Logfile of HijackThis v1.99.1
Scan saved at 1:29:39 PM, on 08/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Marimba\CASTAN~1\Tuner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Cobian Backup 4\CobBU.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Cobian Backup 4\cobui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Utils\printkey.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\tbps.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\system32\logon.scr
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50038
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.verizon.com/home.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.verizon.com/home.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.verizon.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eweb.verizon.com/home.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.ver...gi-bin/getproxy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O1 - Hosts: 144.70.99.20 ftwixos sapfwp02 # IXOS DB Server - Prod
O1 - Hosts: 144.70.99.8 saftw1sp0 # SSP 0 - Starfire1
O1 - Hosts: 144.70.99.10 saftw2sp0 # SSP 0 - Starfire2
O1 - Hosts: 144.70.99.12 saftw3sp0 # SSP 0 - Starfire3
O1 - Hosts: 144.70.99.27 saftw4sp0 # SSP 0 - Starfire4
O1 - Hosts: 144.70.99.28 saftw5sp0 # SSP 0 – Starfire5
O1 - Hosts: 144.70.99.13 saftw6sp0 # SSP 0 - Starfire6
O1 - Hosts: 144.70.99.68 saftw7sp0 # SSP 0 - Starfire7
O1 - Hosts: 144.70.99.94 saftwadm # FTW E250 Admin Server
O1 - Hosts: 144.70.99.21 saftwccs # CCS NT Box
O1 - Hosts: 144.70.99.230 saftwemc1 # EMC Connectrix
O1 - Hosts: 144.70.99.1 saftwi01 # GTE DB/App Server
O1 - Hosts: 144.70.99.2 saftwi02 # LAW DB Server - Prod
O1 - Hosts: 144.70.99.3 saftwi03 # P01 App Server
O1 - Hosts: 144.70.99.4 saftwi04 # P01 App Server
O1 - Hosts: 144.70.99.5 saftwi05 # P01 App Server
O1 - Hosts: 144.70.99.6 saftwi06 # P01 App Server
O1 - Hosts: 144.70.99.7 saftwi07 #
O1 - Hosts: 144.70.99.14 saftwi08 # P07 DB Server
O1 - Hosts: 144.70.99.15 saftwi09 # P02 DB Server
O1 - Hosts: 144.70.99.16 saftwi10 # P02 App Server
O1 - Hosts: 144.70.99.17 saftwi11 # P02 App Server
O1 - Hosts: 144.70.99.18 saftwi12 #
O1 - Hosts: 144.70.99.19 saftwi13 #
O1 - Hosts: 144.70.99.22 saftwi14 # P00 DB/App Server
O1 - Hosts: 144.70.99.23 saftwi15 #
O1 - Hosts: 144.70.99.24 saftwi16 # P04 DB Server
O1 - Hosts: 144.70.99.25 saftwi17 # P04 App Server
O1 - Hosts: 144.70.99.30 saftwi30 # Printserver
O1 - Hosts: 144.70.99.32 saftwi32 # P05 DB Server
O1 - Hosts: 144.70.99.33 saftwi33 # P05 App Server
O1 - Hosts: 144.70.99.34 saftwi34 # P07 App Server
O1 - Hosts: 144.70.99.35 saftwi35 #
O1 - Hosts: 144.70.99.36 saftwi36 #
O1 - Hosts: 144.70.99.40 saftwi40 # P02 App Server
O1 - Hosts: 144.70.99.41 saftwi41 # P02 App Server
O1 - Hosts: 144.70.99.42 saftwi42 # P02 App Server
O1 - Hosts: 144.70.99.43 saftwi43 # P02 App Server
O1 - Hosts: 144.70.99.44 saftwi44 # P02 App Server
O1 - Hosts: 144.70.99.45 saftwi45 # P02 App Server
O1 - Hosts: 144.70.99.46 saftwi46 # T01 App Server
O1 - Hosts: 144.70.99.47 saftwi47 # T01 DB Server
O1 - Hosts: 144.70.99.48 saftwi48 # T01 App Server
O1 - Hosts: 138.83.131.36 saftwi50 # P06 DB/App Server
O1 - Hosts: 144.70.99.51 saftwi51 #
O1 - Hosts: 138.83.131.38 saftwi52 # P08 DB/App Server
O1 - Hosts: 144.70.99.53 saftwi53 # P01 DB Server
O1 - Hosts: 144.70.99.55 saftwi55 #
O1 - Hosts: 144.70.99.60 saftwi60 # Vframe DB Server
O1 - Hosts: 144.70.99.61 saftwi61 # Vframe ESSBASE Server
O1 - Hosts: 144.70.99.62 saftwi62 # Vframe Web Server
O1 - Hosts: 144.70.99.63 saftwi63 # Vframe Web Server
O1 - Hosts: 138.83.138.43 saftwi66 # WebSphere Server
O1 - Hosts: 138.83.138.44 saftwi67 # WebSphere Server
O1 - Hosts: 138.83.138.45 saftwi69 # WebSphere Server
O1 - Hosts: 138.83.138.46 saftwi70 # WebSphere Server
O1 - Hosts: 138.83.138.49 saftwi73 # WebSphere Server
O1 - Hosts: 138.83.138.50 saftwi74 # WebSphere Server
O1 - Hosts: 138.83.138.51 saftwi75 # WebSphere Server
O1 - Hosts: 138.83.138.52 saftwi76 # WebSphere Server
O1 - Hosts: 138.83.138.54 saftwi79 uatldap1 # WUA/SSO UAT Server
O1 - Hosts: 138.83.138.55 saftwi80 uatldap2 # WUA/SS0 UAT Server
O1 - Hosts: 138.83.138.56 saftwi81 uatlogin1 #
O1 - Hosts: 138.83.138.57 saftwi82 uatlogin2 #
O1 - Hosts: 138.83.131.30 saftwi86 # Vframe Server
O1 - Hosts: 138.83.131.31 saftwi87 # Vframe Server
O1 - Hosts: 138.83.131.32 saftwi88 # Vframe Server
O1 - Hosts: 144.70.99.50 saftwm50 # saftwi50 Maint Interface
O1 - Hosts: 144.70.99.52 saftwm52 # saftwi52 Maint Interface
O1 - Hosts: 144.70.99.66 saftwm66 # saftwi66 Maint Interface
O1 - Hosts: 144.70.99.67 saftwm67 # saftwi67 Maint Interface
O1 - Hosts: 144.70.99.69 saftwm69 # saftwi69 Maint Interface
O1 - Hosts: 144.70.99.70 saftwm70 # saftwi79 Maint Interface
O1 - Hosts: 144.70.99.73 saftwm73 # saftwi72 Maint Interface
O1 - Hosts: 144.70.99.74 saftwm74 # saftwi74 Maint Interface
O1 - Hosts: 144.70.99.75 saftwm75 # saftwi75 Maint Interface
O1 - Hosts: 144.70.99.76 saftwm76 # saftwi76 Maint Interface
O1 - Hosts: 144.70.99.79 saftwm79 # saftwi79 Maint Interface
O1 - Hosts: 144.70.99.80 saftwm80 # saftwi80 Maint Interface
O1 - Hosts: 144.70.99.81 saftwm81 # saftwi81 Maint Interface
O1 - Hosts: 144.70.99.82 saftwm82 # saftwi82 Maint Interface
O1 - Hosts: 144.70.99.86 saftwm86 # saftwi86 Maint Interface
O1 - Hosts: 144.70.99.87 saftwm87 # saftwi87 Maint Interface
O1 - Hosts: 144.70.99.88 saftwm88 # saftwi88 Maint Interface
O1 - Hosts: 144.70.99.120 saftwsf1 # Sunfire1 - Main SC Interface
O1 - Hosts: 144.70.99.107 saftwsf1-sc0 # Sunfire1 Service Controller 0
O1 - Hosts: 144.70.99.108 saftwsf1-sc1 # Sunfire1 Service Controller 1
O1 - Hosts: 144.70.99.121 saftwsf2 # Sunfire2 - Main SC Interface
O1 - Hosts: 144.70.99.109 saftwsf2-sc0 # Sunfire2 Service Controller 0
O1 - Hosts: 144.70.99.110 saftwsf2-sc1 # Sunfire2 Service Controller 1
O1 - Hosts: 144.70.99.122 saftwsf3 # Sunfire3 - Main SC Interface
O1 - Hosts: 144.70.99.111 saftwsf3-sc0 # Sunfire3 Service Controller 0
O1 - Hosts: 144.70.99.112 saftwsf3-sc1 # Sunfire3 Service Controller 1
O1 - Hosts: 144.70.99.119 saftwsf4 # Sunfire4 - Main SC Interface
O1 - Hosts: 144.70.99.113 saftwsf4-sc0 # Sunfire4 Service Controller 0
O1 - Hosts: 144.70.99.114 saftwsf4-sc1 # Sunfire4 Service Controller 1
O1 - Hosts: 144.70.99.124 saftwsf5 # Sunfire5 - Future
O1 - Hosts: 144.70.99.117 saftwsun #
O1 - Hosts: 144.70.99.115 saftwterm # Terminal Controller Interface
O1 - Hosts: 144.70.99.229 safwd01 # EDMS Failover Interface
O1 - Hosts: 138.83.138.90 safwdf01 # Netgen Server/ EDMS Server
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Cobian BackUp 4.0] "C:\Cobian Backup 4\CobBU.exe"
O4 - HKLM\..\Run: [*wavevga] C:\WINDOWS\msagent\chars\wavevga.exe
O4 - HKLM\..\Run: [*fontdos] C:\WINDOWS\Cursors\fontdos.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Shortcut to printkey.exe.lnk = C:\Utils\printkey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: SmartShopper - Compare product prices - {679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {9E4DF170-217F-4658-A11F-590664542B73} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://eweb.verizon.com/home.shtml
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.clicktrac...info/ctadl1.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://webclass1.ver...aDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://verizon.webe...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us1.ent.verizon.com
O17 - HKLM\Software\..\Telephony: DomainName = us1.ent.verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us1.ent.verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\Marimba\CASTAN~1\Tuner.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe