0

I am having the same problem.When a site fails to open i get this kind of search link which is very annoying and has slowed down my pc to a large extent.The url is
http://dr.webservicehosts.com/
It has many links associated it with.
I tried using hijack this and fix all the related links but it is not deleted and again appears when i run the hijack this.

The log file of hijack this is as follows


Logfile of HijackThis v1.99.0
Scan saved at 10:41:54 PM, on 12/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\erfock.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Install\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cww.i2.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [okwerxwxqaq] C:\WINDOWS\System32\erfock.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O14 - IERESET.INF: START_PAGE_URL=http://cww.i2.com
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://i2indiamail11.i2.com/iNotes.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {4524F6B8-B807-11D5-B6C8-00805F77B630} (Signer Control) - https://www.ultimatix.net/certEXE/Signer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104433240546
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i2.com
O17 - HKLM\Software\..\Telephony: DomainName = i2.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i2.com
O23 - Service: iPlanet Administration Server 5.1 - Sun Netscape Alliance - C:\iPlanet\Servers\bin\https\bin\ns-httpd.exe
O23 - Service: Altiris Agent - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\i2 VPN Access\Extranet_serv.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - Unknown - D:\lotus\notes\ntmulti.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - D:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceTEMPDB - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: iPlanet Directory Server 5 (01hw053624) - Unknown - C:\iPlanet\Servers/bin/slapd/server/ns-slapd.exe

Please Help me.

Thanks in advance.

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Go to Add/Remove Programs in your Control Panel and remove 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if found. You may be given a code to insert, if so, insert it and reboot.

Use ctrl-alt-del to access Task Manager, click on the Processes tab, and End Process on any of these that are running:
wupdt.exe
erfock.exe
salm.exe
conscorr.exe
satmat.exe

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of your C:\Windows\Temp folder
Delete the entire content of your C:\Temp folder
Do a search for *.tmp and delete everything found

Empty your Recycle Bin.

Close all browser windows before fixing anything with hijackthis. Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [okwerxwxqaq] C:\WINDOWS\System32\erfock.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://i2indiamail11.i2.com/iNotes.cab
O16 - DPF: {4524F6B8-B807-11D5-B6C8-00805F77B630} (Signer Control) - https://www.ultimatix.net/certEXE/Signer.cab

Reboot into Safe Mode

Go to
C:\temp and delete salm.exe, if found
C:\WINDOWS and delete conscorr.exe, if found
C:\WINDOWS and delete wupdt.exe, if found
C:\WINDOWS and delete satmat.exe, if found
C:\WINDOWS\System32 and delete erfock.exe, if found

Reboot normally

Do you know what cww.i2.com and iPlanet are?
Do you use Lotus or Oracle?

Close all browser windows, scan with HJT, and post a new log please.

0

Thanks a ton for the help.
I took a printout of your reply and did all the steps as u told and i think everything is fine now .
I think i should give some additional information for things to be clear.Actually i work for i2 Technologies,Inc as Demand Planner consultant and presently i am in Finland.
I have Oracle8i installed on my laptop and we use Lotus notes to check our official mails.
iplanet is the LDAP which is used for user authentication used for i2 products like DP or SCP.
cww.i2.com is the default homepage of ours as it is the intranet of our company.

The log file is as follows :

Logfile of HijackThis v1.99.0
Scan saved at 3:10:13 PM, on 12/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Install\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cww.i2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O14 - IERESET.INF: START_PAGE_URL=http://cww.i2.com
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104433240546
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i2.com
O17 - HKLM\Software\..\Telephony: DomainName = i2.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i2.com
O23 - Service: iPlanet Administration Server 5.1 - Sun Netscape Alliance - C:\iPlanet\Servers\bin\https\bin\ns-httpd.exe
O23 - Service: Altiris Agent - Altiris, Inc. - C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Contivity VPN Service - Nortel Networks NA, Inc. - C:\Program Files\i2 VPN Access\Extranet_serv.exe
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - Unknown - D:\lotus\notes\ntmulti.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown - D:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceTEMPDB - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: iPlanet Directory Server 5 (01hw053624) - Unknown - C:\iPlanet\Servers/bin/slapd/server/ns-slapd.exe


I didnt check the cww.i2.com as is the homepage.I have also installed Google toolbar and MerriamWebster Dictionary toolbar.Do u think that i got infected due to these should i remove them ,actually was annoyed with popups so i had installed the Google toolbar.
Any other suggestion do you have for me for further protection.I always keep my anti-virus which is of Mccafee updated as it automatically gets updated when i login to my company i2 domain inspite of it i got infected.

Thanks a lot once again,i cant tell you how much relieved i am feeling now.

Bye

0

Unfortunately, nothing is going to protect you completely.

Merriam-Webster should not be a problem; I've heard a few complaints about the google toolbar, but I think it should be okay.

You can find more suggestions for keeping your system clean and protected in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html,
in particular the free online virus scans and either SpywareBlaster or SpywareGaurd (or both).

The only possible thing I see in your log is this, unless you know what it's for:
O23 - Service: iPlanet Directory Server 5 (01hw053624) - Unknown - C:\iPlanet\Servers/bin/slapd/server/ns-slapd.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.