O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ActiveX] C:\zeee.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [cobmfze] c:\windows\system32\cobmfze.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vmmkvr.exe reg_run
Logfile of HijackThis v1.99.1
Scan saved at 8:46:27 AM, on 6/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\SQLLIB\BIN\db2systray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\cobmfze.exe
C:\WINDOWS\System32\accwiz.exe
C:\WINDOWS\System32\vmmkvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\IBM\Rational Portfolio Manager\RPMITray.exe
C:\Program Files\IBM\NotesBuddy\NotesBuddy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\AgentController\bin\RAService.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\SQLLIB\BIN\db2jds.exe
C:\SQLLIB\BIN\db2licd.exe
C:\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\SQLLIB\bin\db2dasstm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AT&T Network client\NetClient.exe
C:\notes\NLNOTES.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\merla\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks1.server.ibm.com:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O1 - Hosts: 149.131.199.228 ghcpds501 ghcpds501.usf.ibm.net
O1 - Hosts: 149.131.196.168 ghcpws502 ghcpws502.usf.ibm.net
O1 - Hosts: 149.131.196.169 ghcpws503 ghcpws503.usf.ibm.net
O1 - Hosts: 149.131.196.170 ghcpws504 ghcpws504.usf.ibm.net
O1 - Hosts: 149.131.199.229 ghcpds502 ghcpds502.usf.ibm.net
O1 - Hosts: 149.131.199.230 ghcpds503 ghcpds503.usf.ibm.net
O1 - Hosts: 149.131.199.231 ghcpds504 ghcpds504.usf.ibm.net
O1 - Hosts: 149.131.199.232 ghcpds505 ghcpds505.usf.ibm.net
O1 - Hosts: 149.131.199.233 ghcpds506 ghcpds506.usf.ibm.net
O1 - Hosts: 149.131.199.238 ghcpds509 ghcpds509.usf.ibm.net
O1 - Hosts: 149.131.199.234 ghcpds507 ghcpds507.usf.ibm.net
O1 - Hosts: 149.131.199.235 ghcpds508 ghcpds508.usf.ibm.net
O1 - Hosts: 149.131.199.241 ghcpds510 ghcpds510.usf.ibm.net
O1 - Hosts: 129.33.60.216 qa.www.ghp.georgia.gov
O1 - Hosts: 149.131.88.23 ghcpws001 ghcpws001.usf.ibm.net
O1 - Hosts: 149.131.88.24 ghcpws002 ghcpws002.usf.ibm.net
O1 - Hosts: 149.131.88.25 ghcpws003 ghcpws003.usf.ibm.net
O1 - Hosts: 149.131.88.26 ghcpws004 ghcpws004.usf.ibm.net
O1 - Hosts: 149.131.89.228 ghcpds001 ghcpds001.usf.ibm.net
O1 - Hosts: 149.131.89.229 ghcpds002 ghcpds002.usf.ibm.net
O1 - Hosts: 149.131.89.230 ghcpds003 ghcpds003.usf.ibm.net
O1 - Hosts: 149.131.89.231 ghcpds004 ghcpds004.usf.ibm.net
O1 - Hosts: 149.131.89.232 ghcpds005 ghcpds005.usf.ibm.net
O1 - Hosts: 149.131.89.233 ghcpds006 ghcpds006.usf.ibm.net
O1 - Hosts: 149.131.89.237 ghcpds009 ghcpds009.usf.ibm.net
O1 - Hosts: 149.131.89.239 ghcpds010 ghcpds010.usf.ibm.net
O1 - Hosts: 149.131.88.27 ghcpws005 ghcpws005.usf.ibm.net
O1 - Hosts: 149.131.89.241 ghcpds011 ghcpds011.usf.ibm.net
O1 - Hosts: 149.131.89.242 ghcpds012 ghcpds012.usf.ibm.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [db2systray.exe DB2] C:\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [ActiveX] C:\zeee.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\exp
O4 - HKLM\..\Run: [cobmfze] c:\windows\system32\cobmfze.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vmmkvr.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network client\NetSP.exe" -show
O4 - Startup: IBM NotesBuddy for Notes.lnk = C:\Program Files\IBM\NotesBuddy\NotesBuddy.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Rational Portfolio Manager Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: IBM EA2000 - https://w3-1.ibm.com...nses/EA2000.cab
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.co...gRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://extranet1.lotus.com/qp2.cab
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.co...STJNILoader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.c...er/IbmEgath.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bez.webex.co...bex/ieatgpc.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E0E4F3-44DC-456C-9496-DA55E0E347AA}: NameServer = 9.0.6.1,9.0.7.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\BPNeighborhood.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rational Agent Controller - ECLIPSE - C:\Program Files\IBM\AgentController\bin\RAService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thanks, Merla