Saurabh
Winfixer and spywear popups killing me
Started by
saurabhlakhia
, Aug 16 2005 02:23 PM
#1
Posted 16 August 2005 - 02:23 PM
Saurabh
#2
Posted 16 August 2005 - 02:31 PM
Please go here:
http://www.geekstogo..._Log-t2852.html
Run all the programmes as advised then post a current Hijack This Log to the Malware Team
http://www.geekstogo..._Log-t2852.html
Run all the programmes as advised then post a current Hijack This Log to the Malware Team
#3
Posted 16 August 2005 - 05:06 PM
Hi ! I have followed all steps you mentioned. I have attached the log file. please le t me know my next step.
Logfile of HijackThis v1.99.1
Scan saved at 7:00:12 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\ADAM\dsamain.exe
C:\Program Files\CyberArmor\casvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\EYMarimba\ESD Client\Tuner.exe
C:\Program Files\EYMarimba\ESD Client\lib\jre\bin\java.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Kontiki\khost.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iweb.ey.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ernst & Young
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=usweb:80;http=usweb:80;https=usweb:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = qp002.quickplace.ey.com;qp001.quickplace.ey.com;*.ey.net;*.ltdcenter.ey.com;198.134.44.*;199.49.190.*;eformrs.com;uschic*;*.eyntc.com;web.ey.com;*.iweb.ey.com;199.50.20.187;*.eylink.com;199.50.20.186;*.adc.ey.com;gosystemrs.fasttax.com;169.254.*.*;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn.ey.com;txsn.ey.com;txadmin.ey.com;dheisey.com
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [EYUSESD] c:\Program Files\EYMarimba\ESD Client\Tuner.exe -nologo
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [_NotesINIBKUP] c:\Program Files\Eyutils\notesinicpy.EXE
O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ptsu] C:\Documents and Settings\lakhisa\Application Data\aprm.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.iweb.ey.com
O15 - Trusted Zone: http://*.iweb.ey.com
O15 - Trusted Zone: http://*.ey.com
O15 - Trusted Zone: http://*.ey.net
O15 - Trusted Zone: http://*.eylink.com
O15 - Trusted Zone: http://ey.fincad.com
O15 - Trusted Zone: http://*.iweb.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.net (HKLM)
O15 - Trusted Zone: http://*.eylink.com (HKLM)
O15 - Trusted Zone: http://ey.fincad.com (HKLM)
O15 - Trusted IP range: http://199.51.65.79
O16 - DPF: Sametime DA 651 - http://usst01.ey.net...ctoryApplet.cab
O16 - DPF: Sametime MRC 651 - http://usst01.ey.net...gRoomClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-ame...001/iNotes6.cab
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey....b/notesuser.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://usst01.ey.net...STJNILoader.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22....p/view22rte.cab
O16 - DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} (Rhino Software ActiveX FtpTree Control 10.0) - http://eyhost.us.na....bin/FtpTree.cab
O16 - DPF: {C3D91045-8E8D-11D1-BF8E-00A0C997D743} (Rhino Software Explorer Tree Control) - http://eyhost.us.na....inoExplorer.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://usmeadmamps01...tivexviewer.cab
O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - https://usmeadmglbpv...es/vmi660ie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ahdweb.webme...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\Software\..\Telephony: DomainName = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{188CE485-58CE-405A-81CF-3AB68F85ABAA}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{690A1A19-125F-4FF8-BFEE-AEB7729CB664}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D70889-80E3-4990-962E-79B1A6AF92D8}: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Aventail Connect (As32Svc) - Unknown owner - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
Logfile of HijackThis v1.99.1
Scan saved at 7:00:12 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\ADAM\dsamain.exe
C:\Program Files\CyberArmor\casvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\EYMarimba\ESD Client\Tuner.exe
C:\Program Files\EYMarimba\ESD Client\lib\jre\bin\java.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Kontiki\khost.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iweb.ey.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ernst & Young
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=usweb:80;http=usweb:80;https=usweb:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = qp002.quickplace.ey.com;qp001.quickplace.ey.com;*.ey.net;*.ltdcenter.ey.com;198.134.44.*;199.49.190.*;eformrs.com;uschic*;*.eyntc.com;web.ey.com;*.iweb.ey.com;199.50.20.187;*.eylink.com;199.50.20.186;*.adc.ey.com;gosystemrs.fasttax.com;169.254.*.*;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn.ey.com;txsn.ey.com;txadmin.ey.com;dheisey.com
;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [EYUSESD] c:\Program Files\EYMarimba\ESD Client\Tuner.exe -nologo
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [_NotesINIBKUP] c:\Program Files\Eyutils\notesinicpy.EXE
O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ptsu] C:\Documents and Settings\lakhisa\Application Data\aprm.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.iweb.ey.com
O15 - Trusted Zone: http://*.iweb.ey.com
O15 - Trusted Zone: http://*.ey.com
O15 - Trusted Zone: http://*.ey.net
O15 - Trusted Zone: http://*.eylink.com
O15 - Trusted Zone: http://ey.fincad.com
O15 - Trusted Zone: http://*.iweb.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.net (HKLM)
O15 - Trusted Zone: http://*.eylink.com (HKLM)
O15 - Trusted Zone: http://ey.fincad.com (HKLM)
O15 - Trusted IP range: http://199.51.65.79
O16 - DPF: Sametime DA 651 - http://usst01.ey.net...ctoryApplet.cab
O16 - DPF: Sametime MRC 651 - http://usst01.ey.net...gRoomClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-ame...001/iNotes6.cab
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey....b/notesuser.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://usst01.ey.net...STJNILoader.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22....p/view22rte.cab
O16 - DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} (Rhino Software ActiveX FtpTree Control 10.0) - http://eyhost.us.na....bin/FtpTree.cab
O16 - DPF: {C3D91045-8E8D-11D1-BF8E-00A0C997D743} (Rhino Software Explorer Tree Control) - http://eyhost.us.na....inoExplorer.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://usmeadmamps01...tivexviewer.cab
O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - https://usmeadmglbpv...es/vmi660ie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ahdweb.webme...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\Software\..\Telephony: DomainName = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{188CE485-58CE-405A-81CF-3AB68F85ABAA}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{690A1A19-125F-4FF8-BFEE-AEB7729CB664}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D70889-80E3-4990-962E-79B1A6AF92D8}: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Aventail Connect (As32Svc) - Unknown owner - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users