Scan saved at 9:56:22 AM, on 1/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://onqinsider.hilton.com/insider/home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://onqinsider.hilton.com/insider/home.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://onqinsider.hilton.com/insider/home.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hilton Hotels Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [DLA] C:\WINNT\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [HiltonP65] "C:\Program Files\HiltonP65\bin\sprtcmd.exe" /P HiltonP65
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [jmtrrcju] C:\Documents and Settings\dmartell\Local Settings\Application Data\cwxcgl\kieasysguard.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://onqinsider.hilton.com/insider/home.aspx
O15 - Trusted Zone: http://*.americanexpress.com
O15 - Trusted Zone: http://*.BPSNet
O15 - Trusted Zone: http://www.bristolonline.com
O15 - Trusted Zone: http://support.ca.com
O15 - Trusted Zone: http://*.ca.com
O15 - Trusted Zone: http://support.cai.com
O15 - Trusted Zone: http://*.cai.com
O15 - Trusted Zone: http://*.cbpssrv1
O15 - Trusted Zone: http://*.cisdev
O15 - Trusted Zone: http://www.clubhotels.com
O15 - Trusted Zone: http://*.clubhotels.com
O15 - Trusted Zone: http://*.cntsdms1
O15 - Trusted Zone: http://www.compaq.com
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.corp_install01
O15 - Trusted Zone: http://*.criticalpath.net
O15 - Trusted Zone: http://www.dimdev.com
O15 - Trusted Zone: http://*.doubletree.com
O15 - Trusted Zone: http://www.doubletreehotels.com
O15 - Trusted Zone: http://*.doubletreehotels.com
O15 - Trusted Zone: http://www.embassy-suites.com
O15 - Trusted Zone: http://*.embassy-suites.com
O15 - Trusted Zone: http://www.embassyvacationresorts.com
O15 - Trusted Zone: http://*.embassyvacationresorts.com
O15 - Trusted Zone: http://*.extranet
O15 - Trusted Zone: http://*.glacier
O15 - Trusted Zone: http://www.grandtheme.com
O15 - Trusted Zone: http://www.hampton-inn.com
O15 - Trusted Zone: http://*.hampton-inn.com
O15 - Trusted Zone: http://www.hamptonvacationresorts.com
O15 - Trusted Zone: http://*.hamptonvacationresorts.com
O15 - Trusted Zone: http://eis.hilton.com
O15 - Trusted Zone: http://enet.hilton.com
O15 - Trusted Zone: http://hiltonnet.hilton.com
O15 - Trusted Zone: http://inet.hilton.com
O15 - Trusted Zone: http://intranet.hilton.com
O15 - Trusted Zone: http://onqinsider.hilton.com
O15 - Trusted Zone: http://*.hilton.com
O15 - Trusted Zone: http://*.hiltoninets.com
O15 - Trusted Zone: http://www.homewood-suites.com
O15 - Trusted Zone: http://*.homewood-suites.com
O15 - Trusted Zone: http://www.hoovers.com
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.ibm.net
O15 - Trusted Zone: http://*.inet
O15 - Trusted Zone: http://*.intradev_temp
O15 - Trusted Zone: http://*.it
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://*.mapquest.com
O15 - Trusted Zone: http://*.netrez.com
O15 - Trusted Zone: http://www.plansoft.com
O15 - Trusted Zone: http://corp.pmhs.com
O15 - Trusted Zone: http://download.pointcast.com
O15 - Trusted Zone: http://www.pointcast.com
O15 - Trusted Zone: http://*.pointcast.com
O15 - Trusted Zone: http://cis.promus.com
O15 - Trusted Zone: http://eis.promus.com
O15 - Trusted Zone: http://enet.promus.com
O15 - Trusted Zone: http://inet.promus.com
O15 - Trusted Zone: http://*.promus.com
O15 - Trusted Zone: http://hilton.purchasepro.com
O15 - Trusted Zone: http://rl2k.rci.com
O15 - Trusted Zone: http://www.rfpexpress.com
O15 - Trusted Zone: http://www.rfsmgmt.com
O15 - Trusted Zone: http://www.tharaldson.com
O15 - Trusted Zone: http://*.verisign.com
O15 - Trusted Zone: http://www.w3.org
O15 - Trusted Zone: http://*.w3.org
O15 - Trusted Zone: http://la.xceed.com
O15 - Trusted Zone: http://*.americanexpress.com (HKLM)
O15 - Trusted Zone: http://*.BPSNet (HKLM)
O15 - Trusted Zone: http://www.bristolonline.com (HKLM)
O15 - Trusted Zone: http://support.ca.com (HKLM)
O15 - Trusted Zone: http://*.ca.com (HKLM)
O15 - Trusted Zone: http://support.cai.com (HKLM)
O15 - Trusted Zone: http://*.cai.com (HKLM)
O15 - Trusted Zone: http://*.cbpssrv1 (HKLM)
O15 - Trusted Zone: http://*.cisdev (HKLM)
O15 - Trusted Zone: http://www.clubhotels.com (HKLM)
O15 - Trusted Zone: http://*.clubhotels.com (HKLM)
O15 - Trusted Zone: http://*.cntsdms1 (HKLM)
O15 - Trusted Zone: http://www.compaq.com (HKLM)
O15 - Trusted Zone: http://*.compaq.com (HKLM)
O15 - Trusted Zone: http://*.corp_install01 (HKLM)
O15 - Trusted Zone: http://*.criticalpath.net (HKLM)
O15 - Trusted Zone: http://www.dimdev.com (HKLM)
O15 - Trusted Zone: http://*.doubletree.com (HKLM)
O15 - Trusted Zone: http://www.doubletreehotels.com (HKLM)
O15 - Trusted Zone: http://*.doubletreehotels.com (HKLM)
O15 - Trusted Zone: http://www.embassy-suites.com (HKLM)
O15 - Trusted Zone: http://*.embassy-suites.com (HKLM)
O15 - Trusted Zone: http://www.embassyvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.embassyvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.extranet (HKLM)
O15 - Trusted Zone: http://*.glacier (HKLM)
O15 - Trusted Zone: http://www.grandtheme.com (HKLM)
O15 - Trusted Zone: http://www.hampton-inn.com (HKLM)
O15 - Trusted Zone: http://*.hampton-inn.com (HKLM)
O15 - Trusted Zone: http://www.hamptonvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.hamptonvacationresorts.com (HKLM)
O15 - Trusted Zone: http://eis.hilton.com (HKLM)
O15 - Trusted Zone: http://enet.hilton.com (HKLM)
O15 - Trusted Zone: http://hiltonnet.hilton.com (HKLM)
O15 - Trusted Zone: http://inet.hilton.com (HKLM)
O15 - Trusted Zone: http://intranet.hilton.com (HKLM)
O15 - Trusted Zone: http://onqinsider.hilton.com (HKLM)
O15 - Trusted Zone: http://*.hilton.com (HKLM)
O15 - Trusted Zone: http://*.hiltoninets.com (HKLM)
O15 - Trusted Zone: http://www.homewood-suites.com (HKLM)
O15 - Trusted Zone: http://*.homewood-suites.com (HKLM)
O15 - Trusted Zone: http://www.hoovers.com (HKLM)
O15 - Trusted Zone: http://*.hp.com (HKLM)
O15 - Trusted Zone: http://*.ibm.net (HKLM)
O15 - Trusted Zone: http://*.inet (HKLM)
O15 - Trusted Zone: http://*.intradev_temp (HKLM)
O15 - Trusted Zone: http://*.it (HKLM)
O15 - Trusted Zone: http://www.mapquest.com (HKLM)
O15 - Trusted Zone: http://*.mapquest.com (HKLM)
O15 - Trusted Zone: http://*.netrez.com (HKLM)
O15 - Trusted Zone: http://www.plansoft.com (HKLM)
O15 - Trusted Zone: http://corp.pmhs.com (HKLM)
O15 - Trusted Zone: http://download.pointcast.com (HKLM)
O15 - Trusted Zone: http://www.pointcast.com (HKLM)
O15 - Trusted Zone: http://*.pointcast.com (HKLM)
O15 - Trusted Zone: http://cis.promus.com (HKLM)
O15 - Trusted Zone: http://eis.promus.com (HKLM)
O15 - Trusted Zone: http://enet.promus.com (HKLM)
O15 - Trusted Zone: http://inet.promus.com (HKLM)
O15 - Trusted Zone: http://*.promus.com (HKLM)
O15 - Trusted Zone: http://hilton.purchasepro.com (HKLM)
O15 - Trusted Zone: http://rl2k.rci.com (HKLM)
O15 - Trusted Zone: http://www.rfpexpress.com (HKLM)
O15 - Trusted Zone: http://www.rfsmgmt.com (HKLM)
O15 - Trusted Zone: http://www.tharaldson.com (HKLM)
O15 - Trusted Zone: http://*.verisign.com (HKLM)
O15 - Trusted Zone: http://www.w3.org (HKLM)
O15 - Trusted Zone: http://*.w3.org (HKLM)
O15 - Trusted Zone: http://la.xceed.com (HKLM)
O15 - Trusted IP range: http://10.8.5.88
O15 - Trusted IP range: http://167.187.10.232
O15 - Trusted IP range: http://192.251.125.162
O15 - Trusted IP range: http://192.251.125.163
O15 - Trusted IP range: http://167.187.153.100
O15 - Trusted IP range: http://167.187.51.152
O15 - Trusted IP range: http://209.173.69.234
O15 - Trusted IP range: http://38.231.229.47
O15 - Trusted IP range: http://10.8.5.88 (HKLM)
O15 - Trusted IP range: http://167.187.10.232 (HKLM)
O15 - Trusted IP range: http://192.251.125.162 (HKLM)
O15 - Trusted IP range: http://192.251.125.163 (HKLM)
O15 - Trusted IP range: http://167.187.153.100 (HKLM)
O15 - Trusted IP range: http://167.187.51.152 (HKLM)
O15 - Trusted IP range: http://209.173.69.234 (HKLM)
O15 - Trusted IP range: http://38.231.229.47 (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O17 - HKLM\Software\..\Telephony: DomainName = na.hhcpr.hilton.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A6F181-0591-47D7-AFDD-4E0AE7457574}: NameServer = 172.20.51.68
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINNT\system32\FpWinLogonNp.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINNT\system32\ADMonitor.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINNT\system32\AtService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINNT\system32\FpLogonServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: SupportSoft Sprocket Service (hiltonp65) (sprtsvc_hiltonp65) - SupportSoft, Inc. - C:\Program Files\HiltonP65\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (hiltonp65) (tgsrvc_hiltonp65) - SupportSoft, Inc. - C:\Program Files\HiltonP65\bin\tgsrvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
--
End of file - 16108 bytes