MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Internet & Email arrow Topic: Irritating popups keep coming....
September 19, 2019, 09:02:52 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 19, 2019, 09:02:52 AM

Login with username, password and session length
 
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Irritating popups keep coming....  (Read 1819 times)
sanjeevm
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« on: June 28, 2005, 04:09:16 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows 2003 Server
Problem Application Name & Version: I believe it is Ebates
Problem Hardware Make & Model:
Error Messages: Keep getting popups every 5 mins or so



I have run AdAware, SpyBot, HouseCall and CWShredder but the problem is still there. Everytime I run AdAware, it finds a registration key for Ebates. I quarantine it but when I run AdAware again, it is still there. The questionable key is \\HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-500\Software\LQ\AC. I saw that when I quarantine it from AdAware, it gets deleted but reappears within 10 seconds!

The irritating problem that I am having is that I have ads popping up every 5 minutes or so. The frequency is more if I surfing the net.

I am hereby attaching the HijackThis log.

Please help! The popups are really annoying, to say the least.

Thanks,
Sanjeev

===========================================================

Logfile of HijackThis v1.99.1
Scan saved at 10:44:31 AM, on 6/28/2005
Platform: Windows 2003  (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\WebCompServer.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\cacheserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\EventServer.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\inputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\outputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\ProgramServer.exe
C:\Program Files\Common Files\Crystal Decisions\2.5\bin\crystalras.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\JobServer.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\pageserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\WINDOWS\system32\libcore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lapsvcs.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joneslanglasalle.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.joneslanglasalle.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.am.joneslanglasalle.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteclk32.exe
O4 - HKLM\..\Run: [739h3tP] libcore.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [M0qnRjj6S] lapsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwcc.ops.placeware.com/etc/place/CHAIR/VACpws-c1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://tapdevprojtest/projectserver/objects/pjclient.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - https://delphilil.am.joneslanglasalle.com/basic/msddsc.cab
O16 - DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} (SAXFileEE FileUpload ActiveX Control) - http://demo.softartisans.com/FileTransfer/XFile/cab/saxfileee.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://tapdevprojtest/projectserver/objects/1033/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://timesheet.trans-tech.com/solweb/SDClientTools.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://aspupload.com/xupload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O17 - HKLM\Software\..\Telephony: DomainName = delphiprd.am.joneslanglasalle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Crystal Cache Server (CacheServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\cacheserver.exe
O23 - Service: Crystal Event Server (CrystalEventServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\inputfileserver.exe
O23 - Service: Crystal Management Server (CrystalMS) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\CrystalMS.exe
O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\outputfileserver.exe
O23 - Service: Crystal Program Job Server (CrystalProgramServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\ProgramServer.exe
O23 - Service: Crystal Report Application Server (CrystalReportApplicationServer) - Crystal Decisions - C:\Program Files\Common Files\Crystal Decisions\2.5\bin\crystalras.exe
O23 - Service: Crystal Report Job Server (JobServer_Report) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\JobServer.exe
O23 - Service: Crystal Page Server (pageserver) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service (PjConnectSvc) - Unknown owner - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service (PjSchSvc) - Unknown owner - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: Crystal Web Component Server (WebCompServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\WebCompServer.exe


Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: June 28, 2005, 08:04:12 PM »

Hello and Welcome to MyTechSupport.ca

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.


Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
 To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Scan your pc with one of these free online scanners:
Panda ActiveScan
RAV AntiVirus
Housecall.  Be sure to put a check the box beside AutoClean.

Dowload the Elite Toolbar Remover


Look carefully what you have to do:

The only thing you have to do is to reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

Occasionally a DOS box could face-up to asking your permission in deleting some files inside the temporary Windows directories. You must accepting the deletion of them to be sure to fisically removing the malware!



Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one (You must kill them one at a time).

C:\WINDOWS\system32\libcore.exe
C:\WINDOWS\system32\lapsvcs.exe


Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteclk32.exe
O4 - HKLM\..\Run: [739h3tP] libcore.exe
O4 - HKCU\..\Run: [M0qnRjj6S] lapsvcs.exe


Please remember to close all other windows, including browsers then click Fix checked.

 Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\system32\libcore.exe
C:\WINDOWS\system32\lapsvcs.exe
C:\windows\system32\eliteclk32.exe

Delete your temp/temp internet files and Empty your Recycle Bin.

Reboot your System in normal mode.

Please post a fresh Hijack This log so that we can check if your system is clean.

« Last Edit: June 28, 2005, 08:14:06 PM by Geekgirl » Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
sanjeevm
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: June 28, 2005, 09:27:35 PM »

Hi GeekGirl,

I followed the steps in your post. After completing all the steps and rebooting the machine in normal mode, I saw that the entire \\HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-500\Software\LQ registry entry is gone. Looks like the problem is fixed!

I am not sure if girls rule but u surely do ROCK!

Here is the Hijack This log. After looking at it, can you please confirm that my machine is 100% clean.

Thanks,
Sanjeev

==============================================================

Logfile of HijackThis v1.99.1
Scan saved at 4:16:18 PM, on 6/28/2005
Platform: Windows 2003  (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\WebCompServer.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\cacheserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\EventServer.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\inputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\CrystalMS.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\outputfileserver.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\ProgramServer.exe
C:\Program Files\Common Files\Crystal Decisions\2.5\bin\crystalras.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\JobServer.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\pageserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joneslanglasalle.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.joneslanglasalle.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.am.joneslanglasalle.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwcc.ops.placeware.com/etc/place/CHAIR/VACpws-c1/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://tapdevprojtest/projectserver/objects/pjclient.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - https://delphilil.am.joneslanglasalle.com/basic/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119989142234
O16 - DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} (SAXFileEE FileUpload ActiveX Control) - http://demo.softartisans.com/FileTransfer/XFile/cab/saxfileee.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://tapdevprojtest/projectserver/objects/1033/pjcintl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://timesheet.trans-tech.com/solweb/SDClientTools.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://aspupload.com/xupload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O17 - HKLM\Software\..\Telephony: DomainName = delphiprd.am.joneslanglasalle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = delphiprd.am.joneslanglasalle.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Crystal Cache Server (CacheServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\cacheserver.exe
O23 - Service: Crystal Event Server (CrystalEventServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\EventServer.exe
O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\inputfileserver.exe
O23 - Service: Crystal Management Server (CrystalMS) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\CrystalMS.exe
O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\outputfileserver.exe
O23 - Service: Crystal Program Job Server (CrystalProgramServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\ProgramServer.exe
O23 - Service: Crystal Report Application Server (CrystalReportApplicationServer) - Crystal Decisions - C:\Program Files\Common Files\Crystal Decisions\2.5\bin\crystalras.exe
O23 - Service: Crystal Report Job Server (JobServer_Report) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\JobServer.exe
O23 - Service: Crystal Page Server (pageserver) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\pageserver.exe
O23 - Service: Project Server Connector Service (PjConnectSvc) - Unknown owner - C:\Program Files\Microsoft Office Project Server 2003\BIN\CNCTSVC.EXE
O23 - Service: Project Server Scheduled Process Service (PjSchSvc) - Unknown owner - C:\Program Files\Microsoft Office Project Server 2003\BIN\PJSCHSVC.EXE
O23 - Service: Crystal Web Component Server (WebCompServer) - Crystal Decisions - C:\Program Files\Crystal Decisions\Enterprise 10\win32_x86\WebCompServer.exe

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #3 on: June 28, 2005, 09:36:45 PM »

It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. I suggest using AVG Free Edition if you do not have one installed already. If you do please get your definitions updated.

Your log is clean. Are there any problems now? If not, you should be set to go.


To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial Anti-Spyware Tutorial and use the tools provided.

Thank you for visiting MyTechSupport.ca Grin
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 27, 2019, 09:42:45 PM