# Slow at starting up



## toosunNeo (Oct 28, 2006)

Hi everyone,

I am having problem with my work computer. After I log onto windows with userid and password, it will load up the desktop in about a minute, which is fine, but then it just hangs up there, and keep loading for about 10 minutes before i can open internet explorer, word or any other programs. The only way I know when it is completed loading up is to see that all the little icons on system tray are all there and then i can open the programs. It used to be lot faster before, but this problem started happening recently, so I am not sure what is the problem. could someone help me fix this problem, so that it will start up faster and so I can do my work faster? I would appreciate your help. Below is my hijack log. I hope that helps.

Thx

Neo

Logfile of HijackThis v1.99.1
Scan saved at 7:01:25 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\khost.exe
C:\Program Files\EYMarimba\ESD Client\Tuner.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\EYMarimba\ESD Client\lib\jre\bin\java.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Pointsec\P95tray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\RBManager\RBManager.EXE
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\EY AWS\bin\NetAPISrvr.exe
C:\WINDOWS\system32\PROT_SRV.EXE
C:\WINDOWS\system32\pagents.exe
C:\WINDOWS\system32\PSTARTSR.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\CyberArmor\casvc.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\shahne2\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home-americas.ey.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home-americas.ey.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ernst & Young
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyServer = ftp=usweb:80;http=usweb:80;https=usweb:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = *.ey.net;*.iweb.ey.com;199.50.20.187;*.eylink.com;199.50.20.186;*.adc.ey.com;gosystemrs.fasttax.com;169.254.*.*;riatraining.com;www.riahelp.com;iweb.eycan.com;txrn....quickplace.ey;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] " C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2
a.exe" /runonce
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] " C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5
a.exe" /runonce
O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey
O4 - HKLM\..\Run: [EYUSESD] c:\Program Files\EYMarimba\ESD Client\Tuner.exe -nologo
O4 - HKLM\..\Run: [_NotesINIBKUP] c:\Program Files\Eyutils\notesinicpy.EXE
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"
O4 - HKLM\..\Run: [Recycle Bin Manager] "C:\Program Files\RBManager\RBManager.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check
O4 - HKLM\..\Run: [AAPAcqService] C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\shahne2\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O14 - IERESET.INF: START_PAGE_URL=http://home-americas.ey.net/
O15 - Trusted Zone: http://*.iweb.ey.com
O15 - Trusted Zone: http://*.ltdcenter.ey.com
O15 - Trusted Zone: http://*.ey.com
O15 - Trusted Zone: http://*.us.na.ey.net
O15 - Trusted Zone: http://*.ey.net
O15 - Trusted Zone: http://*.eylink.com
O15 - Trusted Zone: http://*.eyqa.net
O15 - Trusted Zone: http://*.eyua.net
O15 - Trusted Zone: http://ey.fincad.com
O15 - Trusted Zone: http://*.intellinex-asp.com
O15 - Trusted Zone: http://*.intellinex.com
O15 - Trusted Zone: http://web.lexis.com
O15 - Trusted Zone: http://intellinex.raindance.com
O15 - Trusted Zone: http://*.smarttrainer4.com
O15 - Trusted Zone: http://*.surveymonkey.com
O15 - Trusted Zone: http://*.thomsonib.com
O15 - Trusted Zone: http://cserver.xtremelearning.com
O15 - Trusted Zone: http://*.iweb.ey.com (HKLM)
O15 - Trusted Zone: http://*.ltdcenter.ey.com (HKLM)
O15 - Trusted Zone: http://eyonline-er*.ey.com (HKLM)
O15 - Trusted Zone: http://*.ey.com (HKLM)
O15 - Trusted Zone: http://*.us.na.ey.net (HKLM)
O15 - Trusted Zone: http://*.ey.net (HKLM)
O15 - Trusted Zone: http://*.eylink.com (HKLM)
O15 - Trusted Zone: http://*.eyqa.net (HKLM)
O15 - Trusted Zone: http://*.eyua.net (HKLM)
O15 - Trusted Zone: http://ey.fincad.com (HKLM)
O15 - Trusted Zone: http://*.intellinex-asp.com (HKLM)
O15 - Trusted Zone: http://*.intellinex.com (HKLM)
O15 - Trusted Zone: http://web.lexis.com (HKLM)
O15 - Trusted Zone: http://intellinex.raindance.com (HKLM)
O15 - Trusted Zone: http://*.smarttrainer4.com (HKLM)
O15 - Trusted Zone: http://*.surveymonkey.com (HKLM)
O15 - Trusted Zone: http://ey.taleo.net (HKLM)
O15 - Trusted Zone: http://*.thomsonib.com (HKLM)
O15 - Trusted Zone: http://cserver.xtremelearning.com (HKLM)
O15 - Trusted IP range: http://10.10.11.193
O15 - Trusted IP range: http://10.10.11.193 (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey.com/kweb6/cab/notesuser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://amwc01.ey.net/sametime/stmee...STJNILoader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...ro.cab34246.cab
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} (gpwsx.plugin) - https://print-globalselfhelp.ey.net...ugin/EYGPWS.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/chzl/de...ploader_v10.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\Software\..\Telephony: DomainName = us.na.ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3111E2-F8B4-41E3-BFEC-B80E9D52C1EE}: Domain = US.NA.EY.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6175F63-3F47-40EE-B9EC-C9CACCBA2DFD}: Domain = US.NA.EY.NET
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DC2A0E-23ED-4039-8237-1C6D9D872E3D}: Domain = US.NA.EY.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.na.ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: cahooknt.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network API Server (NetAPISrvr) - Unknown owner - C:\Program Files\EY AWS\bin\NetAPISrvr.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm1
2.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe


----------



## jp198780 (Oct 28, 2006)

just looking at your log, it does look like you have infections, but i dont read the logs..

what are your computer specs?


----------



## toosunNeo (Oct 28, 2006)

My computer specs is Dell Latitude D620 1.83GHz, 1.99GB RAM, 70 GB hard disk. I am not sure what else to include. let me know if I missed anything.

Thanks


----------



## jp198780 (Oct 28, 2006)

with them specs that computer should fly, you deffinately have infections, hold up 4 a log reader 2 come along...


----------



## PC eye (Oct 28, 2006)

There are a number of reasons for seeing system slowdowns without pointing at viruses or spywares. The memory installed could now be seeing faults develop. The system registry may simply be starting to see a clutter of invalid entries from software changes. And the hard drive volume could be heavily fragmented from lack of periodic maintainence.

 The following are some possible and must fix items to look over.
C:\Program Files\Aventail\Connect\as32svc.exe  "unknown"
C:\Program Files\EYMarimba\ESD Client\Tuner.exe  "unknown"
C:\Program Files\Pointsec\P95tray.exe  "unknown"
 C:\Program Files\RBManager\RBManager.EXE  "unknown"
C:\PROGRA~1\CYBERA~1\pcshelp.exe  "unknown"

C:\Program Files\Connected\CBSysTray.exe   "unknown"
C:\Program Files\Connected\CBRegCap.EXE  "unknown"
C:\Program Files\Connected\CBlaunch.exe  "unknown"
C:\Program Files\EY AWS\bin\NetAPISrvr.exe  "unknown"
C:\WINDOWS\system32\PROT_SRV.EXE  "unknown"C:\WINDOWS\system32\pagents.exe  "unknown"
 C:\WINDOWS\system32\PSTARTSR.EXE  "unknown"
C:\PROGRA~1\CYBERA~1\pcs.exe  "unknown"
C:\PROGRA~1\CYBERA~1\pcshelp.exe  "unknown"
 O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] " C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2  "unknown"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] " C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5  "unknown"
O4 - HKLM\..\Run: [Kontiki] "C:\Program Files\Kontiki\khost.exe" -i -p ey-ey  "unknown"
O4 - HKLM\..\Run: [EYUSESD] c:\Program Files\EYMarimba\ESD Client\Tuner.exe -nologo  "unknown"
O4 - HKLM\..\Run: [_NotesINIBKUP] c:\Program Files\Eyutils\notesinicpy.EXE "unknown"
 O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"  "unknown"
O4 - HKLM\..\Run: [Recycle Bin Manager] "C:\Program Files\RBManager\RBManager.EXE"  "unknown"
O4 - HKLM\..\Run: [CyberArmorHelper] C:\PROGRA~1\CYBERA~1\pcshelp.exe -check  "unknown"
O4 - HKLM\..\Run: [AAPAcqService] C:\Program Files\AAP\ACQ\EY.AAP.Acquisition.exe  "unknown"
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe 
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\shahne2\Start Menu\Programs\IMVU\Run IMVU.lnk  "possible nasty"
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll   "nasty Spybot S&D recommended"
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll  "nasty Spybot S&D recommended)
O16 - DPF: {51B217FA-AA53-11D1-8295-006097970389} (NotesUserCtrl Class) - http://home.iweb.ey.com/kweb6/cab/notesuser.cab  "possible nasty"
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://amwc01.ey.net/sametime/stmee...STJNILoader.cab  "possible nasty"
O16 - DPF: {C5A27D6A-4659-4351-9B7F-45E40BE42715} (gpwsx.plugin) - https://print-globalselfhelp.ey.net...ugin/EYGPWS.CAB  "possible nasty"
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.na.ey.net  "possible"?
O17 - HKLM\Software\..\Telephony: DomainName = us.na.ey.net  "possible"?
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3111E2-F8B4-41E3-BFEC-B80E9D52C1EE}: Domain = US.NA.EY.NET  "possible"?
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6175F63-3F47-40EE-B9EC-C9CACCBA2DFD}: Domain = US.NA.EY.NET  "possible"?
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3DC2A0E-23ED-4039-8237-1C6D9D872E3D}: Domain = US.NA.EY.NET  "possible"?

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.na.ey.net  "possible"?
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com  "possible"?
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.na.ey.net  "possible"?
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com  "possible"?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.na.ey.net,ey.net,ey.com,eycan.com  "possible"?
 O20 - AppInit_DLLs: cahooknt.dll  "unknown"


O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll   "uknown"
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe  "unknown" 
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE  "unknown"
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe  "unknown"
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe  "unknown"
O23 - Service: Network API Server (NetAPISrvr) - Unknown owner - C:\Program Files\EY AWS\bin\NetAPISrvr.exe  "unknown"
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE  "unknown"
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm1  "unknown"
2.exe  "manual deletion recommended"
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE  "unknown"
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe  "unknown"
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE  "unknown"

 Most of these are simply unknown to the HT data base and are non threatening. The "NASTIES" to some degree are items that require deletion. A good free registry cleaner like the freeware RegCleaner found at http://www.majorgeeks.com/RegCleaner_d460.html would be a good thing as well as a few other tools like AVG 7.5 and AVG Anti-Spyware Free found at http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free


----------



## jp198780 (Oct 28, 2006)

in HJT, you put a check next 2 all them files, (if you didnt know), that click Fix Selected...


----------



## PC eye (Oct 28, 2006)

jp198780 said:


> in HJT, you put a check next 2 all them files, (if you didnt know), that click Fix Selected...


 
 In a large number of things there HT doesn't have them in the HT data as confirmed malwares. Often utilities like HT and CCleaner look for unattached items and point at them as possible. If you install a new toolbar that can also be pointed at as a form of adware. There are some that point at being items to remove if HT recognises them as being "out of place" compared to normal entries expected to be there.


----------



## JuggaloKillaz (Oct 28, 2006)

try cleaning the registry and use the msconfig comand and uncheck the programs you dont want to startup in the process.


----------



## PC eye (Oct 29, 2006)

Besides the other free utilities at the links posted earlier Microsoft has just released the full version of the Windows Defender available free at http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&DisplayLang=en
 Microsoft also has a Malicious software removal tool available at http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en


----------



## cynimyn44 (May 13, 2009)

Do you have a computer guy at work? Try asking them to reset your profile (if you use them) and/or run some type of preventative scan. That is what we do almost all day!


----------

