This topic is locked
Scan saved at 5:12:08 PM, on 6/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avsynmgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\ePOAgent\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VsStat.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Vshwin32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\Avconsol.exe
C:\PROGRA~1\COMMON~1\NETWOR~1\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\pctspk.exe
C:\ePOAgent\UpdaterUI.exe
C:\Cytyc\DataCyt2000\ElkSched.exe
C:\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\HPOFXM07.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Cytyc\DataCyt2000\Elk.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\dcass\LOCALS~1\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\intranet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cytyc Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://nahqproxys1:8088
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ElkSched] C:\Cytyc\DataCyt2000\ElkSched.exe -run
O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet K Series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http:\\intranet
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7447.5810300926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cytyc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A1025DF-A655-4251-A23B-7884F8FBB451}: Domain = CYTYC.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2D1FE5-2DC5-47CD-8710-3B432CC67B96}: Domain = CYTYC.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2D1FE5-2DC5-47CD-8710-3B432CC67B96}: NameServer = 172.22.4.11,172.22.4.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4223C05-360C-4180-AA83-900E5961930F}: Domain = cytyc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cytyc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cytyc.com
Sign In
Create Account
