Logfile of HijackThis v1.98.2 Scan saved at 8:59:07 AM, on 7/12/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\S24EvMon.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe c:\program files\airdefense\airdefense personal enterprise agent\airdefense.exe C:\WINNT\system32\basfipm.exe C:\WINNT\SYSTEM32\Brmfrmps.exe C:\WINNT\system32\BrmfRsmg.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\WINNT\system32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe C:\Lotus\Notes\ntmulti.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\RegSrvc.exe C:\WINNT\system32\ZCfgSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\1XConfig.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\Dell\QuickSet\QuickSet.exe C:\WINNT\system32\PRPCUI.exe C:\WINNT\system32\DSentry.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\WINNT\system32\internat.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe C:\WINNT\system32\svchost.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.0.50:8080 R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JRA\Application Data\Mozilla\Profiles\default\vltogvky.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JRA\Application Data\Mozilla\Profiles\default\vltogvky.slt\prefs.js) O1 - Hosts: 172.31.64.80 CIN00 # Cincinnati Notes server/Internal IP Address O1 - Hosts: 172.31.64.80 SVCMAIL # Short address for svcmail.svc-ag.com, used internally O1 - Hosts: 172.31.64.80 INFOCENTRAL # Short address for InfoCentral.itelligencegroup.com, used internally O1 - Hosts: 66.148.150.232 ITELL00 # US SAP Systems/External IP Address O1 - Hosts: 172.31.64.53 hobbes.svc-ag.com #Hobbes SAP System O1 - Hosts: 172.31.64.58 itell01 # itell01 SAP Server O1 - Hosts: 66.148.150.237 occsrv.svc-ag.com #occsrv Outsourcing Server O1 - Hosts: 204.79.199.2 sapserv4 # SAPSERV4 OSS/CSU SAP Systems O1 - Hosts: 147.204.2.15 sapserv1a.wdf.sap-ag.de O1 - Hosts: 147.204.2.16 sapserv2a.wdf.sap-ag.de O1 - Hosts: 194.76.45.2 cisco # CISCO 4000 Router O1 - Hosts: 194.76.45.4 consult O1 - Hosts: 194.76.45.211 florida # SUN Ultraserver O1 - Hosts: 194.76.45.212 texas # HP-NT-Server O1 - Hosts: 194.76.45.213 sylt # HP D210 O1 - Hosts: 194.76.45.80 IM001 # Notes-Server Bielefeld O1 - Hosts: 194.76.45.81 Bi00 # Main Notes-Server Bielefeld O1 - Hosts: 19.67.144.250 bt0250 O1 - Hosts: 149.238.245.202 utuscexch01 #Tuscaloosa exchange server and site server O1 - Hosts: 149.238.24.15 ubataexch01 #Batavia exchange server O1 - Hosts: 149.238.24.36 btvsapbw O1 - Hosts: 149.238.24.45 btvsapbwp O1 - Hosts: 19.67.144.60 btvird O1 - Hosts: 149.238.24.19 btv03 O1 - Hosts: 19.67.144.252 btv02 O1 - Hosts: 19.67.144.252 btv02.batavia.zf.com O1 - Hosts: 19.67.144.252 btv02.batavia.zf-group.com O1 - Hosts: 149.238.24.20 btv01 O1 - Hosts: 149.238.24.20 btv01.batavia.zf.com O1 - Hosts: 149.238.24.20 btv01.batavia.zf-group.com O1 - Hosts: 19.67.144.20 bt0001 O1 - Hosts: 19.67.144.20 bt0001.pto.ford.com O1 - Hosts: 19.67.144.21 bt0002 O1 - Hosts: 19.67.144.21 bt0002.pto.ford.com O1 - Hosts: 19.67.144.22 bt0003 O1 - Hosts: 19.67.144.22 bt0003.pto.ford.com O1 - Hosts: 19.67.144.102 btv00002 O1 - Hosts: 19.67.150.79 btvadp O1 - Hosts: 19.67.146.168 btvwww O1 - Hosts: 19.67.146.168 btvwww.pto.ford.com O1 - Hosts: 19.67.146.244 a05sp050 O1 - Hosts: 19.67.146.250 a05sp040 O1 - Hosts: 19.67.146.248 a05sp020 O1 - Hosts: 19.67.146.245 a05sp010 O1 - Hosts: 19.5.39.100 smtpna2 O1 - Hosts: 19.5.39.100 smtpna2.ford.com O1 - Hosts: 19.59.112.117 smtpna1 O1 - Hosts: 19.59.112.117 smtpna1.ford.com O1 - Hosts: 204.167.5.63 psw.fidelity.com O1 - Hosts: 19.1.28.20 www.tcs.ford.com #Proxy server for Ford network O1 - Hosts: 19.59.112.160 NA1FCM01 O1 - Hosts: 19.59.112.160 NA1FCM01.ford.com O1 - Hosts: 19.59.112.161 NA1FCM02 O1 - Hosts: 19.59.112.161 NA1FCM02.ford.com O1 - Hosts: 19.59.112.162 NA1FCM03 O1 - Hosts: 19.59.112.162 NA1FCM03.ford.com O1 - Hosts: 19.59.112.163 NA1FCM04 O1 - Hosts: 19.59.112.163 NA1FCM04.ford.com O1 - Hosts: 19.59.112.164 NA1FCM05 O1 - Hosts: 19.59.112.164 NA1FCM05.ford.com O1 - Hosts: 19.59.112.165 NA1FCM06 O1 - Hosts: 19.59.112.165 NA1FCM06.ford.com O1 - Hosts: 19.59.112.166 NA1FCM07 O1 - Hosts: 19.59.112.166 NA1FCM07.ford.com O1 - Hosts: 19.59.112.167 NA1FCM08 O1 - Hosts: 19.59.112.167 NA1FCM08.ford.com O1 - Hosts: 19.59.112.45 NA1FCM09 O1 - Hosts: 19.59.112.45 NA1FCM09.ford.com O1 - Hosts: 19.59.112.36 NA1FCM10 O1 - Hosts: 19.59.112.36 NA1FCM10.ford.com O1 - Hosts: 19.59.112.35 NA1FCM11 O1 - Hosts: 19.59.112.35 NA1FCM11.ford.com O1 - Hosts: 19.59.112.34 NA1FCM12 O1 - Hosts: 19.59.112.34 NA1FCM12.ford.com O1 - Hosts: 19.59.114.72 NA1FCM13 O1 - Hosts: 19.59.114.72 NA1FCM13.ford.com O1 - Hosts: 19.59.114.73 NA1FCM14 O1 - Hosts: 19.59.114.73 NA1FCM14.ford.com O1 - Hosts: 19.59.114.66 NA1FCM15 O1 - Hosts: 19.59.114.66 NA1FCM15.ford.com O1 - Hosts: 19.59.114.74 NA1FCM16 O1 - Hosts: 19.59.114.74 NA1FCM16.ford.com O1 - Hosts: 19.59.114.75 NA1FCM17 O1 - Hosts: 19.59.114.75 NA1FCM17.ford.com O1 - Hosts: 19.59.114.76 NA1FCM18 O1 - Hosts: 19.59.114.76 NA1FCM18.ford.com O1 - Hosts: 19.59.114.77 NA1FCM19 O1 - Hosts: 19.59.114.77 NA1FCM19.ford.com O1 - Hosts: 19.59.114.122 NA1FCM20 O1 - Hosts: 19.59.114.122 NA1FCM20.ford.com O1 - Hosts: 19.59.114.121 NA1FCM21 O1 - Hosts: 19.59.114.121 NA1FCM21.ford.com O1 - Hosts: 19.59.114.123 NA1FCM22 O1 - Hosts: 19.59.114.123 NA1FCM22.ford.com O1 - Hosts: 19.59.112.187 NA1FCM23 O1 - Hosts: 19.59.112.187 NA1FCM23.ford.com O1 - Hosts: 19.59.112.188 NA1FCM24 O1 - Hosts: 19.59.112.188 NA1FCM24.ford.com O1 - Hosts: 19.5.39.98 NA1ECM01 O1 - Hosts: 19.5.39.98 NA1ECM01.ford.com O1 - Hosts: 19.5.39.95 NA1ECM02 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file) O2 - BHO: (no name) - {4EC40E6D-8AB1-0345-8C3A-39F2A6C5F89E} - (no file) O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: ADShell.lnk = C:\Program Files\AirDefense\AirDefense Personal Enterprise Agent\ADShell.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Brother SmartUI PopUp.lnk.disabled O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://notesmail.ibrat.com/iNotes.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://itelligence.webex.com/client/latest/webex/ieatgpc.cab