Logfile of HijackThis v1.99.0
Scan saved at 10:17:53 AM, on 2/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINNT\system32\cusrvc.exe
C:\PROGRA~1\Navnt\DefWatch.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
C:\PROGRA~1\Navnt\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\vnxserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NWTRAY.EXE
C:\PROGRA~1\KPMGES~1\SMARTB~1\MotiveSB.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTX\MNMCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Content Download\731439\Program\Digital Distribution.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\Pvdcci.exe
C:\WINNT\system32\prutpct.exe
C:\WINNT\system32\prutpct.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\PHOTOED.EXE
D:\Documents and Settings\tbeadles\My Documents\HJTlogProgram\HijackThis.exe
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CABC] D:\Content Download\731439\Program\backWeb-731439.exe -startup
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [LiveUpdate Check] C:\Program Files\navnt\vpdn_lu.exe /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\KPMGES~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [MNM] "C:\Program Files\GlobeSoft\MultiNetwork Manager\\NTX\MNMCtrl" /h /d 20
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Digital Distribution] "D:\Content Download\731439\Program\Digital Distribution.exe" -startup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\Kodwtu.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\system32\Pvdcci.exe
O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx
O4 - HKCU\..\Run: [prutpct] C:\WINNT\system32\prutpct.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\netware\nwws2nds.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/F...n/RSFormsTV.cab
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} (CommonBridge Class) - http://gosystemrs.fa...OCX/comconv.cab
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/F...Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fa...STabbedList.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fa...CX/iftwclix.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {6D59A1DF-87FB-11D4-836D-00805F6FC463} - http://usisweb.us.kw...MS/SetupINF.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fa...Attachments.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fa...webnotifier.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fa.../Downloader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fa.../OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fa...OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fa.../OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/F...n/RSFormsDP.cab
O16 - DPF: {A4634896-2F55-4B94-BD2E-A2CF4F7B0146} - http://useomapp330/f...t/checklist.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fa...t2004/setup.exe
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fa...OCX/vsflex7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{765AEB1E-DD38-41B3-B3EA-49ACF0932E2B}: NameServer = 10.13.240.10,10.1.150.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9661F5-4429-4E89-870E-1B8A44D204EF}: NameServer = 10.13.240.10,10.1.150.7
O23 - Service: Altiris eXpress NS Client - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Client Update Service for Novell - Novell, Inc. - C:\WINNT\system32\cusrvc.exe
O23 - Service: CWShredder Service - Unknown - D:\Documents and Settings\tbeadles\Local Settings\Temporary Internet Files\Content.IE5\0LQ7052V\CWShredder[1].exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Navnt\Rtvscan.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Vsclient Service - Unknown - C:\WINNT\system32\vnxserv.exe