 |  |  |  |  |  |  |  |
IE Will Not Open Anymore
 |
DMR,
I see where you are going with this now, HijackThis is a very cool utility. I did follow your previous instructions exactly and the files listed seem to be gone from the log now; I have posted a fresh copy below! Unfortunately, I still have the same problems. Meaning, Explorer opens and closes very fast. And, when SpySweeper is running, it detects another application attempting to change the home page to about:blank.
Is this a train and error process where we continue to work our way through startup programs and processes to eventually locate the threat?
=============================================
Logfile of HijackThis v1.99.0
Scan saved at 7:50:14 AM, on 2/5/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Sauce Reader - {a8f0736c-0b1a-4995-b239-843cd7f5f442} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - d:\Program Files\Paessler Site Inspector\psibar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://d:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://d:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://d:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://d:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://d:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://d:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://d:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://d:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://d:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PSI Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sp.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
====================================================
Thank you again for all the help!
Bob
I see where you are going with this now, HijackThis is a very cool utility. I did follow your previous instructions exactly and the files listed seem to be gone from the log now; I have posted a fresh copy below! Unfortunately, I still have the same problems. Meaning, Explorer opens and closes very fast. And, when SpySweeper is running, it detects another application attempting to change the home page to about:blank.
Is this a train and error process where we continue to work our way through startup programs and processes to eventually locate the threat?
=============================================
Logfile of HijackThis v1.99.0
Scan saved at 7:50:14 AM, on 2/5/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Sauce Reader - {a8f0736c-0b1a-4995-b239-843cd7f5f442} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Paessler Site Inspector Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - d:\Program Files\Paessler Site Inspector\psibar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = D:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-tag.ieb
O8 - Extra context menu item: PSI: Copy Image URL - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-img-src.ieb
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://d:\Program Files\Paessler Site Inspector\psi.dll/copy-a-tag.ieb
O8 - Extra context menu item: PSI: Copy Meister - res://d:\Program Files\Paessler Site Inspector\psi.dll/copymeister.ieb
O8 - Extra context menu item: PSI: Open Frame In New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: PSI: Open Frame In This Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-frame-in-this-window.ieb
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://d:\Program Files\Paessler Site Inspector\psi.dll/open-selection.ieb
O8 - Extra context menu item: PSI: Show All Forms - res://d:\Program Files\Paessler Site Inspector\psi.dll/FormsModule.ieb
O8 - Extra context menu item: PSI: Show All Images - res://d:\Program Files\Paessler Site Inspector\psi.dll/ImagesModule.ieb
O8 - Extra context menu item: PSI: Show All Links - res://d:\Program Files\Paessler Site Inspector\psi.dll/LinksModule.ieb
O8 - Extra context menu item: PSI: Show All Scripts - res://d:\Program Files\Paessler Site Inspector\psi.dll/ScriptsModule.ieb
O8 - Extra context menu item: PSI: Show All Stylesheets - res://d:\Program Files\Paessler Site Inspector\psi.dll/StylesheetsModule.ieb
O8 - Extra context menu item: PSI: Show Complete Page Analysis - res://d:\Program Files\Paessler Site Inspector\psi.dll/element.ieb
O8 - Extra context menu item: PSI: Show Element Hilighter - res://d:\Program Files\Paessler Site Inspector\psi.dll/hilighter.ieb
O8 - Extra context menu item: PSI: Show HTTP Header - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModule.ieb
O8 - Extra context menu item: PSI: Show HTTP Header of Target - res://d:\Program Files\Paessler Site Inspector\psi.dll/HttpDocumentModuleForAnchor.ieb
O8 - Extra context menu item: PSI: Show Source based on DOM - res://d:\Program Files\Paessler Site Inspector\psi.dll/DomDocumentModule.ieb
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PSI Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra 'Tools' menuitem: Paessler Site Inspector Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - d:\Program Files\Paessler Site Inspector\psibar.dll
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sp.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service - Unknown - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
====================================================
Thank you again for all the help!
Bob
•
•
•
•
Originally Posted by brm1999
Unfortunately, I still have the same problems. Meaning, Explorer opens and closes very fast. And, when SpySweeper is running, it detects another application attempting to change the home page to about:blank.
Is this a train and error process where we continue to work our way through startup programs and processes to eventually locate the threat?
Hmm- HijackThis can usually determine the version of Windows you're running, but your particular log reports the following instead:"Platform: Unknown Windows (WinNT 5.02.3790)"
What exact version of Windows are you using?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2004
Posts: 10,113
Reputation: 
Solved Threads: 769
Seems like it may be XP x64? Or maybe 2003 (beta)?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Could be; I didn't have the time to resaerch it when I last posted.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
All -- More Updates! 
Ad-Aware still reports a DSO exploit. I fix the problem, reboot into safe mode, delete files, empty the recycle bin, etc (per your instructions) and it continues to return.
Spybot - S&D currently reports no problems.
XoftSpy reports CWS Combo trojan issue. I ran crap cleaner and cwshredder. CW Shredder reported there was no variant of a CWS trojan found.
I removed a lot of startup processes to trim down the log file generated by HijackThis. Here is the latest version.
Logfile of HijackThis v1.99.0
Scan saved at 8:34:18 AM, on 2/6/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (file missing) (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
Ad-Aware still reports a DSO exploit. I fix the problem, reboot into safe mode, delete files, empty the recycle bin, etc (per your instructions) and it continues to return.
Spybot - S&D currently reports no problems.
XoftSpy reports CWS Combo trojan issue. I ran crap cleaner and cwshredder. CW Shredder reported there was no variant of a CWS trojan found.
I removed a lot of startup processes to trim down the log file generated by HijackThis. Here is the latest version.
Logfile of HijackThis v1.99.0
Scan saved at 8:34:18 AM, on 2/6/2005
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe
C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
D:\Software\HijackThis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://d%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\bob.mixon\Application Data\Mozilla\Profiles\default\lqlqy86o.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: AntiSpyware Class - {C6176B04-8896-4446-9939-E00EE94C420F} - C:\WINDOWS\system32\ash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &WebPageToOneNote - res:///204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebPageToOneNote - {C20822F3-54CF-4da1-87B7-174090D62D36} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNote.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WebPageToOneNote Options - {DD6E38FD-66DC-4657-8FC7-9DCBED68D2B2} - C:\Program Files\WebPageToOneNote PowerToy\WebPageToOneNoteOptions.dll (file missing) (HKCU)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://localhost:8000/projectserver/...s/pjclient.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://localhost:8000/projectserver/...33/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = vixcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{F121EC02-46EF-4D02-812B-6AD58C4EE80B}: NameServer = 127.0.0.1,66.75.160.41,66.75.160.42
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vixcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vixcorp.net
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crystal Cache Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe
O23 - Service: Crystal APS - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe
O23 - Service: Crystal Event Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe
O23 - Service: Crystal Output File Repository Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe
O23 - Service: Crystal Report Job Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Crystal Page Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Crystal Web Component Server - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe
Arg, this is frustrating. I hesitate to continue purchasing various spyware removal tools if they are not going to work. But I also feel stuck, nothing seems to be working here.
The problem seems to be a variant of the CWS trojan but I am not 100% certain of that!
The problem seems to be a variant of the CWS trojan but I am not 100% certain of that!
Spyware Blaster reports the CWS Aboutblank trojan.
It looks as though it is a variant of the CWS trojan. I wish I could find something to remove it without having to spend more money.
I have purchased Spy Sweeper, Norton, McAfee...
It looks as though it is a variant of the CWS trojan. I wish I could find something to remove it without having to spend more money.
I have purchased Spy Sweeper, Norton, McAfee...
1. Your lastest HijackThis log no longer shows indications of infections; but a clean HJT log doesn't necessarilly mean a clean system.
2. A description of the Aboutblank CWS hijacker variant, as well as manual removal instructions for it, can be found here: http://www3.ca.com/securityadvisor/p...x?id=453082839
However, as fully-patched versions of Windows/Internet Explorer are reportedly immune to the infection, you should go to the Windows Update page on Microsoft's site and download the most current critical fixes for your system before attempting a manual fix which involves mucking around in the Registry.
Again, your log shows no indication of this, but there are new CWS-based, about:blank-related infections which CWShredder cannot fix. If you want, you can see if these two additional utilities find/fix anything (it won't hurt to try):
about:Buster: http://www.majorgeeks.com/download4289.html
HSRemove: http://www.majorgeeks.com/download4286.html
3. You can protect against DSO (and other) exploits by tightening up some of the default security-oriented settings in your Internet Options control panel; instructions can be found here:
https://netfiles.uiuc.edu/ehowes/www...s.htm#security
4. I deleted your duplicate post for you, but FYI: you can modify your own posts if you need to- just click on the "Edit" button in the lower right-hand corner of a post and a window will open in which you can delete or edit the post.
2. A description of the Aboutblank CWS hijacker variant, as well as manual removal instructions for it, can be found here: http://www3.ca.com/securityadvisor/p...x?id=453082839
However, as fully-patched versions of Windows/Internet Explorer are reportedly immune to the infection, you should go to the Windows Update page on Microsoft's site and download the most current critical fixes for your system before attempting a manual fix which involves mucking around in the Registry.
Again, your log shows no indication of this, but there are new CWS-based, about:blank-related infections which CWShredder cannot fix. If you want, you can see if these two additional utilities find/fix anything (it won't hurt to try):
about:Buster: http://www.majorgeeks.com/download4289.html
HSRemove: http://www.majorgeeks.com/download4286.html
3. You can protect against DSO (and other) exploits by tightening up some of the default security-oriented settings in your Internet Options control panel; instructions can be found here:
https://netfiles.uiuc.edu/ehowes/www...s.htm#security
4. I deleted your duplicate post for you, but FYI: you can modify your own posts if you need to- just click on the "Edit" button in the lower right-hand corner of a post and a window will open in which you can delete or edit the post.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- Only One IE window open at a time! (Web Browsers)
- IE won't open on its own anymore (OS X)
- outlook wont open (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: My Internet Explorer has been invaded :-(
- Next Thread: Pop-Up Problem; Microsoft Aps Slowed
Views: 16697 | Replies: 24
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adware anti-malware antivirus apple attack audio avg backtoschoolspeech bar botnet botnets censorship china combofix commercial commercials conficker control crosssitescripting cybercrime cyberwarfare ddos domains e-mafia education email exam exploit explorer facebook fancheckvirus firefox gtaiv gumblar halloween herss.exe hijack hosting internet iphone logfiles mail malware mcafee mega-d microsoft msn nazi news norton obama onlinethreats paedophile panel patch pc pdf policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting reliability report research rogueantivirus rootkit samhain sans scareware school search security seopoisoning sites software spam spyware symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista vulnerability war warning web windows worm yahoo zero-day zeroday
