Thanks,
Ira
Logfile of HijackThis v1.99.1
Scan saved at 2:48:21 AM, on 10/31/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\PackethSvc.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\System32\ati2evxx.exe
D:\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
D:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\HPConfig.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
D:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\spooler.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RexSvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ZONELABS\minilog.exe
C:\WINNT\Explorer.Exe
C:\WINNT\System32\Atiptaxx.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\RealPlayer\realplay.exe
D:\RealJukebox\tsystray.exe
D:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
D:\XIRCOM\REX6000\IntellisyncForRex\rexsymon.exe
D:\Microsoft\ActiveSync 3.7\WCESCOMM.EXE
D:\Microsoft Office\Office\OSA.EXE
D:\Compaq\11Mbps Wireless LAN\Config.exe
D:\QUICKENW\QWDLLS.EXE
D:\ZoneAlarm Pro\ZoneAlarm\zapro.exe
D:\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\America Online 6.0\aoltray.exe
D:\lotus\wordpro\ltsstart.exe
D:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=interlock:80;gopher=interlock:80;http=interlock:80;https=interlock:80;socks=interlock:80
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] D:\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] D:\RealJukebox\tsystray.exe
O4 - HKLM\..\Run: [EM_EXEC] D:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] D:\Symantec\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [RexSyMon] D:\XIRCOM\REX6000\IntellisyncForRex\rexsymon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft\ActiveSync 3.7\WCESCOMM.EXE"
O4 - Startup: America Online 6.0 Tray Icon.lnk = D:\America Online 6.0\aoltray.exe
O4 - Startup: Lotus QuickStart.lnk = D:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Office Startup.lnk = D:\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Configuration Utility.lnk = D:\Compaq\11Mbps Wireless LAN\Config.exe
O4 - Global Startup: RealDownload.lnk = D:\RealDownload\Realdownload.exe
O4 - Global Startup: MQSeries Task Bar.lnk = D:\MQSeries\bin\amqmtbrn.exe
O4 - Global Startup: Quicken Startup.lnk = D:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = D:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = D:\ZoneAlarm Pro\ZoneAlarm\zapro.exe
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = D:\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
O4 - Global Startup: VPN Client.lnk = D:\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\Microsoft\ActiveSync 3.7\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Sametime Meeting Room Client ST20H3 - http://www-125.ibm.c...gRoomClient.cab
O16 - DPF: {2B9D3FB5-44D9-4063-A0E4-AF3F3CB15555} (JNILoader Control) - http://www-125.ibm.c...STJNILoader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE782A3-35C1-49A5-98B1-AE6C70EEF2BD}: NameServer = 207.218.192.38,207.218.192.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{93CA36DF-E694-481A-A37A-08CD714B5B71}: NameServer = 207.218.192.38,207.218.192.39
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6E17A4-D552-4A70-81D6-5FDE2AB0006D}: NameServer = 207.218.192.38,207.218.192.39
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Symantec\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINNT\System32\HPConfig.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\minilog.exe
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - D:\MQSeries\bin\AMQSVC.EXE
O23 - Service: NICSer_WPC54 - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Symantec\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINNT\System32\PackethSvc.exe
O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINNT\System32\spooler.exe
O23 - Service: USB to Serial COM Port Messages (RexService) - Unknown owner - C:\WINNT\SYSTEM32\RexSvc.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe