Logfile of HijackThis v1.99.1
Scan saved at 9:23:39 PM, on 5/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\smss.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\services.exe
M:\WINNT\system32\lsass.exe
M:\WINNT\System32\termsrv.exe
M:\WINNT\system32\svchost.exe
M:\WINNT\system32\spoolsv.exe
M:\WINNT\System32\msdtc.exe
M:\PROGRA~1\NAV\DefWatch.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\System32\cba\pds.exe
M:\WINNT\System32\llssrv.exe
M:\WINNT\system32\regsvc.exe
M:\WINNT\system32\MSTask.exe
M:\PROGRA~1\NAV\Rtvscan.exe
M:\WINNT\System32\WBEM\WinMgmt.exe
M:\WINNT\system32\svchost.exe
M:\WINNT\system32\Dfssvc.exe
M:\WINNT\System32\encsvc.exe
M:\WINNT\System32\Citrix\IMA\imasrv.exe
M:\WINNT\system32\mfcom.exe
M:\WINNT\System32\cdmsvc.exe
M:\WINNT\System32\ctxxmlss.exe
M:\WINNT\System32\SCardSvr.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\system32\logon.scr
M:\WINNT\system32\winlogon.exe
M:\WINNT\System32\svchost.exe
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\inetsrv\inetinfo.exe
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\ops\EXE\MAINNG.EXE
M:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
M:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
M:\Program Files\Microsoft Office\Office\WINWORD.EXE
M:\WINNT\system32\winlogon.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
M:\WINNT\System32\ssflwbox.scr
M:\WINNT\system32\winlogon.exe
M:\ops\EXE\MAINNG.EXE
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\system32\wfshell.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\winlogon.exe
M:\WINNT\system32\rdpclip.exe
M:\Program Files\Citrix\ICA Client\ssonsvr.exe
M:\WINNT\Explorer.EXE
M:\Program Files\QuickTime\qttask.exe
M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
M:\WINNT\system32\icabar.exe
M:\Program Files\Microsoft AntiSpyware\gcasServ.exe
M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
M:\Program Files\WinZip\WZQKPICK.EXE
M:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Downloads\SRC\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = M:\WINNT\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = M:\WINNT\system32\blank.htm
R3 - URLSearchHook: (no name) - {4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
F2 - REG:system.ini: UserInit=M:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - M:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - M:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "M:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgrWired] M:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [vptray] M:\PROGRA~1\NAV\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "M:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] M:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = M:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = M:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = M:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = M:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - M:\Documents and Settings\Administrator.OANDP\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - M:\Documents and Settings\Administrator.OANDP\WINDOWS\web\related.htm (file missing)
O10 - Broken Internet access because of LSP provider 'm:\documents and settings\administrator.oandp\windows\system32\rnr20.dll' missing
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O17 - HKLM\System\CCS\Services\Tcpip\..\{F25E369D-B80A-4361-A361-E96BEA139F47}: NameServer = 192.168.0.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = OandP.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADA69C5-9E11-4648-A6F9-48720076F350}: NameServer = 192.168.0.120
O20 - AppInit_DLLs: mfaphook.dll
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O20 - Winlogon Notify: NavLogon - M:\WINNT\system32\NavLogon.dll
O23 - Service: Alerter - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Application Management (AppMgmt) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Client Network (CdmService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: Citrix WMI Service (CitrixWMIService) - Citrix Systems, Inc. - M:\WINNT\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: Citrix XML Service (CtxHttp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - M:\PROGRA~1\NAV\DefWatch.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Encryption Service - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\encsvc.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax Service (Fax) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\faxsvc.exe (file missing)
O23 - Service: Independent Management Architecture (IMAService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\Citrix\IMA\imasrv.exe (file missing)
O23 - Service: Intel PDS - Intel® Corporation - M:\WINNT\System32\cba\pds.exe
O23 - Service: Server (lanmanserver) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Workstation (lanmanworkstation) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: License Logging Service (LicenseService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Messenger - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: MetaFrame COM Server (MFCom) - Citrix Systems, Inc. - M:\WINNT\system32\mfcom.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - M:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: File Replication (NtFrs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - M:\Documents.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\MSTask.exe (file missing)
O23 - Service: RunAs Service (seclogon) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - M:\PROGRA~1\NAV\Rtvscan.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: Telnet (TlntSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\services.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\UtilMan.exe (file missing)
O23 - Service: Windows Time (W32Time) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\services.exe (file missing)
O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\WBEM\WinMgmt.exe (file missing)
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\Services.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - M:\Documents and Settings\Administrator.OANDP\WINDOWS\System32\svchost.exe (file missing)
Thanks in advance for all your assistance.