Logfile of HijackThis v1.98.1
Scan saved at 09:51:12, on 28/04/2005
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\PCTI\MYSQL\bin\mysqld-nt.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Pwrchute\ups.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\exchsrvr\bin\mad.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
c:\winnt\system32\pstores.exe
C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\updsvc.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\exchsrvr\bin\events.exe
C:\EXCHSRVR\connect\msexcimc\bin\msexcimc.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVBdyScn.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\LOG_QT~1.EXE
C:\Program Files\McAfee\GroupShield Exchange\i386\AVMon32.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\loadwc.exe
E:\Applications\PCTI\DOCMAN7\Programs\DME7_Admin.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe
C:\WINNT\system32\EVENTVWR.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
C:\WINNT\Profiles\Administrator\Desktop\HijackThis.exe
C:\PROGRA~1\COMMON~1\MCAFEE\LOGAND~1\BIN\I386\DAO_LOG.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - Global Startup: Docman Auto Backup.lnk = PCTI\DOCMAN7\Programs\DME7_Admin.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gp-j83040.nhs.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.72.7.137 194.72.7.142