Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desperate for help! [RESOLVED]


  • This topic is locked This topic is locked

#1
Hossman

Hossman

    New Member

  • Member
  • Pip
  • 4 posts
Well, I've tried everything I could find, most of which was found right here on this site =) I went through all of the programs suggested and I am still having problems.

Any help is greatly appreciated!!!!

Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 9:49:10 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PARAGON\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://recyber.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\arpala.exe reg_run
O4 - HKLM\..\Run: [Winsucks8 driver] QMRYSCQXK.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [hB4mRUi8R] newupgrd.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSSQL$PARAGON.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.fnismls.com
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://capemay.fnism...rintControl.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {B3A37929-7FF7-4CBE-9579-AC1EF83080DF} (SystemChecker.CheckerCtrl) - http://sjsrmls.fnism...stemChecker.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\CKNSOLE.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Hi Hossman and welcome to GeeksToGo!
I'm working on your log, as soon as another staff member reviews it I'll post a reply.
Thank you for your patience.
Skate_Punk_21
  • 0

#3
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Lets Do IT!
If you have any questions please ask now...Otherwise:


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. These options can be undone when we are completed the Fix, and your system is Dubbed Clean!



Downloads
Download WinPFind
and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. DO NOT RUN ANYTHING IN THE FOLDER YET

Download Track qoo Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT RUN IT YET

Right click on this link and choose Save As. Save it to your desktop. DO NOT RUN IT YET


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\arpala.exe reg_run
O4 - HKLM\..\Run: [Winsucks8 driver] QMRYSCQXK.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKCU\..\Run: [hB4mRUi8R] newupgrd.exe
O15 - Trusted Zone: *.fnismls.com
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\CKNSOLE.DLL

Please remember to close all other windows, including browsers then click Fix checked.


Boot Into Safe Mode
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).


Run Downloaded Programs
1. Right click on that file we downloaded to your desktop "DelO15Domains" and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

2. Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete, Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!



File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\arpala.exe
QMRYSCQXK.EXE<<--Search for and delete
C:\WINDOWS\system32\exp.exe
newupgrd.exe<<--Search for and delete


Reboot your system in Normal Mode.



Double Click on "Track qoo.vbs"
Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!
Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post


Last Thing!!!
Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!


Please post a fresh Hijack This log so that we can check if your system is clean.


To Summarize
I need to see in your next post:
  • Results of WinPFind
  • Results of Track Qoo
  • Log of L2MFix
  • New HijackThis Log

  • 0

#4
Hossman

Hossman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Skate punk you are the man! What a reply, I can't thank you enough!!!

I'll tackle the whole thing as soon as I get home from work...hopefully I'll have a fresh log to post tonight.

I really appreciate you taking the time to help me out, I'm just blown away at the amount of work you did.

I'll get the new hijack log posted ASAP!

Many thanks,

Paul
  • 0

#5
Hossman

Hossman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OK, all done!

The Winpfind scan ended with an error "List index out of bounds (3)". I re-ran the scan and got the same error.

Unfortunately the laptop I was tryin to fix belongs to my roomate's father who needed to take it back with him today. I'm hopin it's clean for the most part, I can walk him through any more fixes over the phone. Also, I think I lost the l2mfix log somewhere when I copied the logs over to my home PC to post. To be honest, I didn't see Notepad open up after the scan completed. I hope that doesn't screw things up for you.

Once again, thank you so much for your help. Very much appreciated!!!

Okie, here are the logs...

Winpfind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
web-nex 7/16/2005 7:11:08 PM 945 C:\WINDOWS\IE4 Error Log.txt

Checking %System% folder...
Umonitor 7/20/2005 7:10:18 PM 417792 C:\WINDOWS\SYSTEM32\adl.dll
WinShutDown 7/20/2005 7:10:18 PM 417792 C:\WINDOWS\SYSTEM32\adl.dll
Umonitor 7/19/2005 9:25:50 PM 417792 C:\WINDOWS\SYSTEM32\czrtcli.dll
WinShutDown 7/19/2005 9:25:50 PM 417792 C:\WINDOWS\SYSTEM32\czrtcli.dll
PEC2 8/28/2002 5:00:00 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
Umonitor 7/20/2005 7:18:20 PM 417792 C:\WINDOWS\SYSTEM32\dLnim.dll
WinShutDown 7/20/2005 7:18:20 PM 417792 C:\WINDOWS\SYSTEM32\dLnim.dll
Umonitor 7/20/2005 1:36:34 PM 417792 C:\WINDOWS\SYSTEM32\DNDLGS.DLL
WinShutDown 7/20/2005 1:36:34 PM 417792 C:\WINDOWS\SYSTEM32\DNDLGS.DLL
Umonitor 7/17/2005 10:32:34 PM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 7/17/2005 10:32:34 PM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
Umonitor 7/19/2005 9:34:40 PM 417792 C:\WINDOWS\SYSTEM32\irpcoin4.dll
WinShutDown 7/19/2005 9:34:40 PM 417792 C:\WINDOWS\SYSTEM32\irpcoin4.dll
Umonitor 7/19/2005 8:46:50 PM 417792 C:\WINDOWS\SYSTEM32\ivnathlp.dll
WinShutDown 7/19/2005 8:46:50 PM 417792 C:\WINDOWS\SYSTEM32\ivnathlp.dll
Umonitor 7/20/2005 7:13:40 PM 417792 C:\WINDOWS\SYSTEM32\mhcbase.dll
WinShutDown 7/20/2005 7:13:40 PM 417792 C:\WINDOWS\SYSTEM32\mhcbase.dll
Umonitor 7/19/2005 5:18:22 PM 417792 C:\WINDOWS\SYSTEM32\MPDSRV32.DLL
WinShutDown 7/19/2005 5:18:22 PM 417792 C:\WINDOWS\SYSTEM32\MPDSRV32.DLL
PECompact2 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 7/17/2005 5:07:04 PM 417792 C:\WINDOWS\SYSTEM32\muutb.dll
WinShutDown 7/17/2005 5:07:04 PM 417792 C:\WINDOWS\SYSTEM32\muutb.dll
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 4/14/1998 4:00:00 AM 64000 C:\WINDOWS\SYSTEM32\PFAUTO8.DLL
WinShutDown 4/14/1998 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\PRAUTO8.DLL
WinShutDown 4/14/1998 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\QPAUTO8.DLL
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 7/20/2005 7:15:58 PM 417792 C:\WINDOWS\SYSTEM32\srdocvw.dll
WinShutDown 7/20/2005 7:15:58 PM 417792 C:\WINDOWS\SYSTEM32\srdocvw.dll
Umonitor 7/20/2005 6:55:10 PM 417792 C:\WINDOWS\SYSTEM32\vzmredir.dll
WinShutDown 7/20/2005 6:55:10 PM 417792 C:\WINDOWS\SYSTEM32\vzmredir.dll
winsync 8/28/2002 5:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
WinShutDown 4/14/1998 4:00:00 AM 72192 C:\WINDOWS\SYSTEM32\WPAUTO8.DLL

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder for system and hidden files within the last 60 days...
6/29/2005 8:17:00 PM 0 C:\WINDOWS\INF\oem24.inf
7/20/2005 7:23:14 PM 16384 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
7/20/2005 7:23:08 PM 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
7/20/2005 7:22:54 PM 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
7/20/2005 7:24:00 PM 180224 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
7/20/2005 7:23:00 PM 1028096 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
7/13/2005 7:57:24 PM 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
6/27/2005 12:41:16 PM 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\b4a75367-53cc-4550-af63-cd3abd6fda45
6/27/2005 12:41:16 PM 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
7/20/2005 7:18:28 PM 192 C:\WINDOWS\Tasks\RUTASK.job
7/20/2005 7:22:06 PM 6 C:\WINDOWS\Tasks\SA.DAT
7/15/2005 2:40:48 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
7/17/2005 4:05:06 AM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\01QFSH6V\desktop.ini
7/17/2005 4:04:38 AM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLMZODQR\desktop.ini
7/17/2005 4:04:40 AM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OP23GTU7\desktop.ini
7/17/2005 4:04:38 AM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SH6J89AB\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/8/2003 7:13:22 PM 838 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
12/11/2002 7:17:18 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
1/19/2005 3:50:44 PM 1965 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSSQL$PARAGON.lnk
1/19/2005 3:44:50 PM 1908 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
1/3/2003 10:46:40 AM 0 C:\Documents and Settings\user1\Application Data\dm.ini
2/7/2005 4:37:58 PM 99536 C:\Documents and Settings\user1\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\{FDB8BD6D-7B4A-CEA7-570F-F8DAD1F1A09D}
=

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gnmgktxn
{4911d927-0c6a-42c4-9678-d382a8f4172d} = C:\WINDOWS\system32\dnedk.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
HP SchedIndexer C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
HP AutoIndexer C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
EPSON Stylus CX6400 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AtiPTA atiptaxx.exe
ATIModeChange Ati2mdxx.exe
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
SpecifyDefaultButtons 0
Btn_Search 0


Scan ended with an error
List index out of bounds (3)




Trackqoo log:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"HP SchedIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppschedindexer.exe"
"HP AutoIndexer"="C:\\Program Files\\Hewlett-Packard\\LaserJet All-in-one\\hppautoindexer.exe"
"EPSON Stylus CX6400"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2L1.EXE /P19 \"EPSON Stylus CX6400\" /O6 \"USB002\" /M \"Stylus CX6400\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AtiPTA"="atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- gnmgktxn
{4911d927-0c6a-42c4-9678-d382a8f4172d}
C:\WINDOWS\system32\dnedk.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {B95057E0-44DB-11CE-A5D1-00608C83BD3F}

shellwp.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

DESKTOP.INI
HP LaserJet Director.lnk
Microsoft Office.lnk
MSSQL$PARAGON.lnk
Service Manager.lnk
==============================
C:\Documents and Settings\user1\Start Menu\Programs\Startup

DESKTOP.INI
HP LaserJet Director.lnk
Microsoft Office.lnk
MSSQL$PARAGON.lnk
Service Manager.lnk
DESKTOP.INI
==============================
C:\WINDOWS\SYSTEM32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
cpl_moh.cpl
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
MAIN.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
Modem.cpl Microsoft Corporation
NCPA.CPL Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation


Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:21:41 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PARAGON\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://recyber.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSSQL$PARAGON.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://capemay.fnism...rintControl.cab
O16 - DPF: {B3A37929-7FF7-4CBE-9579-AC1EF83080DF} (SystemChecker.CheckerCtrl) - http://sjsrmls.fnism...stemChecker.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
So i assume that means there will be no other chances to work on it since he took it back?
  • 0

#7
Hossman

Hossman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Well, I figured I could walk him through any more steps over the phone if there was anything critical, otherwise I can get the laptop back Saturday afternoon. I did speak with him today and he has been up and running with no pop-ups, BSODs or any other problems for the past few hours which is very promising :tazz: (We also switched him over to Firefox)

I was hoping to hang on to it for a few more days to make sure everything was totally clean, but he needed it for business. I can get it back in my hands this weekend if you suggest I do so.

Thanks!!!!
  • 0

#8
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Congratulations Your Log is Clean!! :tazz:


If possible could you forward these reccomendations to the current owner of the computer??? he need not register to read the thread, just forward him the URL.



System Restore

Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.

Reboot your System.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.


Preventative Measures

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?.

Also Consider...
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:How is she running now? Any further problems? If not, Good work, and Happy Computing!
  • 0

#9
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP