Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
2 replies to this topic

#1 markymark

markymark

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 18 January 2005 - 01:17 PM

Good day to all,
this is my logfile of hijackthis. I have been acting according to the sites tutorial42, so hopefully you can help me get rid of the coolwebsearch worm. For the meantime, I have been continuously running adaware, which removes it until it returns again.....
Thanks for the help....


Logfile of HijackThis v1.99.0
Scan saved at 20:00:01, on 18/01/05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\vnxserv.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\PROGRA~1\Navnt\vpexrt.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\KPMG\Global Desktop\Utilities\SSService.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\RightFax\faxctrl.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\WINNT\Softalkr\Bin\Softalkr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
D:\Documents and Settings\markzeman\My Documents\stuff\this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\MARKZE~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\MARKZE~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by KPMG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8CCC93EF-3120-49C6-AEC5-816F353E6F2E} - C:\WINNT\system32\hhod.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [KPMG Profile Manager] C:\Program Files\KPMG\Global Desktop\Utilities\kpmg profile manager.exe
O4 - HKLM\..\Run: [SSv2] C:\Program Files\KPMG\Global Desktop\Utilities\SSService.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [LiveUpdate Check] C:\Program Files\navnt\vpdn_lu.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SoftTalker] C:\WINNT\Softalkr\Bin\Softalkr.exe
O4 - HKCU\..\Run: [Install BlackICE] "C:\Program Files\KPMG\Global Desktop\Utilities\BlackICE\GDSetup.exe"
O4 - HKCU\..\Run: [Install Inventory Agent] "C:\Program Files\KPMG\Global Desktop\Utilities\InvAgent\GDSetup.exe"
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://abcv.kworld.kpmg.com
O15 - Trusted Zone: http://conf.kworld.kpmg.com
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com
O15 - Trusted Zone: http://maint.kworld.kpmg.com
O15 - Trusted Zone: http://search.kworld.kpmg.com
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com
O15 - Trusted Zone: http://www.kworld.kpmg.com
O15 - Trusted Zone: http://*.kpmgconsulting.com
O15 - Trusted Zone: http://www.kpmgtax.com
O15 - Trusted Zone: http://www.matrixcapitalonline.com
O15 - Trusted Zone: http://*.meomweb14
O15 - Trusted Zone: http://kworld2.newsedge-web.com
O15 - Trusted Zone: http://abcv.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://conf.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://maint.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://search.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://www.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://*.kpmgconsulting.com (HKLM)
O15 - Trusted Zone: http://www.kpmgtax.com (HKLM)
O15 - Trusted Zone: http://www.matrixcapitalonline.com (HKLM)
O15 - Trusted Zone: http://*.meomweb14 (HKLM)
O15 - Trusted Zone: http://kworld2.newsedge-web.com (HKLM)
O16 - DPF: TIMEnX - http://timenx.us.kworld.kpmg.com/TIMEnX.cab
O16 - DPF: TIMEnX Client Library - http://timenx.us.kworld.kpmg.com/tnxclient.cab
O16 - DPF: TIMEnX Fonts - http://timenx.us.kworld.kpmg.com/TmxFnt.cab
O16 - DPF: TIMEnX JFC Library - http://timenx.us.kworld.kpmg.com/tnxjfc.cab
O16 - DPF: TIMEnX VisiBroker Library - http://timenx.us.kworld.kpmg.com/tnxvb.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A02451EE00} - http://usisweb.us.kworld.kpmg.com/firm/remote/wfica.cab
O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://www.virtualpc.ema.kpmg.com/images/w...b?egap=internal
O16 - DPF: {6D59A1DF-87FB-11D4-836D-00805F6FC463} - http://usnssexc31/firm/msg/softdist/gdv2ap...dk/SetupINF.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.virtualpc.ema.kworld.kpmg.com/msrdp.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - https://klearnlive.us.kworld.kpmg.com/main/...aDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E4B3C9-6C0D-4173-BF49-D280EA5B9C2A}: NameServer = 194.90.1.5 212.143.212.143
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O18 - Filter: text/html - {D58A2D8C-DA69-4969-8859-AE3B64C17EE1} - C:\WINNT\system32\hhod.dll
O18 - Filter: text/plain - {D58A2D8C-DA69-4969-8859-AE3B64C17EE1} - C:\WINNT\system32\hhod.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINNT\system32\vbsys2.dll
O23 - Service: Altiris eXpress NS Client - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Vsclient Service - Unknown - C:\WINNT\system32\vnxserv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 markymark

markymark
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 18 January 2005 - 04:10 PM

Hi again,
this is an additional log ...
thanx

Logfile of HijackThis v1.99.0
Scan saved at 23:08:38, on 18/01/05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\vnxserv.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\PROGRA~1\Navnt\vpexrt.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\KPMG\Global Desktop\Utilities\SSService.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\RightFax\faxctrl.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\WINNT\Softalkr\Bin\Softalkr.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Documents and Settings\markzeman\My Documents\stuff\this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\MARKZE~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.israel.kworld.kpmg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\MARKZE~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by KPMG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61798BDF-019B-4418-9B76-DB64BFF9E5A9} - C:\WINNT\system32\hhod.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [KPMG Profile Manager] C:\Program Files\KPMG\Global Desktop\Utilities\kpmg profile manager.exe
O4 - HKLM\..\Run: [SSv2] C:\Program Files\KPMG\Global Desktop\Utilities\SSService.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [LiveUpdate Check] C:\Program Files\navnt\vpdn_lu.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SoftTalker] C:\WINNT\Softalkr\Bin\Softalkr.exe
O4 - HKCU\..\Run: [Install BlackICE] "C:\Program Files\KPMG\Global Desktop\Utilities\BlackICE\GDSetup.exe"
O4 - HKCU\..\Run: [Install Inventory Agent] "C:\Program Files\KPMG\Global Desktop\Utilities\InvAgent\GDSetup.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://abcv.kworld.kpmg.com
O15 - Trusted Zone: http://conf.kworld.kpmg.com
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com
O15 - Trusted Zone: http://maint.kworld.kpmg.com
O15 - Trusted Zone: http://search.kworld.kpmg.com
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com
O15 - Trusted Zone: http://www.kworld.kpmg.com
O15 - Trusted Zone: http://*.kpmgconsulting.com
O15 - Trusted Zone: http://www.kpmgtax.com
O15 - Trusted Zone: http://www.matrixcapitalonline.com
O15 - Trusted Zone: http://*.meomweb14
O15 - Trusted Zone: http://kworld2.newsedge-web.com
O15 - Trusted Zone: http://abcv.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://conf.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://cvsearch.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://maint.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://search.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://suggestions.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://training1.us.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://www.kworld.kpmg.com (HKLM)
O15 - Trusted Zone: http://*.kpmgconsulting.com (HKLM)
O15 - Trusted Zone: http://www.kpmgtax.com (HKLM)
O15 - Trusted Zone: http://www.matrixcapitalonline.com (HKLM)
O15 - Trusted Zone: http://*.meomweb14 (HKLM)
O15 - Trusted Zone: http://kworld2.newsedge-web.com (HKLM)
O16 - DPF: TIMEnX - http://timenx.us.kworld.kpmg.com/TIMEnX.cab
O16 - DPF: TIMEnX Client Library - http://timenx.us.kworld.kpmg.com/tnxclient.cab
O16 - DPF: TIMEnX Fonts - http://timenx.us.kworld.kpmg.com/TmxFnt.cab
O16 - DPF: TIMEnX JFC Library - http://timenx.us.kworld.kpmg.com/tnxjfc.cab
O16 - DPF: TIMEnX VisiBroker Library - http://timenx.us.kworld.kpmg.com/tnxvb.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A02451EE00} - http://usisweb.us.kworld.kpmg.com/firm/remote/wfica.cab
O16 - DPF: {57875390-EAE5-4408-A5D1-592B642FB900} (Whale Attachment Wiper ) - https://www.virtualpc.ema.kpmg.com/images/w...b?egap=internal
O16 - DPF: {6D59A1DF-87FB-11D4-836D-00805F6FC463} - http://usnssexc31/firm/msg/softdist/gdv2ap...dk/SetupINF.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://www.virtualpc.ema.kworld.kpmg.com/msrdp.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - https://klearnlive.us.kworld.kpmg.com/main/...aDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E4B3C9-6C0D-4173-BF49-D280EA5B9C2A}: NameServer = 212.143.212.143 194.90.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = clients.us.kworld.kpmg.com
O18 - Filter: text/html - {2EF1EA6B-782C-4117-AF6E-A077C15CD202} - C:\WINNT\system32\hhod.dll
O18 - Filter: text/plain - {2EF1EA6B-782C-4117-AF6E-A077C15CD202} - C:\WINNT\system32\hhod.dll
O23 - Service: Altiris eXpress NS Client - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Navnt\rtvscan.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Vsclient Service - Unknown - C:\WINNT\system32\vnxserv.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:59 PM

Posted 26 January 2005 - 11:04 AM

If you are still having a problem, please post a brand new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users