Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT Log - Google is hijacked, now it is Googl


  • Please log in to reply

#1
strictor

strictor

    Member

  • Member
  • PipPip
  • 29 posts
My google.com is now googl The links on the site are p***. I did run all the ad aware, spybot, and shredder. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:12:48 PM, on 3/13/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\WinKey\WinKey.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\miderja\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINNT\system32\lockctrl.exe C:\WINNT\system32\wgp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe -HideWindow
O4 - HKCU\..\Run: [Matrox MultiDesktop] C:\WINNT\system32\PDesk\PDMMD.EXE /Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: LmCheck.lnk = C:\Program Files\NMT\BIN\LmCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\msoffice\Office\OSA9.EXE
O4 - Global Startup: RealSecure Desktop Protector.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.us.abatos.com
O15 - Trusted Zone: http://*.us.landisstaefa.com
O15 - Trusted Zone: http://*.sbt.siemens.com
O15 - Trusted Zone: http://*.us.abatos.com (HKLM)
O15 - Trusted Zone: http://*.us.landisstaefa.com (HKLM)
O15 - Trusted Zone: http://*.sbt.siemens.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup155.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{D309B0A3-F178-400B-8D39-AF110DDB430B}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us009.siemens.net
O23 - Service: Insight AsyncSvc (AsyncSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\asyncsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Insight CrossTrunkService (CrossTrunkService) - Siemens Building Technologies, Inc. - C:\CommTool\System\xtsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight EventLogSvc (EventLogSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Eventlog.exe
O23 - Service: Insight EventPrtSvc (EventPrtSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Eventptr.exe
O23 - Service: Insight GlobalTablesService (GlobalTablesService) - Siemens Building Technologies, Inc. - C:\CommTool\System\gtsvc.exe
O23 - Service: Insight DBCSServer - Siemens Building Technologies, Inc. - C:\CommTool\System\InsightDBCSServer.exe
O23 - Service: Insight MonitorSvc - Siemens Building Technologies, Inc. - C:\CommTool\System\monitor.exe
O23 - Service: Insight RENOServer - Siemens Building Technologies, Inc. - C:\CommTool\System\InsightRENOServer.EXE
O23 - Service: Insight LoaderSvc (LoaderSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\loader.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: Objectivity AMS (ooams-3) - Objectivity, Inc. - C:\CommTool\System\DBManagr\ooams.exe
O23 - Service: Objectivity Lock Server (ools-13) - Unknown owner - C:\CommTool\System\DBManagr\ools.exe
O23 - Service: Peak IfmIp - IEC Intelligent Technologies - C:\WINNT\system32\IfmIpSvc.exe
O23 - Service: Peak IfmLt - IEC Intelligent Technologies - C:\WINNT\system32\IfmLtSvc.exe
O23 - Service: Peak PkDSrv - IEC Intelligent Technologies - C:\WINNT\system32\PkDSrvSvc.exe
O23 - Service: Peak PkMSrv - IEC Intelligent Technologies - C:\WINNT\system32\PkMSrvSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
O23 - Service: Insight ResidentPointSvc (ResidentPointSvc) - Siemens Building Technologies, Inc. - C:\CommTool\RPMonitor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Insight SchedulerSvc (SchedulerSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Schedsrv.exe
O23 - Service: Insight SoftControllerSvc (SoftControllerSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\vfpsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe


Can anyone help? Thanks.
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I spent about 10 minutes reviewing your log, and as I was researching it I found this:

http://forums.techguy.org/t332747.html

I will let that forum finish it out for you. Thanks. :tazz:
  • 0

#3
strictor

strictor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Same problem. I can't get rid of it. I did what that forum said and it didn't fix my problem. What is this Googl sight anyways?
  • 0

#4
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I just don't want to work on your problem if someone at another site is spending time also working on your problem also. There are too many problems and too few helpers. Either ask them to close that topic or I'll close this one. :tazz:
  • 0

#5
strictor

strictor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I understand. That thread is 3 weeks old and I never received a reply from it. I will go there and close it but noone is working onit.
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I was halfway through and found a bunch of 023 entyries that look strange. Not much out there on them.

First of all, do you need all those trusted zones? I don't have any of them. Also, I see siemens popping up throughout your log. Is there a reason you have that throughout?

Also, your windows is not updated. You might try doing that.

I would also run a program called ccleaner. You can find it at majorgeeks.com

http://www.majorgeek...wnload4191.html

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Please do the things I asked and post another hijack this log.
  • 0

#7
strictor

strictor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for your help. The trusted zones are ok, they are my VPN for work. Siemens is my work, and all the trusted zones included.

My windows is not updated but do I have to necessarily do that?

I ran ccleaner also, and deleted all the files you asked. Here is my latest log. Thanks again.


Logfile of HijackThis v1.99.1
Scan saved at 8:39:58 PM, on 3/14/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\WinKey\WinKey.exe
C:\Documents and Settings\miderja\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINNT\system32\lockctrl.exe C:\WINNT\system32\wgp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe -HideWindow
O4 - HKCU\..\Run: [Matrox MultiDesktop] C:\WINNT\system32\PDesk\PDMMD.EXE /Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: LmCheck.lnk = C:\Program Files\NMT\BIN\LmCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\msoffice\Office\OSA9.EXE
O4 - Global Startup: RealSecure Desktop Protector.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.us.abatos.com
O15 - Trusted Zone: http://*.us.landisstaefa.com
O15 - Trusted Zone: http://*.sbt.siemens.com
O15 - Trusted Zone: http://*.us.abatos.com (HKLM)
O15 - Trusted Zone: http://*.us.landisstaefa.com (HKLM)
O15 - Trusted Zone: http://*.sbt.siemens.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup155.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{D309B0A3-F178-400B-8D39-AF110DDB430B}: NameServer = 205.171.3.65,205.171.2.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us009.siemens.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = us009.siemens.net
O23 - Service: Insight AsyncSvc (AsyncSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\asyncsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Insight CrossTrunkService (CrossTrunkService) - Siemens Building Technologies, Inc. - C:\CommTool\System\xtsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Insight EventLogSvc (EventLogSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Eventlog.exe
O23 - Service: Insight EventPrtSvc (EventPrtSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Eventptr.exe
O23 - Service: Insight GlobalTablesService (GlobalTablesService) - Siemens Building Technologies, Inc. - C:\CommTool\System\gtsvc.exe
O23 - Service: Insight DBCSServer - Siemens Building Technologies, Inc. - C:\CommTool\System\InsightDBCSServer.exe
O23 - Service: Insight MonitorSvc - Siemens Building Technologies, Inc. - C:\CommTool\System\monitor.exe
O23 - Service: Insight RENOServer - Siemens Building Technologies, Inc. - C:\CommTool\System\InsightRENOServer.EXE
O23 - Service: Insight LoaderSvc (LoaderSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\loader.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: Objectivity AMS (ooams-3) - Objectivity, Inc. - C:\CommTool\System\DBManagr\ooams.exe
O23 - Service: Objectivity Lock Server (ools-13) - Unknown owner - C:\CommTool\System\DBManagr\ools.exe
O23 - Service: Peak IfmIp - IEC Intelligent Technologies - C:\WINNT\system32\IfmIpSvc.exe
O23 - Service: Peak IfmLt - IEC Intelligent Technologies - C:\WINNT\system32\IfmLtSvc.exe
O23 - Service: Peak PkDSrv - IEC Intelligent Technologies - C:\WINNT\system32\PkDSrvSvc.exe
O23 - Service: Peak PkMSrv - IEC Intelligent Technologies - C:\WINNT\system32\PkMSrvSvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
O23 - Service: Insight ResidentPointSvc (ResidentPointSvc) - Siemens Building Technologies, Inc. - C:\CommTool\RPMonitor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Insight SchedulerSvc (SchedulerSvc) - Siemens Building Technologies, Inc. - C:\CommTool\Schedsrv.exe
O23 - Service: Insight SoftControllerSvc (SoftControllerSvc) - Siemens Building Technologies, Inc. - C:\CommTool\System\vfpsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Yes, I would update windows.

I don't know why you are getting p***. Let's try a few things and see if that works.

You have downloaded several programs that look legit, but sometimes they tack on things that attrack bad things. You aren't deleting them from your computer, but they won't be installed when you start up the machine.

Run Hijack this and put a check mark next to these items making sure that you all windows are closed and you're not connected to the internet.

O4 - Global Startup: LmCheck.lnk = C:\Program Files\NMT\BIN\LmCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\msoffice\Office\OSA9.EXE
O4 - Global Startup: RealSecure Desktop Protector.lnk = ?
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll


O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup155.cab

Clean out your temp. files. Run adaware and reboot and post a new log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP