1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVirusPro 2007?

Discussion in 'Virus & Other Malware Removal' started by my0913, Jan 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. my0913

    my0913 Thread Starter

    Joined:
    Jan 29, 2007
    Messages:
    8
    Hello. Lately, I've been having a lot of popups from a WinAntiVirusPro software and some other random products like SpywareDoctor or what not. If someone would be willing to help me, I'd really appreciate it. Thanks in advance!

    Here's my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:40:34 PM, on 1/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\dummyprogram.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O20 - AppInit_DLLs:
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thanks once again! :)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
    Double-click VundoFix.exe to run it.
    Put a check next to Run VundoFix as a task.
    You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
    When VundoFix re-opens, click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
     
  3. my0913

    my0913 Thread Starter

    Joined:
    Jan 29, 2007
    Messages:
    8
    I was never given an option to "Put a check next to Run VundoFix as a task," but I ran VundoFix anyway. It told me that no infected files were found.

    VundoFix V6.3.5
    Checking Java version...
    Scan started at 5:03:38 PM 1/30/2007
    Listing files found while scanning....
    No infected files were found.

    Lately now, I've been getting more DriveCleaner popups and redirections to DriveCleaner websites, so I'm not sure if that has any relevancy.

    Here's another HJT log. It's probably the same as before since the VundoFix didn't find anything. :/

    Logfile of HijackThis v1.99.1
    Scan saved at 5:11:48 PM, on 1/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\VundoFix\VundoFix.exe
    C:\Program Files\HijackThis\dummyprogram.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O20 - AppInit_DLLs:
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thanks for helping though!
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don¬ít do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  5. my0913

    my0913 Thread Starter

    Joined:
    Jan 29, 2007
    Messages:
    8
    When I clicked the link to download the PFind, I got this message:

    404 Not Found
    The requested URL '/oldtimer/WinPFind.zip' was not found on this server.

    Do you know of any other reliable sites I would be able to download it from?
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Thanks CB! :)
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You needed a link too, eh? ;)
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  10. my0913

    my0913 Thread Starter

    Joined:
    Jan 29, 2007
    Messages:
    8
    Umm, I tried running the WinPFind three times, but the scan always froze when it reached an "AppInit" program, so is there by any chance other scans that I could perform? Thank you!
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Also, and my apologies for gatecrashing this thread, there's a file we'd like to have a closer look at:

    C:\Program Files\WinBudget\bin\matrix.dll

    We have reason to believe it may not be what it pretends to be, so we'd like to make sure it indeed belongs on your computer!

    Could I ask you to please go to this forum

    There's no need to register. Just start a new topic, titled "File for TonyKlein".

    In the topic, simply refer to this TSG forum thread, and use the Attachment box to upload the file.

    In fact there's not even a need to actually browse to the file: just copy the full path to the file, in this case:

    C:\Program Files\WinBudget\bin\matrix.dll

    ... and paste it in in the attachment box, then press the 'Post' button. The file will be found and uploaded.

    NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them


    After that I'll be happy to leave you in Cheeseball81's most capable hands! :)

    Thanks! :)
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Thanks Tony! :)
     
  14. my0913

    my0913 Thread Starter

    Joined:
    Jan 29, 2007
    Messages:
    8
    Ahhh, sorry for the late response! I've been busy these past couple of days. Here's the combofix log:

    "CHRISTINA" - 07-02-11 11:59:38 Service Pack 2
    ComboFix 07-02-11 - Running from: "C:\Program Files\ComboFix"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\CHRIST~1\Application Data\Install.dat


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


    2007-02-11 11:56 <DIR> d-------- C:\Program Files\ComboFix
    2007-02-02 01:13 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
    2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sonic
    2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
    2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Jasc Software Inc
    2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Gtek
    2007-02-02 01:11 <DIR> d-------- C:\WINDOWS\pss
    2007-02-02 00:42 <DIR> d-------- C:\Program Files\WinPFind
    2007-01-30 17:03 <DIR> d-------- C:\VundoFix Backups
    2007-01-30 17:02 <DIR> d-------- C:\Program Files\VundoFix
    2007-01-29 22:22 <DIR> d-------- C:\WINDOWS\Prefetch
    2007-01-29 21:20 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
    2007-01-29 21:18 <DIR> d-------- C:\WINDOWS\provisioning
    2007-01-29 21:18 <DIR> d-------- C:\WINDOWS\peernet
    2007-01-29 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2007-01-29 17:27 <DIR> d-------- C:\WINDOWS\EHome
    2007-01-26 18:31 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
    2007-01-26 18:31 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
    2007-01-25 21:15 <DIR> d-------- C:\JavaDownloads


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-02 20:57 -------- d-------- C:\Program Files\hijackthis
    2007-01-30 16:44 -------- d---s---- C:\DOCUME~1\CHRIST~1\Application Data\microsoft
    2007-01-29 22:21 -------- d-------- C:\Program Files\messenger
    2007-01-29 21:18 -------- d-------- C:\Program Files\movie maker
    2007-01-29 21:13 -------- d-------- C:\Program Files\windows nt
    2007-01-03 17:25 -------- d-------- C:\Program Files\microsoft works
    2006-12-28 17:57 -------- d-------- C:\Program Files\norton antivirus
    2006-12-12 19:42 -------- d-------- C:\Program Files\winbudget


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Sonic RecordNow!"=""
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "BCMSMMSG"="BCMSMMSG.exe"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
    "PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
    "MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\RECYCLER\NPROTECT
    C:\RECYCLER\NPROTECT\00061003.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061015.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061017.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061018.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061019.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061020.DOC 168 bytes
    C:\RECYCLER\NPROTECT\00061028.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061033.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061035.ldb 128 bytes
    C:\RECYCLER\NPROTECT\00061051.DIC 168 bytes
    C:\RECYCLER\NPROTECT\00061052.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061053.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061054.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061055.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061056.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061057.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061058.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061059.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061060.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061061.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061062.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061063.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061064.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061065.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061066.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061067.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061068.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061071.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061072.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061073.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061074.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061076.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061077.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061078.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061079.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061080.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061081.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061082.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061083.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061084.DOC 168 bytes
    C:\RECYCLER\NPROTECT\00061087.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061088.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061089.DIC 168 bytes
    C:\RECYCLER\NPROTECT\00061090.DOC 168 bytes
    C:\RECYCLER\NPROTECT\00061092.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061093.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061094.DIC 168 bytes
    C:\RECYCLER\NPROTECT\00061095.DOC 168 bytes
    C:\RECYCLER\NPROTECT\00061096.dat 49152 bytes
    C:\RECYCLER\NPROTECT\00061100.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061108.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061109.LNK 4096 bytes
    C:\RECYCLER\NPROTECT\00061110.edb 65536 bytes
    C:\RECYCLER\NPROTECT\00061112 88 bytes
    C:\RECYCLER\NPROTECT\00061113 216 bytes
    C:\RECYCLER\NPROTECT\00061114.SYS 8192 bytes
    C:\RECYCLER\NPROTECT\00061120 696 bytes
    C:\RECYCLER\NPROTECT\00061121.txt 4096 bytes
    C:\RECYCLER\NPROTECT\00061129.txt 4096 bytes
    C:\RECYCLER\NPROTECT\00061130.txt 8192 bytes
    C:\RECYCLER\NPROTECT\00061131.txt 4096 bytes
    C:\RECYCLER\NPROTECT\00061132.txt 4096 bytes
    C:\RECYCLER\NPROTECT\00061133 56 bytes
    C:\RECYCLER\NPROTECT\00061134.txt 57344 bytes
    C:\RECYCLER\NPROTECT\00061135.txt 8192 bytes
    C:\RECYCLER\NPROTECT\00061136 16 bytes
    C:\RECYCLER\NPROTECT\00061137.txt 104 bytes
    C:\RECYCLER\NPROTECT\00061138.txt 104 bytes
    C:\RECYCLER\NPROTECT\00061139.txt 104 bytes
    C:\RECYCLER\NPROTECT\00061140.bat 4096 bytes
    C:\RECYCLER\NPROTECT\00061141 4096 bytes
    C:\RECYCLER\NPROTECT\00061142.txt 296 bytes
    C:\RECYCLER\NPROTECT\00061143.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061144.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061145.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061146.txt 4096 bytes
    C:\RECYCLER\NPROTECT\00061147.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061148.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061149.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061150.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061151.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061152.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061153.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061154.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061155.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061156.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061157.txt 80 bytes
    C:\RECYCLER\NPROTECT\00061158.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061159.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061160.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061161.txt 104 bytes
    C:\RECYCLER\NPROTECT\00061162.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061163.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061164.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061165.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061166.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061167.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061168.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061169.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061170.txt 248 bytes
    C:\RECYCLER\NPROTECT\00061171.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061172.txt 152 bytes
    C:\RECYCLER\NPROTECT\00061173.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061174.txt 328 bytes
    C:\RECYCLER\NPROTECT\00061175.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061176.txt 152 bytes
    C:\RECYCLER\NPROTECT\00061177.txt 144 bytes
    C:\RECYCLER\NPROTECT\00061178.txt 152 bytes
    C:\RECYCLER\NPROTECT\00061179.txt 144 bytes
    C:\RECYCLER\NPROTECT\00061180.txt 264 bytes
    C:\RECYCLER\NPROTECT\00061181.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061182.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061183.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061184.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061185.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061186.txt 96 bytes
    C:\RECYCLER\NPROTECT\00061187.txt 88 bytes
    C:\RECYCLER\NPROTECT\00061188.txt 184 bytes
    C:\RECYCLER\NPROTECT\00061189.txt 176 bytes
    C:\RECYCLER\NPROTECT\00061190.txt 224 bytes
    C:\RECYCLER\NPROTECT\00061191.txt 176 bytes
    C:\RECYCLER\NPROTECT\00061192.txt 224 bytes
    C:\RECYCLER\NPROTECT\00061193.txt 176 bytes
    C:\RECYCLER\NPROTECT\00061194.txt 224 bytes
    C:\RECYCLER\NPROTECT\00061195.txt 176 bytes
    C:\RECYCLER\NPROTECT\00061196.txt 8192 bytes
    C:\RECYCLER\NPROTECT\00061197 472 bytes
    C:\RECYCLER\NPROTECT\00061198.log 4096 bytes
    C:\RECYCLER\NPROTECT\NPROTECT.LOG 647168 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 130

    ********************************************************************

    Completion time: 07-02-11 12:03:22

    And here's the new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:08:13 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis\dummyprogram.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
    O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
    O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
    O20 - AppInit_DLLs:
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Thank you for all the help! :)
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    We never could get WinPFind to run, huh?

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/539524

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice