Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:01 PM, on 7/20/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\PROGRAM FILES\EASYSOFT\EASYSOFT JDBC-ODBC BRIDGE\SERVER\esjobserver.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Firebird\bin\fbguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\MYSQL\bin\mysqld-max.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PVSW\BIN\W3SQLMGR.EXE
C:\PVSW\BIN\NTBTRV.EXE
C:\PVSW\BIN\NTDBSMGR.EXE
C:\WINDOWS\system32\logon.exe
d:\program files\timberline office\shared\sage.servicehost.host.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE
C:\Program Files\SDIII\NTService.exe
C:\WINDOWS\system32\SD3Service.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTServiceMonitor.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Firebird\bin\fbserver.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTDistributedAccessServer.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTLicenseChecker.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTMaintenanceScheduler.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTDAS.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTRemotePDAServer.exe
D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTReportService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mightyfax\MFNTCTL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\ClientApps\CAC7\wlaunch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\System32\vssvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [http://search.msn.com/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Server Management.lnk = ?
O4 - Startup: WLaunch.lnk = CAC7\wlaunch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\Mightyfax\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SDIII\SuperoDoctor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - ESC Trusted Zone: http://mail.atl.cbeyond.com
O15 - ESC Trusted Zone: http://download.nvidia.com
O15 - ESC Trusted Zone: http://www.nvidia.com
O15 - ESC Trusted Zone: http://www.supermicro.com
O15 - ESC Trusted Zone: http://*.thedowneygroup.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4143CA74-3EC9-43A7-A418-9F0D7BAA8758} (SSnet_Client.pagLogin) - http://12.159.65.250/SSnet/SSnet_Client.CAB
O16 - DPF: {4BEF854E-6531-40D8-825E-5228A12861F3} (pwrUpl2 Class) - https://sagesoftware.thruinc.net/Components/PowerUpload.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161717067875
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://mail.crownga.com/Remote/msrdp.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B0893304-3FC5-11D6-A5F0-00D0B7104633} (WebCCTV3 Network Client Class) - http://10.0.0.220/WebCCTV/ActiveX/OPClient.cab
O16 - DPF: {F3C7C5EE-8BBA-4B6E-8147-3B315A41B85B} - http://www.linktivity.com/msjavx86.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = downey.local
O17 - HKLM\Software\..\Telephony: DomainName = downey.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB504783-7601-4470-9F10-17EAF9E0F43D}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = downey.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = downey.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = downey.local
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Easysoft JDBC-ODBC Bridge Server (EasysoftJDBCODBCBridge) - Unknown owner - C:\PROGRAM FILES\EASYSOFT\EASYSOFT JDBC-ODBC BRIDGE\SERVER\esjobserver.exe
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: MySql - Unknown owner - C:\MYSQL\bin\mysqld-max.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pervasive.SQL (relational) - Pervasive Software Inc. - C:\PVSW\BIN\W3SQLMGR.EXE
O23 - Service: Pervasive.SQL (transactional) - Unknown owner - C:\PVSW\BIN\NTBTRV.EXE
O23 - Service: Primary Logon (prilogon) - Unknown owner - C:\WINDOWS\system32\logon.exe
O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software, Inc. - d:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - d:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: Sentinel LM - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel LM Server\WinNT\lservnt.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe
O23 - Service: BuilderMT Distributed Access Server (svcBMTDistributedAccessServer) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTDistributedAccessServer.exe
O23 - Service: BuilderMT License Validation (svcBMTLicenseChecker) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTLicenseChecker.exe
O23 - Service: BuilderMT Maintenance Scheduler (svcBMTMaintenanceScheduler) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTMaintenanceScheduler.exe
O23 - Service: BuilderMT.NET Distributed Access Server (svcBMTNETDAS) - BuilderMT LLC - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTDAS.exe
O23 - Service: BuilderMT Remote PDA Server (svcBMTRemotePDAServer) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTRemotePDAServer.exe
O23 - Service: BuilderMT Reporting (svcBMTReporting) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTReportService.exe
O23 - Service: BuilderMT Service Monitor (svcBMTServiceMonitor) - Unknown owner - D:\PROGRAM FILES\TIMBERLINE OFFICE\BuilderMT\BuilderMT\PMWinstall\Services\BMTServiceMonitor.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SDIII\Xitami\xiwinnt.exe

--
End of file - 14758 bytes