lkretzBK
asked on
HiJackThis Log file assistance please
I have a laptop that has been having problems which I think are directly related to some kind of trojan or virus. Could you please look at the logfile and see if you find anything that might help me rid this problem. I was able to update IE to version 8 but today cannot go to windows update nor can I load the logfile to trendmicro as it's just nonfunctional.
Thanks!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:35 AM, on 6/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkServic e.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Intel\Wireless\Bin\E vtEng.exe
C:\Program Files\Intel\Wireless\Bin\S 24EvMon.ex e
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\DOCUME~1\RMILLS~1.BRO\L OCALS~1\Te mp\Tempora ry Directory 1 for AMMYY_Admin.zip\AMMYY_Admi n.exe
C:\Program Files\TOSHIBA\ConfigFree\C FSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\DOCUME~1\RMILLS~1.BRO\L OCALS~1\Te mp\Tempora ry Directory 1 for AMMYY_Admin.zip\AMMYY_Admi n.exe
C:\WINDOWS\system32\DVDRAM SV.exe
C:\Program Files\Java\jre6\bin\jqs.ex e
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Intel\Wireless\Bin\R egSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchos t.exe
c:\TOSHIBA\IVP\swupdate\sw updtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv .exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3 1.exe
C:\WINDOWS\system32\fxssvc .exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManage r.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\WINDOWS\System32\DLA\DL ACTRLW.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\wuaucl t.exe
C:\WINDOWS\system32\00THot key.exe
C:\Program Files\TOSHIBA\DualPointUti lity\TEDTr ay.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\thpsrv .exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBat tM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCt l.EXE
C:\Program Files\TOSHIBA\ConfigFree\N DSTray.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME .EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5. exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxtr ay.exe
C:\WINDOWS\system32\hkcmd. exe
C:\WINDOWS\system32\igfxpe rs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxex t.exe
C:\WINDOWS\system32\igfxsr vc.exe
C:\Program Files\Intel\Wireless\bin\Z CfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e
C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ScanSoft\OmniPageSE4 \OpwareSE4 .exe
C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
C:\Program Files\Intel\Wireless\Bin\D ot1XCfg.ex e
C:\Program Files\Java\jre6\bin\jusche d.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra y.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\TOSCDSPD\tos cdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapim gr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\system32\RAMASS T.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9 0988571CEC B} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\System32\DLA\DL ASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B 9E3AAC4465 B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.d ll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5 164760863C 6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\5 .4.4525.17 52\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-0 3dc2f38c34 f} - C:\Program Files\MSN\Toolbar\3.0.1125 .0\msneshe llx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-A B4C880C841 4} - C:\Program Files\MSN\Toolbar\3.0.1125 .0\msneshe llx.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL ACTRLW.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THot key.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti lity\TEDTr ay.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3 1.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt l.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger. exe /run
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr ay.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd. exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe rs.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\Z CfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MS KDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA L~1\UPDATE ~1\ISUSPM. exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update Service\is sch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd update.exe " -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4 \OpwareSE4 .exe"
O4 - HKLM\..\Run: [TOSUSBSvr] C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
O4 - HKLM\..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.Spee chExec.Sta rtupApp.ex e
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche d.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra y.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump rep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\tos cdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateMana ger.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe " /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.E XE
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS T.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\system32\Shdocv w.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5 8CAB36FD2A 2} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {21F49842-BFA9-11D2-A89C-0 0104B62BDD A} (ChartFX Internet Control) - http://powerkatalyst.jdpower.com/download/CfxIEAx.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A 6527660690 0} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {298BFFEE-662D-11D5-ADAF-0 0E0810232D 7} (lgbplay Class) - https://video.manheim.com/lib/LiveSound.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D 305C1750EF 3} (EPUImageControl Class) - http://www.carad.com/images/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D 6AABA6D385 0} (Microsoft RDP Client Control (redist)) - http://mail.brownkelly.com/tsweb/msrdp.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-0 0104B9AFF6 E} (GeacRevw Control) - http://buf.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7 CFF1B70F7F F} (TeamOn Import Object) - https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0 060082AA75 C} (GpcContainer Class) - https://binatech.webex.com/client/T26L/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = BrownKelly.local
O17 - HKLM\Software\..\Telephony : DomainName = BrownKelly.local
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = BrownKelly.local
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = BrownKelly.local
O18 - Filter hijack: text/html - {2e062ab0-5c35-41cc-a03b-3 d20cbed490 3} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~ 1\GOEC62~1 .DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS WINLO.dll
O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\DOCUME~1\RMILLS~1.BRO\L OCALS~1\Te mp\Tempora ry Directory 1 for AMMYY_Admin.zip\AMMYY_Admi n.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\C FSvcs.exe
O23 - Service: Crescendo File Transfer - Crescendo Systems Corporation - C:\Program Files\Crescendo\InstantUpd ate\CSCFil eTran.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkServic e.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAM SV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E vtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-1103 09-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex e
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU P~1\LUCOMS ~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R egSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S 24EvMon.ex e
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\sw updtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv .exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3 1.exe
--
End of file - 16370 bytes
Thanks!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:35 AM, on 6/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\DisplayLink Core Software\DisplayLinkServic
C:\WINDOWS\System32\svchos
C:\Program Files\Intel\Wireless\Bin\E
C:\Program Files\Intel\Wireless\Bin\S
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\DOCUME~1\RMILLS~1.BRO\L
C:\Program Files\TOSHIBA\ConfigFree\C
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\DOCUME~1\RMILLS~1.BRO\L
C:\WINDOWS\system32\DVDRAM
C:\Program Files\Java\jre6\bin\jqs.ex
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Intel\Wireless\Bin\R
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchos
c:\TOSHIBA\IVP\swupdate\sw
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv
C:\Program Files\TOSHIBA\TME3\Tmesrv3
C:\WINDOWS\system32\fxssvc
C:\Program Files\DisplayLink Core Software\DisplayLinkManage
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\WINDOWS\System32\DLA\DL
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\00THot
C:\Program Files\TOSHIBA\DualPointUti
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\thpsrv
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBat
C:\Program Files\TOSHIBA\TME3\TMERzCt
C:\Program Files\TOSHIBA\ConfigFree\N
C:\Program Files\TOSHIBA\TME3\TMEEJME
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxtr
C:\WINDOWS\system32\hkcmd.
C:\WINDOWS\system32\igfxpe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxex
C:\WINDOWS\system32\igfxsr
C:\Program Files\Intel\Wireless\bin\Z
C:\Program Files\Intel\Wireless\Bin\i
C:\Program Files\Common Files\InstallShield\Update
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ScanSoft\OmniPageSE4
C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
C:\Program Files\Intel\Wireless\Bin\D
C:\Program Files\Java\jre6\bin\jusche
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\TOSCDSPD\tos
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapim
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\WINDOWS\system32\RAMASS
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-0
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-A
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\Z
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\i
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MS
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTA
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\Update
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgd
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4
O4 - HKLM\..\Run: [TOSUSBSvr] C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
O4 - HKLM\..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.Spee
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusche
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\tos
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateMana
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.E
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {21F49842-BFA9-11D2-A89C-0
O16 - DPF: {297DE2B6-509A-4B36-93C5-A
O16 - DPF: {298BFFEE-662D-11D5-ADAF-0
O16 - DPF: {4C39376E-FA9D-4349-BACC-D
O16 - DPF: {7584C670-2274-4EFB-B00B-D
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-0
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Filter hijack: text/html - {2e062ab0-5c35-41cc-a03b-3
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SAS
O23 - Service: Ammyy Admin (AmmyyAdmin) - Unknown owner - C:\DOCUME~1\RMILLS~1.BRO\L
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\C
O23 - Service: Crescendo File Transfer - Crescendo Systems Corporation - C:\Program Files\Crescendo\InstantUpd
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkServic
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAM
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-1103
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\sw
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv3
--
End of file - 16370 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You're welcome.
When you get a chance run a scan with your AV :)
When you get a chance run a scan with your AV :)
ASKER