Unstable System: kindly please check this Highjack this Log

Discussion in 'Windows Desktop Systems' started by zandyrei, May 10, 2006.

  1. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    sometimes my PC hangsup..then theres Bloodhound detected, but i dont know what to use and where to look at... pease help me... sometimes theres a window that recommends "[FONT=&quot]WINANTIVIRUS"... then theres an SW thing that pops up... is there something i can disable here safely?

    thanks and more power to OSNN
    [/FONT]
    Logfile of HijackThis v1.99.1
    Scan saved at 3:56:18 PM, on 5/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\System32\JobTrigger.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\WinPwdHelper.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Windows\System32\ExecUser.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SysProtect Free\USYP.exe
    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\APHELPER.DLL
    O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\System32\nsl529.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\System32\awtqp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
    O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [ExecUser] "C:\Windows\System32\ExecUser.exe"
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NI.UWA6P_0001_N73M1004] "C:\Documents and Settings\as1568\My Documents\Ollie\Tools\WinAntiVirusPro2006FreeInstall.exe" -nag
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealSecure(r) Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.smartforce.com
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
    O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase30/OrgPubX.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/See...476677bb6fc6:190950799eb876e613008c54b810aed3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll cahooknt.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\System32\awtqp.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: JobTrigger - Hewlett Packard - C:\WINDOWS\System32\JobTrigger.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\System32\WinPwdHelper.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
     
  2. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    This PC's kind of a mess, will take a couple rounds. Fix disable system restore: http://support.microsoft.com/?id=264887

    Have HJT fix:

    O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\APHELPER.DLL
    O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\System32\nsl529.dll
    O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\System32\awtqp.dll
    O4 - HKLM\..\Run: [ExecUser] "C:\Windows\System32\ExecUser.exe"
    O4 - HKLM\..\Run: [NI.UWA6P_0001_N73M1004] "C:\Documents and Settings\as1568\My Documents\Ollie\Tools\WinAntiVirusPro2006FreeInstall.exe" -nag
    O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
    O15 - Trusted Zone: http://www.smartforce.com
    O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
    O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevision.com/codebase30/OrgPubX.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seek...008c54b810aed3
    O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll cahooknt.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\System32\awtqp.dll
    O23 - Service: JobTrigger - Hewlett Packard - C:\WINDOWS\System32\JobTrigger.exe
    O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\System32\WinPwdHelper.exe

    Reboot into safemode and delete the following:

    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\WinAntiVirusPro2006FreeInstall.exe <--file
    C:\PROGRAM FILES\INTERNET EXPLORER\AUTOPASS\ <--folder
    C:\windows\system32\TuneUp\ <--folder
    C:\Windows\System32\ExecUser.exe <--file
    C:\WINDOWS\System32\JobTrigger.exe <--file
    C:\WINDOWS\System32\WinPwdHelper.exe <--file

    Reboot and post a new log.
     
    zandyrei likes this.
  3. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    thanks for the help...

    this is the new log....

    Logfile of HijackThis v1.99.1
    Scan saved at 3:06:41 PM, on 5/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\System32\awtqp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
    O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
    O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealSecure(r) Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\System32\awtqp.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
     
    Last edited: May 11, 2006
  4. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Click on this link http://www.downloads.subratam.org/KillBox.zip to download TheKillbox by Option^Explicit. Extract it from the zip file Now double-click on Killbox.exe to run it. In the 'Paste Full Path of File to Delete' box, copy and paste this entry:

    C:\WINDOWS\System32\awtqp.dll

    Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a
    white X in it. Close killbox.

    Have HJT fix:

    O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\System32\awtqp.dll
    O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup

    Reboot and post a new log.

    You also have 2 antiviruses installed. You need to either remove Norton or AVG, you should not have both running at the same time.
     
  5. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    heres the latest log...

    Logfile of HijackThis v1.99.1
    Scan saved at 2:35:15 PM, on 5/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINDOWS\System32\awtqp.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
    O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealSecure(r) Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\System32\awtqp.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
     
  6. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    Great work so far j79zlr

    C:\Program Files\Support.com\bin\tgcmd.exe

    http://www.auditmypc.com/process/tgcmd.asp

    You also seem to have both Google and Yahoo toolbars installed, is this really needed?
     
  7. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    yep...thanks... finished....
     
  8. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. Put a check next to "Run VundoFix" as a task.
    3. You will receive a message saying vundofix will close and re-open in a minute or less. Click "OK".
    4. When VundoFix re-opens, click the "Scan for Vundo" button.
    5. Once it's done scanning, click the "Remove Vundo" button.
    6. You will receive a prompt asking if you want to remove the files, click "YES".
    7. Once you click yes, your desktop will go blank as it starts removing Vundo.
    8. When completed, it will prompt that it will shutdown your computer, click "OK".
    9. Turn your computer back on.
    10. Please post the contents of C:\vundofix.txt and a new HiJackThis log.
     
  9. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    this came out just recently.. how can i disable this popups? ill send the log later i have office works to do....

    thanks....
     

    Attached Files:

    • 01.jpg
      01.jpg
      File size:
      12.5 KB
      Views:
      87
    • 02.jpg
      02.jpg
      File size:
      76.3 KB
      Views:
      94
    • 03.jpg
      03.jpg
      File size:
      13.8 KB
      Views:
      84
    Last edited: May 15, 2006
  10. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    Logfile of HijackThis v1.99.1
    Scan saved at 1:25:08 PM, on 5/15/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
    O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealSecure(r) Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe






    ========

    VundoFix V4.2.74

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.3

    Java version is 1.5.0.6

    Scan started at 1:07:03 PM 5/15/2006

    Listing files found while scanning....

    C:\WINDOWS\System32\awtqp.dll
    C:\WINDOWS\System32\pqtwa.ini
    C:\WINDOWS\System32\pqtwa.bak1
    C:\WINDOWS\System32\pqtwa.bak2
    C:\WINDOWS\System32\pqtwa.ini2
    C:\WINDOWS\System32\pqtwa.tmp

    C:\WINDOWS\system32\pqtwa.bak1
    C:\WINDOWS\system32\pqtwa.bak2
    C:\WINDOWS\system32\pqtwa.tmp
    C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\awtqp.dll
    C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\pqtwa.bak2
    C:\WINDOWS\system32\pqtwa.tmp
    C:\WINDOWS\system32\pqtwa.ini
    C:\WINDOWS\system32\pqtwa.ini2
    C:\WINDOWS\system32\awtqp.dll
    Attempting to delete C:\WINDOWS\System32\awtqp.dll
    C:\WINDOWS\System32\awtqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pqtwa.ini
    C:\WINDOWS\System32\pqtwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pqtwa.bak1
    C:\WINDOWS\System32\pqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pqtwa.bak2
    C:\WINDOWS\System32\pqtwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pqtwa.ini2
    C:\WINDOWS\System32\pqtwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\pqtwa.tmp
    C:\WINDOWS\System32\pqtwa.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  11. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Go ahead and uninstall of the java versions except the latest 1.5.0.6.

    You have one entry that needs to be fixed:

    O4 - HKCU\..\Run: [WBPCache] WBPCache.exe

    Reboot into safemode and delete this file, may be in two locations:

    C:\Windows\System\WBPCache.exe
    C:\Windows\System32\WBPCache.exe

    Reboot and post a new log.
     
  12. zandyrei

    zandyrei TinySoft

    Messages:
    113
    Location:
    PH
    heres the new log... im klinda busy...

    Logfile of HijackThis v1.99.1
    Scan saved at 2:02:20 PM, on 5/19/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINDOWS\System32\NWTRAY.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DWHWIZRD.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Documents and Settings\as1568\My Documents\Ollie\Tools\Hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.pg.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
    O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RealSecure(r) Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4639E0B2-C481-4D9E-9C4A-7CFC5A68646C}: Domain = ap.pg.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ap.pg.com,pg.com,na.pg.com,la.pg.com,eu.pg.com,gillette.com,braunag.de
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
    O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
    O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: workspace - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
     
  13. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    That log looks clean, you really need to run windows update and get ALL critical updates including SP2. That should help preventing such issues in the future.