Scan saved at 12:40:55 AM, on 12/8/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
T:\WTSRV\System32\smss.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\system32\services.exe
T:\WTSRV\system32\lsass.exe
T:\WTSRV\system32\spoolss.exe
T:\WTSRV\system32\RpcSs.exe
T:\WTSRV\System32\msdtc.exe
T:\WTSRV\System32\cdmsvc.exe
T:\WTSRV\System32\ctxxmlss.exe
T:\Program Files\Executive Software\DiskeeperServer\DKService.exe
T:\WTSRV\System32\encsvc.exe
T:\WTSRV\System32\esserver.exe
T:\WTSRV\System32\router.exe
T:\WTSRV\System32\llssrv.exe
T:\MSSQL7\binn\sqlservr.exe
T:\WTSRV\System32\pstores.exe
T:\Program Files\Protector Plus\PPAVMon.exe
T:\Program Files\Protector Plus\PPServ.exe
T:\WTSRV\System32\LOCATOR.EXE
T:\WTSRV\system32\MSTask.exe
T:\WTSRV\System32\SENS.EXE
T:\WTSRV\system32\tcpsvcs.exe
T:\WTSRV\System32\termsrv.exe
T:\WTSRV\System32\ibrowser.exe
T:\WTSRV\system32\pnsvc.exe
T:\MSSQL7\binn\sqlagent.exe
T:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
T:\WTSRV\Explorer.exe
T:\WTSRV\System32\SysTray.Exe
T:\WTSRV\System32\icabar.exe
U:\Program Files\Winamp\Winampa.exe
T:\WTSRV\System32\atiptaxx.exe
T:\PROGRA~1\PROTEC~1\PPTbc.EXE
T:\PROGRA~1\PROTEC~1\PPInupdt.exe
T:\WTSRV\System32\HPJETDSC.EXE
U:\Program Files\Microsoft Office\Office\OSA.EXE
T:\MSSQL7\Binn\sqlmangr.exe
T:\WTSRV\system32\tapisrv.exe
T:\WTSRV\system32\rasman.exe
T:\WTSRV\System32\ddhelp.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\system32\winlogon.exe
T:\WTSRV\System32\taskmgr.exe
T:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
T:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
T:\WTSRV\system32\rundll32.exe
R:\Admin2\SpywareScanner\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webcoolsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://martfinder.com/dpindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192
F2 - REG:system.ini: UserInit=T:\WTSRV\System32\userinit.exe,T:\WTSRV\System32\svcpack.exe
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - T:\WTSRV\bi.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - U:\PROGRA~1\CLEARS~1.TJF\IE_ClrSch.DLL
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - T:\Program Files\Network Essentials\v11\NE.DLL (file missing)
O2 - BHO: IEBho Class - {D8E25C53-9508-4f5c-9249-D98D438891D5} - T:\WTSRV\System32\ssurf022.dll (file missing)
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - T:\WTSRV\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [WinampAgent] "U:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Win Server Updt] rem T:\WTSRV\Profiles\tjf\Windows\wupdt.exe
O4 - HKLM\..\Run: [PP2000 Taskbar Control] T:\PROGRA~1\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] T:\PROGRA~1\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [ISUSPM Startup] T:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "T:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - Global Startup: Microsoft Office.lnk = U:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = U:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = T:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: Web Savings - file://T:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - T:\WTSRV\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - T:\WTSRV\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - T:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - T:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - T:\WTSRV\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - T:\WTSRV\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - T:\WTSRV\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - T:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - T:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: T:\PROGRA~1\Plus!\MICROS~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.iesweb.co.../va51/setup.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O20 - AppInit_DLLs: msconfd.dll