Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

yibbit

17 Posts

622

October 27th, 2005 17:00

Virus Causing Memory Overload?

Working on my Dell Inspiron 5100. Have run Spybot S&D, says there are no immediate threats, have tried to do system restore and not successful, says no changes have been made to computer. CTRL+ALT+DEL shows a huge number of processes running in background which multiply and eventually overwhelm memory and freezes system. HJT log follows. TIA for any help!

Logfile of HijackThis v1.99.1
Scan saved at 12:51:39 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\rwnyew.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\RANDLE~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pi1_72.exe] C:\WINDOWS\System32\pi1_72.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\lplx4k.exe reg_run
O4 - HKLM\..\Run: [pnmxckj] C:\WINDOWS\pnmxckj.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [xevoli] C:\WINDOWS\System32\rwnyew.exe r
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/PopSwatterInitialSetup1.0.0.5.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0021.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.internetwasher.com/iwasher/pptproactauthakamai/internetwasherpro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mdssjjq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 27th, 2005 17:00

Please also consider the following Question:   what kind of memory/storage device is your E: "drive" ?  I'm assumming it's a memory stick?   If so, are you running HiJackThis from there because you consider it to be "temporary" program?

the point being, that HJT creates log files and backup files in the directory from which it is run.   It's important that you save these backup files, in case you have to "undo" [restore] some of the things you "FIX" incorrectly.   If the intent in using a memory stick is to erase these files "when you're done", you risk losing all the log & backup information.

Therefore, you need to move HJT into a more "permanent" directory of its own. We recommend using the directory C:\HJT , so that it will then appear in your log, under running processes, as C:\HJT\HiJackThis.exe

[And even if E: is a "permanent"-type drive, you should still move HJT into a seperate folder of its own there, like E:\HJT ]

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 27th, 2005 17:00

Among other things, you have a NAIL/epolvy/SvcProc infection... I'm going to try to help you to remove this first.   This fix involves using Ad-Aware, and its VX2-cleaner.   It is critical that you use the current versions as indicated below... if you use an older/obsolete version, the fix will not work.
 
If you don't already have it, download Ad-Aware SE Personal 1.06 from http://www.majorgeeks.com/Ad-Aware_SE_Personal_d506.html
[Note:  If you have an older "build" of Ad-Aware SE --- or even worse, if you're still using Ad-Aware 6 --- you must upgrade to this version/build,  SE 1.06 ]
 
Install the Ad-Aware program (following any indicated directions).   [As part of the installation, it will check to see if you already have an older version of Ad-Aware installed, and if one is found, it will ask ("advise") you to allow the older one to be removed...  so if asked, please allow it.]
 
Open/start Ad-Aware SE.     Click on Check for Updates Now, and Connect .  if found, follow the directions to download/install the latest reference file, till you FINISH.
 
After updating, from the STATUS screen, click on START.  
then make sure you have a RED X in front of "Search for negligible risk entries
(if you see a GREEN CHECK, then CLICK on it, to change it to the RED X )
then hit NEXT to perform a S mart Scan.  Allow it to remove any problems founds.
 
Close-down Ad-Aware.  
 
then download the VX2-cleaner add-on by clicking-on the link near the bottom of
This will download the file  vx2cleaner_inst.exe ; click on it, and follow the directions to install the VX2-cleaner.
 
Start Ad-Aware SE again.  Click on the Add-Ons button.   Click on the VX2-Cleaner.  Click on Run Tool, and then click OK .    If it finds any VX2 problems, follow all the directions to CLEAN things.   (I believe this will include a reboot, and directions to run another smart scan.   Follow all indicated directions [i.e., various/multiple scans] until it tells you you're clean of VX2.
 
This should have removed all traces of NAIL/Aurora/SvcProc.  Please generate and post a new HiJackThis log, REPLYing to this same thread.

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 27th, 2005 18:00

for ad-aware, when you download the updated definintion/reference file to the good (desktop) machine, it's stored as defs.ref
and if you accepted the defaults, it will be located in the following directory:
C:\Program files\Lavasoft\Ad-Aware SE Personal
so if you copy this file from this directory of your desktop, into your memory stick, and transfer it over to your laptop (to the same directory, same filename... you'll have to erase [or over-write] any exisiting file with the same name), you should have the latest version of Ad-aware.

yibbit

17 Posts

October 27th, 2005 18:00

Thanks for the speedy reply. I'm using the removable memory stick because the computer is barely functioning and I can download off my desktop and transfer to the laptop with the memory stick before the memory is overrun...which ties into my next, if somewhat stupid question: Is there a way to download updates to the memory stick for transfer because I've been unable to get it working long enough to get the updates off line?

Thanks again! BTW, I installed adaware and ran the scan in safe mode, but as a result of the safemode, can't update it just yet. I was hoping to fix enough to regain more control, but no luck just yet. GOing to to the same with VX2 cleaner now.

yibbit

17 Posts

October 27th, 2005 19:00

Thanks for that. Unfortunately, it's still only marginally functional. I'll keep trying to run other scans on it as I wait for someone to help....if I get any significant changes I'll post a new HJT log. :)

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 27th, 2005 19:00

Great work so far.  Seems like you've successfully removed the NAIL/epolvy/SvcProc problem... Have you noticed any difference (probably in terms of popups from "Aurora", and/or in terms of the system's overall speed/performance )?

That's as far as I can take your log... so at this point, I'm gonna ask someone else to step-in, to help you with your remaining problems (if any). 

we're rather backed-up at the moment, so it may take a few days for the next helper to arrive.   please be patient.

 

Good luck.

yibbit

17 Posts

October 27th, 2005 19:00

OK. Got the updates, ran the scan 5 times, finally got a clean scan. Here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 3:06:43 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\RANDLE~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [pi1_72.exe] C:\WINDOWS\System32\pi1_72.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [pnmxckj] C:\WINDOWS\pnmxckj.exe
O4 - HKLM\..\Run: [jpplkvl] C:\WINDOWS\jpplkvl.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\\\etb\\pokapoka78.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\lplx4k.exe reg_run
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/PopSwatterInitialSetup1.0.0.5.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0021.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.internetwasher.com/iwasher/pptproactauthakamai/internetwasherpro.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mdssjjq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Whats next? :)

RKinner

2 Intern

 • 

5.9K Posts

October 27th, 2005 22:00

Lots of different infections.  One of them is Navidad
 
 
 so we will need fixexe.reg.
 
Download fixexe.reg from:
 

or you can make it yourself:
 
Open notepad and copy (Ctrl + c)  and paste (Ctrl + v) the text between the **** lines but do not include the asterisks.
(Best not to try to type the lines because a mistake will really hurt)
**************************************************************
REGEDIT4
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
 

***************************************************************
File,SaveAs, to your desktop as
"fixexe.reg"
(You need the quotes!)
OK.  Close notepad.
 
Doubleclick on fixexe.reg  (you may not see the .reg) and allow it to merge.  This does the registry edit as recommended by Symantec without having to run regedit.
 
Download the Hoster from:
Unpack to your desktop and run it.  If you have green print at the top then just press Restore Original Hosts then OK. 
IF you have red print then press make Hosts Writeable first.
 
 
Get DelDomain.inf from:
 
http://www.mvps.org/winhelp2002/DelDomains.inf  and then right click on it and Install. 
 

Download and install ccleaner.exe from http://www.ccleaner.com. Don't let
it clean anything yet. 
Download the killbox:
Unzip it to your desktop.
 
Shutdown and Restart and Boot into Safe Mode by tapping the F8 key when you see the PC
maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option. (If you only see and option to boot into regular windows then hit F8 one more time)
Run HijackThis and just do a Scan only. Check (if any returned) then Fix
Checked the following:
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\System32\medgs1.exe
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [Windows Incontext] C:\DOCUME~1\RANDLE~1\LOCALS~1\Temp\InSearch.exe
O4 - HKLM\..\Run: [pi1_72.exe] C:\WINDOWS\System32\pi1_72.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe
O4 - HKLM\..\Run: [pnmxckj] C:\WINDOWS\pnmxckj.exe
O4 - HKLM\..\Run: [jpplkvl] C:\WINDOWS\jpplkvl.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\\\etb\\pokapoka78.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\lplx4k.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/PopSwatterInitialSetup1.0.0.5.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0021.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.internetwasher.com/iwasher/pptproactauthakamai/internetwasherpro.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mdssjjq.exe

Start, Run, cmd, OK to bring up a new black cmds screen.  Type:
cd "\Program Files\SurfSideKick 3"
ssk.exe /u
(close the window)
Run ccleaner.exe, uncheck everything on the first page except the two entries
with Temporary and then Run Cleaner.
Doubleclick fixexe.reg one more time and allow it to merge.

Run Killbox.

Where it says Full Path of File to Delete you need to type or copy (Hightlight and Ctrl + c)
and Paste (move to the killbox and place the cursor in the box and Ctrl + V):
C:\WINDOWS\\\etb
Then check the Delete on Reboot box and DELTREE box  then the red button. 
Agree you want to remove the file but do not let it reboot yet.
Repeat
for
C:\Program Files\SurfSideKick 3
Let it reboot after the last one.
Reboot into regular mode

Run another HijackThis log and post it as a reply. Let's
see how we did.   I suspect we have not seen the last of the winsync line.
 
Ron

yibbit

17 Posts

October 28th, 2005 02:00

Rkinner, Thanks for the quick reply.  We're getting closer since I'm able to post this from the laptop!  I did as instructed EXCEPT (sorry) I couldn't figure out the Delldomains thing, I downloaded it from this forum onto the laptop and all I ever see is a notepad, never anything that looks like I've installed it.  Also, when fixing in HJT, I didn't fix checked for line:  O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
because I recognize that as a program I use for work...now if I'm wrong, please correct me, but I'm guessing you were looking for suspicious stuff and didn't like the look of that entry. :)  New Log is as follows:
 
Logfile of HijackThis v1.99.1
Scan saved at 10:46:45 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\System Files\System.exe
C:\Program Files\osrt\nrro.exe
C:\WINDOWS\System32\m?config.exe
C:\Program Files\Navnt\navapw32.exe
c:\windows\system32\h5rove.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
c:\windows\system32\h5rove.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Navnt\alertsvc.exe
c:\windows\system32\ove_32.exe
c:\windows\system32\ircfmo.exe
c:\windows\system32\dxmrcn.exe
c:\windows\system32\dxmrcn.exe
c:\windows\system32\dxtrcn.exe
c:\windows\system32\dxtrcn.exe
c:\windows\system32\ircfmo.exe
c:\windows\system32\dfrv6m.exe
c:\windows\system32\wsnrbc.exe
c:\windows\system32\dfrv6m.exe
c:\windows\system32\pscm_3.exe
c:\windows\system32\wsnrbc.exe
c:\windows\system32\usenvd.exe
c:\windows\system32\usenvd.exe
c:\windows\system32\msruti.exe
c:\windows\system32\msruti.exe
c:\windows\system32\pscm_3.exe
c:\windows\system32\syswpt.exe
c:\windows\system32\syswpt.exe
c:\windows\system32\extpnl.exe
c:\windows\system32\msjrfn.exe
c:\windows\system32\msjrfn.exe
c:\windows\system32\ws2soc.exe
c:\windows\system32\ws2soc.exe
C:\WINDOWS\System32\wuauclt.exe
c:\windows\system32\wmprl_.exe
c:\windows\system32\wmprl_.exe
c:\windows\system32\pywrrt.exe
c:\windows\system32\pywrrt.exe
c:\windows\system32\sisrif.exe
c:\windows\system32\sisrif.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Jen Lewis\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
c:\windows\system32\extpnl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aaawebfinder.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshdxbb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\lplx4k.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [Eeci] "C:\Program Files\osrt\nrro.exe" -vt yazr
O4 - HKCU\..\Run: [Yejjjxq] C:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [h5rove] c:\windows\system32\h5rove.exe
O4 - HKCU\..\Run: [dxmrcn] c:\windows\system32\dxmrcn.exe
O4 - HKCU\..\Run: [dxtrcn] c:\windows\system32\dxtrcn.exe
O4 - HKCU\..\Run: [usenvd] c:\windows\system32\usenvd.exe
O4 - HKCU\..\Run: [ircfmo] c:\windows\system32\ircfmo.exe
O4 - HKCU\..\RunOnce: [h5rove] c:\windows\system32\h5rove.exe
O4 - HKCU\..\RunOnce: [dxmrcn] c:\windows\system32\dxmrcn.exe
O4 - HKCU\..\RunOnce: [dxtrcn] c:\windows\system32\dxtrcn.exe
O4 - HKCU\..\RunOnce: [usenvd] c:\windows\system32\usenvd.exe
O4 - HKCU\..\RunOnce: [ircfmo] c:\windows\system32\ircfmo.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 

RKinner

2 Intern

 • 

5.9K Posts

October 28th, 2005 15:00

It's OK not to remove stuff you recognize.  In the case of O16 entries it doesn't matter too much anyway.  These are ActiveX controls that will be redownloaded when you visit the same website again so my philosophy with O16s is if I don't recognize it on first look kill it off.  I don't bother to research them.
 
The DelDomain.inf program you have to right click on and select Install.  You won't see it do anything.
 
If your Norton is still active get the latest data files by doing a LiveUpdate (double click on Norton icon in the systray).
 
We got rid of surfsidekick for now but something else is spawning.  I think it will be easier if we put all of the good stuff on the Ignore list.  Run a new scan and check each of these then ADD TO IGNORE LIST.
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\navapw32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.madl.com/mocha/matn5250.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 
Now press Config and check the box in front of Mark Everything Found for Fixing after a Scan.  Now press Back and then Scan.  This time everything it finds will be bad and will already be checked so just hit Fix Checked. 
 
Run Killbox and Delete on Reboot and Deltree this one
 
C:\Program Files\CMSystem
 
Let it reboot and boot back into Safe Mode as before.  Run HijackThis (scan only) and Fix Checked everything that still shows up.
 
Now run Norton and let it do a full scan.
 
Boot into regular mode and run a new HijackTHis log and post it as a reply.
 
Ron
 
 
 
 

 

yibbit

17 Posts

October 28th, 2005 18:00

Logfile of HijackThis v1.99.1
Scan saved at 2:09:45 PM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Navnt\navapw32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jen Lewis\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 
 
As you can see, I've installed ZoneAlarm on here and am running the Pro version for the trial period.  I let it fix what it said needed fixing and I still have a couple strange programs trying to access the internet upon startup, but I've denied those programs access.  I ran Norton Disk and Win Doctors on it and it did indicate problems and I allowed the fix.  When I ran Killbox, it didn't give me the option to Deltree the line you said, then, when it went to reboot, it gave me the error message "PendingFileRename Operations Registry Data has been Removed by External Process!"  And the log doesn't show the ignored stuff.  It's running great now, I was going to put AVG and Spyware Blaster on it and run Trend Micro Housecall one last time since Norton Antivirus isn't active.  Anything else need fixing? 

RKinner

2 Intern

 • 

5.9K Posts

October 30th, 2005 11:00

The log looks good.  You can add the O4 line to the Ignore list.  That's just something from Zone Alarm.  What programs were trying to access the internet?
 
Ron

Was this post helpful?

View All

No Events found!

Top