1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tried Spybot & Ad-aware, still got Pop-ups

Discussion in 'Virus & Other Malware Removal' started by jms60, Oct 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jms60

    jms60 Thread Starter

    Joined:
    Oct 14, 2004
    Messages:
    4
    I would appreciate any help you can offer in ridding my friends computer of spyware and hijacks. I have installed and run (several times) Spybot, Adaware and Norton Antivirus 2005. Each identified and deleted many spyware culprits but still numerous pop-ups occur even when not surfing the web. The HijackThis log follows. Thanks in advance for your assistance.


    Logfile of HijackThis v1.97.7
    Scan saved at 11:25:38 PM, on 10/13/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Web\PRINTERS\dbsvr.exe
    C:\WINDOWS\System32\APPMGMTS.exe
    C:\WINDOWS\System32\cdrtc932.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    C:\Program Files\Corel\WordPerfect Office 2002\Programs\CCWIN10.EXE
    C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\BELLSO~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\CCALARMS.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Downloads\Security\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: (no name) - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\RAYGRE~1\LOCALS~1\Temp\rvsbd.dat
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Fmd2oJ.exe
    O4 - HKLM\..\Run: [eolbW.exe] C:\documents and settings\ray green\local settings\temp\eolbW.exe
    O4 - HKLM\..\Run: [eolbW] C:\documents and settings\ray green\local settings\temp\eolbW.exe
    O4 - HKLM\..\Run: [CqdM60h.exe] C:\documents and settings\ray green\local settings\temp\CqdM60h.exe
    O4 - HKLM\..\Run: [CqdM60h] C:\documents and settings\ray green\local settings\temp\CqdM60h.exe
    O4 - HKLM\..\Run: [b6c1e62fb36f] C:\WINDOWS\System32\APPMGMTS.exe
    O4 - HKLM\..\Run: [4FsU3mU] ezsctr.exe
    O4 - HKLM\..\Run: [4139e81f1449] C:\WINDOWS\System32\cdrtc932.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Lo38RgYse] fecynth.exe
    O4 - HKLM\..\RunOnce: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe rerun
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
    O4 - Global Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
    O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
    O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
    O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\gehwvqju.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097291569890
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...397/mcfscan.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
     
  2. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
  3. jms60

    jms60 Thread Starter

    Joined:
    Oct 14, 2004
    Messages:
    4
    I did a few things some friends suggested and also ran Panda which appeared to find nothing. Here is new hijackthis log as requested. Your review is appreciated.

    Logfile of HijackThis v1.98.2
    Scan saved at 3:14:06 PM, on 10/16/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Web\PRINTERS\dbsvr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\BELLSO~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\Security\hijackthis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: CATLEvents Object - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\RAYGRE~1\LOCALS~1\Temp\rvsbd.dat
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\RunOnce: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe rerun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Global Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {22EE66D4-D1F7-4F0B-8309-EF6016B228E2} - (no file) (HKCU)
    O9 - Extra button: (no name) - {3F9A000D-1E95-416D-94EF-0286411D4EFD} - (no file) (HKCU)
    O9 - Extra button: (no name) - {5FC541DB-3587-404B-8AB1-983CDF889D3B} - (no file) (HKCU)
    O9 - Extra button: (no name) - {8A03287A-E289-42D9-A2B6-B17543381BBE} - (no file) (HKCU)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097291569890
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4397/mcfscan.cab
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,185
    First Name:
    Derek
    first download the killbox from http://download.broadbandmedic.com/

    install it and then

    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


    O2 - BHO: CATLEvents Object - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\RAYGRE~1\LOCALS~1\Temp\rvsbd.dat

    O4 - HKLM\..\Run: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe

    O4 - HKLM\..\RunOnce: [*dbsvr] C:\WINDOWS\Web\PRINTERS\dbsvr.exe rerun

    O9 - Extra button: (no name) - {22EE66D4-D1F7-4F0B-8309-EF6016B228E2} - (no file) (HKCU)
    O9 - Extra button: (no name) - {3F9A000D-1E95-416D-94EF-0286411D4EFD} - (no file) (HKCU)
    O9 - Extra button: (no name) - {5FC541DB-3587-404B-8AB1-983CDF889D3B} - (no file) (HKCU)
    O9 - Extra button: (no name) - {8A03287A-E289-42D9-A2B6-B17543381BBE} - (no file) (HKCU)

    now open killbox and paste this into the box C:\WINDOWS\Web\PRINTERS\dbsvr.exe

    select delete on reboot & follow prompts
    then

    after it reboots

    go to C:\Documents and Settings\USER NAME\Local Settings\Temp and select everything in that folder and delete it (repeat for every user name/account )

    and select EVERYTHING in C:\windows\temp except temporary internet files, cookies and history folders and delete all that as well and everything in C:\temp

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot again & post a new HJT log to check
     
  5. jms60

    jms60 Thread Starter

    Joined:
    Oct 14, 2004
    Messages:
    4
    Derek

    Thx for the help. There is hope for the world. Latest log. Would appreciate a final check.

    Logfile of HijackThis v1.98.2
    Scan saved at 4:50:51 PM, on 10/16/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\BELLSO~1\CORREC~1\CCD.exe
    C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\Security\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Global Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097291569890
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4397/mcfscan.cab
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,185
    First Name:
    Derek
  7. jms60

    jms60 Thread Starter

    Joined:
    Oct 14, 2004
    Messages:
    4
    Pop-ups appear to have stopped. Thx again.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/284832

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice