virus/security problems

OK these things were outside the normal startups and will need be handled in HiJackThis.

Run HiJackthis and do a scan. Then click save log at bottom. After saving open with Wordpad and copy paste it back to me.

I will guide yo from there.

Mike

 

Shannon Lol!

I sent the message I mentioned before to my dumb self.

I just sent it to you correctly this time.

So check PM again.

mike

 

Logfile of HijackThis v1.95.0
Scan saved at 5:22:03 PM, on 6/25/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\Proxy.exe
C:\WINNT\system32\MSTask.exe
C:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\SOUNDMAN.EXE
C:\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Documents and Settings\Administrator\Desktop\dowloaded disk utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=+s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\FULL_FEL.EXE
O4 - Startup: Felix.lnk = C:\ScreenMates\FULL_FEL.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://www.cabeagent.com/netagent/objects/custappx2.CAB
O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37508.65375
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Shannon

Glad it is done.

Is now a lean mean machine.

You were a pleasure to work with, you have the knack and learn fast.

Tell dad to subscribe you to the "Best," the WindowsBBS" "

I would be interested in a status from Dad and mom as to the status in a couple of weeks of use.


Mike