This topic is locked
Here is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:17:25 PM, on 10/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\ibmpmsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Intel\WiFi\bin\S24EvMon.exe
F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Lenovo\TrackPoint\tp4serv.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\system32\igfxsrvc.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
F:\WINDOWS\system32\TpShocks.exe
F:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
F:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
F:\Program Files\Lenovo\Client Security Solution\cssauth.exe
F:\Program Files\Lenovo\Zoom\TpScrex.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
F:\Program Files\Alwil Software\Avast5\avastUI.exe
F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
F:\Program Files\Google\Google Talk\googletalk.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE
F:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
F:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
F:\Program Files\WebEx\Productivity Tools\ptSrv.exe
F:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
F:\WINDOWS\system32\acs.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
F:\Program Files\Intel\WiFi\bin\EvtEng.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\IBM\Lotus\Notes\nsd.exe
F:\Program Files\IBM\Lotus\Notes\ntmulti.exe
F:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\TPHDEXLG.exe
F:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\Work\Misc\HijackThis\HijackThis.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - F:\WINDOWS\system32\dwabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - F:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - F:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - F:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [TrackPointSrv] F:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "F:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] F:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] F:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [cssauth] "F:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] F:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Applns\AcrobatReader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "F:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [EEventManager] F:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "F:\WINDOWS\TEMP\E_S15F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PTOneClick] F:\Program Files\WebEx\Productivity Tools\ptoneclk.exe /AutoRunning="2"
O4 - S-1-5-18 Startup: Epson all-in-one Registration.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson all-in-one Registration.lnk = ? (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - F:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.c...pport/acpir.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1242177189920
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1242168174531
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - https://mail1.ibsplc.com/dwa85W.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.na.black...ls/TOImport.cab
O16 - DPF: {DF809680-F721-41A4-9D5C-4E9F3EB05C4B} (CrossLinkLauncher Control) - https://webtopxtx3.b...inkLauncher.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail1.ibsplc.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ibsplc.webex...bex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{115C897D-F2A5-471F-B748-6F73CD8054A3}: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{8446FDF8-478F-41F9-8B38-166E0E0AD9A4}: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibsplc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibsplc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{115C897D-F2A5-471F-B748-6F73CD8054A3}: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ibsplc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{115C897D-F2A5-471F-B748-6F73CD8054A3}: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibsplc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - F:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - F:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - F:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - F:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lotus Notes Diagnostics - IBM - F:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - F:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: OracleDBConsoleRMGLMS - Oracle Corporation - C:\Applns\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Applns\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\Applns\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\Applns\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Applns\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\Applns\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\Applns\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\Applns\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\Applns\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\Applns\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceGLMS - Oracle Corporation - c:\applns\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceRMGLMS - Oracle Corporation - c:\applns\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - F:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - F:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Single_Server_0 - BEA Systems, Inc. - C:\Apps\GLMS\Weblogic81_SP5\weblogic81\server\bin\beasvc.exe
O23 - Service: Single_Ser_WLS_103 - BEA Systems, Inc. - C:\Apps\GLMS\WEBLOG~1.3\WLSERV~1.3\server\bin\beasvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - F:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - F:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - F:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O24 - Desktop Component 0: (no name) - file:///F:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
--
End of file - 15857 bytes
Sign In
Create Account
