Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Winfixer and spywear popups killing me

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I am getting this winfixer 2005 popups every second I browse the internet. I have lavasoft spyware and I did remove everything everyday but no help. Microsoft Antispywear is also already expired its trial version no help. I am really tired of this popups. I also have Winxp SP2 which blocks IE popups but these spywear popups are unstoappable. Please :tazz: me. :)

  • 0


Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Please go here:


Run all the programmes as advised then post a current Hijack This Log to the Malware Team
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi ! I have followed all steps you mentioned. I have attached the log file. please le t me know my next step.

Logfile of HijackThis v1.99.1
Scan saved at 7:00:12 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\CyberArmor\casvc.exe
C:\Program Files\EYMarimba\ESD Client\Tuner.exe
C:\Program Files\EYMarimba\ESD Client\lib\jre\bin\java.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Kontiki\khost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iweb.ey.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ernst & Young
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=usweb:80;http=usweb:80;https=usweb:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = qp002.quickplace.ey.com;qp001.quickplace.ey.com;*.ey.net;*.ltdcenter.ey.com;198.134.44.*;199.49.190.*;eformrs.com;uschic*;*.eyntc.com;web.ey.com;*.iweb.ey.com;;*.eylink.com;;*.adc.ey.com;gosystemrs.fasttax.com;169.254.*.*;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn.ey.com;txsn.ey.com;txadmin.ey.com;dheisey.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [EYUSESD] c:\Program Files\EYMarimba\ESD Client\Tuner.exe -nologo
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [_NotesINIBKUP] c:\Program Files\Eyutils\notesinicpy.EXE
O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\khost.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Ptsu] C:\Documents and Settings\lakhisa\Application Data\aprm.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.iweb.ey.com
O15 - Trusted Zone: http://*.iweb.ey.com
O15 - Trusted Zone: http://*.ey.com
O15 - Trusted Zone: http://*.ey.net
O15 - Trusted Zone: http://*.eylink.com
O15 - Trusted Zone: http://ey.fincad.com
O15 - Trusted Zone: http://*.iweb.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.net (HKLM)
O15 - Trusted Zone: http://*.eylink.com (HKLM)
O15 - Trusted Zone: http://ey.fincad.com (HKLM)
O15 - Trusted IP range:
O16 - DPF: Sametime DA 651 - http://usst01.ey.net...ctoryApplet.cab
O16 - DPF: Sametime MRC 651 - http://usst01.ey.net...gRoomClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-ame...001/iNotes6.cab
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey....b/notesuser.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://usst01.ey.net...STJNILoader.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv3.view22....p/view22rte.cab
O16 - DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} (Rhino Software ActiveX FtpTree Control 10.0) - http://eyhost.us.na....bin/FtpTree.cab
O16 - DPF: {C3D91045-8E8D-11D1-BF8E-00A0C997D743} (Rhino Software Explorer Tree Control) - http://eyhost.us.na....inoExplorer.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7) - http://usmeadmamps01...tivexviewer.cab
O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - https://usmeadmglbpv...es/vmi660ie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ahdweb.webme...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\Software\..\Telephony: DomainName = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{188CE485-58CE-405A-81CF-3AB68F85ABAA}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{690A1A19-125F-4FF8-BFEE-AEB7729CB664}: Domain = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D70889-80E3-4990-962E-79B1A6AF92D8}: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: cahooknt.dll
O23 - Service: Aventail Connect (As32Svc) - Unknown owner - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP