i SHAREPOINT (file missing)