Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
 |
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,310
Reputation: 
Rep Power: 23
Solved Threads: 491
Which version of the shredder do you have? Try the latest if you do not have it.
Download CWShredder 2 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.
AFAIK, Spywareblaster does not give any warnings regarding malware on your PC.
Download CWShredder 2 from here. Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.
AFAIK, Spywareblaster does not give any warnings regarding malware on your PC.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Feb 2005
Posts: 15
Reputation:
Rep Power: 4
Solved Threads: 0
Newbie Poster
Here is where I stand today:
It looks as though any other issues that did exist on my system are gone except some variant of CWS. I am currently assuming it is a variant of CWS because some spyware tools do find it and others do not. I do still have the same symptoms with explorer. Meaning, IE and Windows File Explorer do not open. Anytime I attempt to open IE, I get messages from various spyware tools that indicate the home page is being automatically changed to about:blank.
I seem to have tried most everything here: (the latest are)
about:Buster failed to remove Cool Web Search and reported that it did not find any issues with my system.
SpySubtract reports there are variants of CWS on my system.
I am certainly open to continue working on this. I would hate to have to format and reinstall my OS. Any other suggestions?
Again, thank you in advance for all of your help!
Bob
It looks as though any other issues that did exist on my system are gone except some variant of CWS. I am currently assuming it is a variant of CWS because some spyware tools do find it and others do not. I do still have the same symptoms with explorer. Meaning, IE and Windows File Explorer do not open. Anytime I attempt to open IE, I get messages from various spyware tools that indicate the home page is being automatically changed to about:blank.
I seem to have tried most everything here: (the latest are)
about:Buster failed to remove Cool Web Search and reported that it did not find any issues with my system.
SpySubtract reports there are variants of CWS on my system.
I am certainly open to continue working on this. I would hate to have to format and reinstall my OS. Any other suggestions?
Again, thank you in advance for all of your help!
Bob
•
•
Join Date: Jul 2004
Location: Washington, USA
Posts: 2,964
Reputation:
Rep Power: 10
Solved Threads: 189
•
•
•
•
Originally Posted by DMR
...you should go to the Windows Update page on Microsoft's site and download the most current critical fixes for your system...
Have you done this yet?Also, have you run CWShredder 2 yet?
After you've done those two things, scan with HJT and post a new log please.
Oh, by the way, what version of Xoftspy do you have? Versions prior to 4.0 give false positives in order to get you to buy it.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
Join Date: Feb 2005
Posts: 15
Reputation:
Rep Power: 4
Solved Threads: 0
Newbie Poster
Unfortunately, I cannot run Windows Update; it requires Internet Explorer which is where I am having all of my problems.
I have run CWShredder 2, it reports that there are no threats on my system at all.
I am using the latest version of XoftSpy (v4.09). It reports 'Trojan/CWS Combo' threat. I have hesitated to purchase this tool until I am certain what issues my system really has and confident it will resolve them.
Just an FYI; this is a development workstation. I am running Windows Server 2003 Standard Edition. I develop software for Microsoft CRM, SharePoint and Project Server; this is why I have a server OS installed. The server OS may be at the root of why some of these tools cannot solve the problems.
Also, I am not opposed to purchasing tools that facilitate resolving the problem. What bothers me is, I have spent over $300 on various tools and still have not resolved anything.
I will post a new HJT log next.
I have run CWShredder 2, it reports that there are no threats on my system at all.
I am using the latest version of XoftSpy (v4.09). It reports 'Trojan/CWS Combo' threat. I have hesitated to purchase this tool until I am certain what issues my system really has and confident it will resolve them.
Just an FYI; this is a development workstation. I am running Windows Server 2003 Standard Edition. I develop software for Microsoft CRM, SharePoint and Project Server; this is why I have a server OS installed. The server OS may be at the root of why some of these tools cannot solve the problems.
Also, I am not opposed to purchasing tools that facilitate resolving the problem. What bothers me is, I have spent over $300 on various tools and still have not resolved anything.
I will post a new HJT log next.
•
•
Join Date: Feb 2005
Posts: 15
Reputation:
Rep Power: 4
Solved Threads: 0
Newbie Poster
Logfile of HijackThis v1.99.0
Scan saved at 6:23:40 PM, on 2/8/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\interMute\SpySubtract\SpySub.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Spyware Nuker] d:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
Scan saved at 6:23:40 PM, on 2/8/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\interMute\SpySubtract\SpySub.exe
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
D:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Spyware Nuker] d:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
|
Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
- Only One IE window open at a time! (Web Browsers)
- IE won't open on its own anymore (OS X)
- outlook wont open (Windows NT / 2000 / XP / 2003)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: My Internet Explorer has been invaded :-(
- Next Thread: Pop-Up Problem; Microsoft Aps Slowed
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
