Here is the log.
Some of the things need to stay because this computer is on a corporate network. I see a few things I removed that seemed to come back. Not sure if that was it. 1 think I did not do was do this in safemode, maybe I need to run killbox on a few files. please tell me what should be removed here. Thanks
Logfile of HijackThis v1.99.1
Scan saved at 10:50:56 AM, on 10/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe ( I think we need to keep this.)
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\UMCSTUB.EXE
C:\WINNT\System32\Ati2evxx.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe ( Needs to stay.)
C:\WINNT\etlisrv.exe
C:\SYSMGT\TNGEAV\InoRpc.exe ( Needs to stay.)
C:\SYSMGT\TNGEAV\InoRT.exe ( Needs to stay.)
C:\SYSMGT\TNGEAV\InoTask.exe( Needs to stay.)
C:\WINNT\LogWatNT.exe
C:\SYSMGT\TNGRCO\RCManClient.exe ( Needs to stay.)
C:\SYSMGT\TNGRCO\RCOService.exe ( Needs to stay.)
C:\SYSMGT\TNGRCO\rp32u.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
C:\PROGRA~1\SMART\SMARTA~1\SMARTA~1.EXE ( Needs to stay.)
C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE ( Needs to stay.)
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\rsvp.exe
D:\Documents and Settings\zemetisjc\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myotis.utc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft....5&plcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = utc.com;<local>
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\SxpInst\sxplog32.exe
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINNT\system32\ATPART~1.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Net_Drives] "C:\Program Files\Cisco Systems\VPN Client\UTC_Profiles\Net_Drives.exe" shell ( Needs to stay.)
O4 - HKLM\..\Run: [UTC Firewall Control] "C:\Program Files\Cisco Systems\VPN Client\UTC_Profiles\UTC Firewall Control.exe" ( Needs to stay.)
O4 - HKLM\..\Run: [Realtime Monitor] C:\SYSMGT\TNGEAV\realmon.exe -s ( Needs to stay.)
O4 - HKLM\..\Run: [E4E7EAF0E8EDEFEFE] 9B9EA1A79FA4A6A.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydelet...2.php?KBID=1062 (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} - http://activex.micro...jects/ocget.dll
O16 - DPF: {6BD4FB43-470E-11D2-B99D-00104B02C956} (AtDownloadIE Class) - http://www.webex.com...ex/atbootie.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://webworkshop.f...aDownloader.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll