Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
154 Posts
Discussion Starter · #1 ·
I've run...
AdAware with VX2 plugin
spybot
ewido
housecall virus scan
panda scan
symantec antivirus (norton)
CWSShredder

Both trends and norton virus scans picked up the trojan.dropper, but neither could remove it. It referred to a file in c:\windows\umtlhvc.exe that I could not delete.

Also, when I first started working on the system there was an Install Winfixer icon on the desktop, as well as two icons appearing in the statup tray. I've deleted the one on the desktop and the others are no longer appearing in the startup tray...but not really sure if it's gone.

And....in the add/remove programs there's The Best Offers is listed and I can't uninstall it.

I'm working on this system remotely from my office, the PC is located in Denver.

Thanx.


Logfile of HijackThis v1.99.1
Scan saved at 1:18:21 PM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\umtlhvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\uidyies.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 199.254.201.175:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.sss.gov;*.sss.gov:8080;*.nbc.gov;?.sss.gov;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshgugn.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Form Filler\CPFillerCo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [xwoqawn] C:\WINDOWS\xwoqawn.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [izctbxa] C:\WINDOWS\izctbxa.exe
O4 - HKLM\..\Run: [tcvhaeo] C:\WINDOWS\tcvhaeo.exe
O4 - HKLM\..\Run: [sdkdivp] C:\WINDOWS\sdkdivp.exe
O4 - HKLM\..\Run: [olmyjow] C:\WINDOWS\olmyjow.exe
O4 - HKLM\..\Run: [jnbhypi] C:\WINDOWS\jnbhypi.exe
O4 - HKLM\..\Run: [vuvkeln] C:\WINDOWS\vuvkeln.exe
O4 - HKLM\..\Run: [brhcabw] C:\WINDOWS\brhcabw.exe
O4 - HKLM\..\Run: [gkfuevy] C:\WINDOWS\gkfuevy.exe
O4 - HKLM\..\Run: [smyjakz] C:\WINDOWS\smyjakz.exe
O4 - HKLM\..\Run: [uiubdoj] C:\WINDOWS\uiubdoj.exe
O4 - HKLM\..\Run: [sropkmo] C:\WINDOWS\sropkmo.exe
O4 - HKLM\..\Run: [pyirxty] C:\WINDOWS\pyirxty.exe
O4 - HKLM\..\Run: [fvekbsx] C:\WINDOWS\fvekbsx.exe
O4 - HKLM\..\Run: [wlecols] C:\WINDOWS\wlecols.exe
O4 - HKLM\..\Run: [hskfskf] C:\WINDOWS\hskfskf.exe
O4 - HKLM\..\Run: [kukhzwf] C:\WINDOWS\kukhzwf.exe
O4 - HKLM\..\Run: [dszewkm] C:\WINDOWS\dszewkm.exe
O4 - HKLM\..\Run: [qapjyro] C:\WINDOWS\qapjyro.exe
O4 - HKLM\..\Run: [vtspnlo] C:\WINDOWS\vtspnlo.exe
O4 - HKLM\..\Run: [rjycwxf] C:\WINDOWS\rjycwxf.exe
O4 - HKLM\..\Run: [nzbmxnz] C:\WINDOWS\nzbmxnz.exe
O4 - HKLM\..\Run: [ntaende] C:\WINDOWS\ntaende.exe
O4 - HKLM\..\Run: [loocfhn] C:\WINDOWS\loocfhn.exe
O4 - HKLM\..\Run: [bwfztiu] C:\WINDOWS\bwfztiu.exe
O4 - HKLM\..\Run: [qjthknw] C:\WINDOWS\qjthknw.exe
O4 - HKLM\..\Run: [ybfghny] C:\WINDOWS\ybfghny.exe
O4 - HKLM\..\Run: [lfejcsk] C:\WINDOWS\lfejcsk.exe
O4 - HKLM\..\Run: [uidyies] C:\WINDOWS\uidyies.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124986169838
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://intra.sss.gov/viewer/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sss.gov
O17 - HKLM\Software\..\Telephony: DomainName = sss.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sss.gov
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\umtlhvc.exe
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.




SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------


Download Killbox v2.0.0.175 and unzip the file to your Desktop and have it ready to use.

-----------------------------------------------------------------------

Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
------------------------------------------------------------------




Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshgugn.dll (file missing)
O4 - HKLM\..\Run: [xwoqawn] C:\WINDOWS\xwoqawn.EXE
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [izctbxa] C:\WINDOWS\izctbxa.exe
O4 - HKLM\..\Run: [tcvhaeo] C:\WINDOWS\tcvhaeo.exe
O4 - HKLM\..\Run: [sdkdivp] C:\WINDOWS\sdkdivp.exe
O4 - HKLM\..\Run: [olmyjow] C:\WINDOWS\olmyjow.exe
O4 - HKLM\..\Run: [jnbhypi] C:\WINDOWS\jnbhypi.exe
O4 - HKLM\..\Run: [vuvkeln] C:\WINDOWS\vuvkeln.exe
O4 - HKLM\..\Run: [brhcabw] C:\WINDOWS\brhcabw.exe
O4 - HKLM\..\Run: [gkfuevy] C:\WINDOWS\gkfuevy.exe
O4 - HKLM\..\Run: [smyjakz] C:\WINDOWS\smyjakz.exe
O4 - HKLM\..\Run: [uiubdoj] C:\WINDOWS\uiubdoj.exe
O4 - HKLM\..\Run: [sropkmo] C:\WINDOWS\sropkmo.exe
O4 - HKLM\..\Run: [pyirxty] C:\WINDOWS\pyirxty.exe
O4 - HKLM\..\Run: [fvekbsx] C:\WINDOWS\fvekbsx.exe
O4 - HKLM\..\Run: [wlecols] C:\WINDOWS\wlecols.exe
O4 - HKLM\..\Run: [hskfskf] C:\WINDOWS\hskfskf.exe
O4 - HKLM\..\Run: [kukhzwf] C:\WINDOWS\kukhzwf.exe
O4 - HKLM\..\Run: [dszewkm] C:\WINDOWS\dszewkm.exe
O4 - HKLM\..\Run: [qapjyro] C:\WINDOWS\qapjyro.exe
O4 - HKLM\..\Run: [vtspnlo] C:\WINDOWS\vtspnlo.exe
O4 - HKLM\..\Run: [rjycwxf] C:\WINDOWS\rjycwxf.exe
O4 - HKLM\..\Run: [nzbmxnz] C:\WINDOWS\nzbmxnz.exe
O4 - HKLM\..\Run: [ntaende] C:\WINDOWS\ntaende.exe
O4 - HKLM\..\Run: [loocfhn] C:\WINDOWS\loocfhn.exe
O4 - HKLM\..\Run: [bwfztiu] C:\WINDOWS\bwfztiu.exe
O4 - HKLM\..\Run: [qjthknw] C:\WINDOWS\qjthknw.exe
O4 - HKLM\..\Run: [ybfghny] C:\WINDOWS\ybfghny.exe
O4 - HKLM\..\Run: [lfejcsk] C:\WINDOWS\lfejcsk.exe
O4 - HKLM\..\Run: [uidyies] C:\WINDOWS\uidyies.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\umtlhvc.exe


------------------------------------------------------------------
Run KillBox......

Right click and drag your cursor over the below files to highlight them and then.use Control+C to copy them to the clipboard..Open KILLBOX and go to File and click on"Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there) . Then checkmark the "Delete on Reboot" box..and click the red X. You will get a message saying "File will be deleted on next reboot" , Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.

C:\WINDOWS\umtlhvc.exe
C:\WINDOWS\xwoqawn.EXE
C:\WINDOWS\dinst.exe
C:\WINDOWS\izctbxa.exe
C:\WINDOWS\tcvhaeo.exe
C:\WINDOWS\sdkdivp.exe
C:\WINDOWS\olmyjow.exe
C:\WINDOWS\jnbhypi.exe
C:\WINDOWS\vuvkeln.exe
C:\WINDOWS\brhcabw.exe
C:\WINDOWS\gkfuevy.exe
C:\WINDOWS\smyjakz.exe
C:\WINDOWS\uiubdoj.exe
C:\WINDOWS\sropkmo.exe
C:\WINDOWS\pyirxty.exe
C:\WINDOWS\fvekbsx.exe
C:\WINDOWS\wlecols.exe
C:\WINDOWS\hskfskf.exe
C:\WINDOWS\kukhzwf.exe
C:\WINDOWS\dszewkm.exe
C:\WINDOWS\qapjyro.exe
C:\WINDOWS\vtspnlo.exe
C:\WINDOWS\rjycwxf.exe
C:\WINDOWS\nzbmxnz.exe
C:\WINDOWS\ntaende.exe
C:\WINDOWS\loocfhn.exe
C:\WINDOWS\bwfztiu.exe
C:\WINDOWS\qjthknw.exe
C:\WINDOWS\ybfghny.exe
C:\WINDOWS\lfejcsk.exe
C:\WINDOWS\uidyies.exe

-------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files.

When finished please post a new log......
 

·
Registered
Joined
·
154 Posts
Discussion Starter · #3 ·
on the clean up! website I read that clean up! sometimes removes system files on 64 bit windows xp systems, how do I know whether or not it's safe to run clean up! on this system?

Thanx
 

·
Registered
Joined
·
154 Posts
Discussion Starter · #4 ·
done!

Logfile of HijackThis v1.99.1
Scan saved at 10:12:58 AM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 199.254.201.175:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.sss.gov;*.sss.gov:8080;*.nbc.gov;?.sss.gov;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Form Filler\CPFillerCo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124986169838
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://intra.sss.gov/viewer/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sss.gov
O17 - HKLM\Software\..\Telephony: DomainName = sss.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sss.gov
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top