Logfile of HijackThis v1.99.1
Scan saved at 12:05:40 PM, on 10/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
C:\Program Files\Sectra\IDS5\bin\workstation_service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\PspContr.Exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SARASOTA01:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17FD3A5B-17AD-4BC8-9D12-13BF7FED6E04} - c:\windows\system32\docobjl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {C6FE1D07-A7FD-4765-B458-8A4E21D282BE} - C:\WINDOWS\System32\DPNHUPNPh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/229?6b7b3884498742febe1574332b9a95de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB2.05.0001.1119\en-us\msntabres.dll/230?6b7b3884498742febe1574332b9a95de
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: http://www.cingular.com
O15 - Trusted Zone: *.emdat.com
O15 - Trusted Zone: *.medscript-inc.com
O15 - Trusted Zone: *.mytranscriptions.com
O15 - Trusted Zone: http://www.Search-Daily.com
O15 - Trusted Zone: http://smhrad.smh.com
O16 - DPF: MIW Deployment - https://63.236.210.6...s/MIWDeploy.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {15D73F88-277E-42EC-BE97-C64E1C6A18D9} - http://soasql1/centr...OPM04Client.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.meadroid....criptx/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1C085232-4C7B-432D-8C19-66F728090661} - http://soasql1/centr...ldClientSP4.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {297BE6C8-39C6-4850-94A4-22638FF39D12} - http://soasql1/centr.../McKesson04.cab
O16 - DPF: {29ACB77E-EBA7-4EE4-B33F-8BEAED9A7DBA} (ViewerLang Class) - http://10.0.0.6/IDS5.../lang/Setup.exe
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwkb.ops.pl...quicksilver.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/...stall/AxCtp.cab
O16 - DPF: {473372A0-AF4A-4B99-B346-A7327B718981} - http://soasql1/centr...Client711_2.cab
O16 - DPF: {4869BC42-91D5-433E-8557-F4285DCA0B6F} - http://soasql1/centr...ldClientSP3.cab
O16 - DPF: {49575356-0C7B-4D8C-9511-9E487F03C8B4} - http://soasql1/centr...ldClientSP1.cab
O16 - DPF: {53217E5A-C5C8-4AD4-BF4B-6D2AD53F4736} - http://appserver01/m...son/Default.cab
O16 - DPF: {56F398DA-5C59-44DD-92CB-8F9180123E45} - http://soasql1/mpm02...ent/Default.cab
O16 - DPF: {5C09FD7C-B414-43CE-8A41-EBBA80EB0FFC} - http://soasql1/centr.../McKesson04.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193099037303
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193689115706
O16 - DPF: {7B8F9A70-2B56-453C-A528-ACC5925B3F7F} - http://soasql1/centr...ent/Default.cab
O16 - DPF: {7C705EA9-3C3B-4F3A-B1AA-2184CDFAE4D0} (Viewer Class) - http://10.0.0.6/IDS5web/bin/Setup.exe
O16 - DPF: {7DD2AA0B-5B34-4F56-A53F-1C66C5AB5315} - http://appserver01/m...HF5/Default.cab
O16 - DPF: {A06C7CEB-0AA7-4A9E-A03B-B0D022387A8B} - http://soasql1/mpm02...P1ClientHF8.cab
O16 - DPF: {C10DA61A-2C38-49E8-8D69-FDD51B987ABE} (Lang Class) - http://soawi121vnrb1.../lang/Setup.exe
O16 - DPF: {C136EC6E-17B9-4B96-96BF-E7D1E04B2D18} (Workstation Class) - http://soawi121vnrb1...n/bin/Setup.exe
O16 - DPF: {C93C8624-4FC1-4BC4-9FC9-CAB94FF8208F} - http://soasql1/centr...dClientSP2a.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://gehciits.web...ort/ieatgpc.cab
O16 - DPF: {F50D79D6-7C87-4EDE-9CE5-32D7D724D109} - http://soasql1/centr...03ClientHF6.cab
O16 - DPF: {F839F0A1-4D68-472A-BBB8-08FA530581CF} (GEMSInstaller 7.0 object) - http://soasql1/centr...INSTaller70.dll
O16 - DPF: {FD729E98-407A-4BA1-8537-CDE63394221A} - http://appserver01/m...ill/Default.cab
O16 - DPF: {FFE64553-72B8-4026-B04B-19CF816B56ED} - http://soasql1/centr...03ClientHF7.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ortho.pvt
O17 - HKLM\Software\..\Telephony: DomainName = ortho.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ortho.pvt
O20 - Winlogon Notify: eexpeawi - C:\WINDOWS\SYSTEM32\docobjl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MMtask Engine (MMtaskEngine) - Unknown owner - C:\WINDOWS\System32\mmtask.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: SECTRA Viewer Update Service (viewer_service) - Unknown owner - C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
O23 - Service: SECTRA Workstation Update Service (workstation_service) - Unknown owner - C:\Program Files\Sectra\IDS5\bin\workstation_service.exe