WinAntiVirusPro 2007?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

my0913

Thread Starter
Joined
Jan 29, 2007
Messages
8
Hello. Lately, I've been having a lot of popups from a WinAntiVirusPro software and some other random products like SpywareDoctor or what not. If someone would be willing to help me, I'd really appreciate it. Thanks in advance!

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:34 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\dummyprogram.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks once again! :)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi and welcome :)

Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
 

my0913

Thread Starter
Joined
Jan 29, 2007
Messages
8
I was never given an option to "Put a check next to Run VundoFix as a task," but I ran VundoFix anyway. It told me that no infected files were found.

VundoFix V6.3.5
Checking Java version...
Scan started at 5:03:38 PM 1/30/2007
Listing files found while scanning....
No infected files were found.

Lately now, I've been getting more DriveCleaner popups and redirections to DriveCleaner websites, so I'm not sure if that has any relevancy.

Here's another HJT log. It's probably the same as before since the VundoFix didn't find anything. :/

Logfile of HijackThis v1.99.1
Scan saved at 5:11:48 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VundoFix\VundoFix.exe
C:\Program Files\HijackThis\dummyprogram.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for helping though!
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don’t do anything with it yet!


Click here for info on how to boot to safe mode if you don't already know how.


Reboot into Safe Mode.


Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.


Reboot back to Normal Mode!


  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 

my0913

Thread Starter
Joined
Jan 29, 2007
Messages
8
When I clicked the link to download the PFind, I got this message:

404 Not Found
The requested URL '/oldtimer/WinPFind.zip' was not found on this server.

Do you know of any other reliable sites I would be able to download it from?
 

my0913

Thread Starter
Joined
Jan 29, 2007
Messages
8
Umm, I tried running the WinPFind three times, but the scan always froze when it reached an "AppInit" program, so is there by any chance other scans that I could perform? Thank you!
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Also, and my apologies for gatecrashing this thread, there's a file we'd like to have a closer look at:

C:\Program Files\WinBudget\bin\matrix.dll

We have reason to believe it may not be what it pretends to be, so we'd like to make sure it indeed belongs on your computer!

Could I ask you to please go to this forum

There's no need to register. Just start a new topic, titled "File for TonyKlein".

In the topic, simply refer to this TSG forum thread, and use the Attachment box to upload the file.

In fact there's not even a need to actually browse to the file: just copy the full path to the file, in this case:

C:\Program Files\WinBudget\bin\matrix.dll

... and paste it in in the attachment box, then press the 'Post' button. The file will be found and uploaded.

NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them


After that I'll be happy to leave you in Cheeseball81's most capable hands! :)

Thanks! :)
 

my0913

Thread Starter
Joined
Jan 29, 2007
Messages
8
Ahhh, sorry for the late response! I've been busy these past couple of days. Here's the combofix log:

"CHRISTINA" - 07-02-11 11:59:38 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Program Files\ComboFix"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CHRIST~1\Application Data\Install.dat


((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


2007-02-11 11:56 <DIR> d-------- C:\Program Files\ComboFix
2007-02-02 01:13 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sun
2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Sonic
2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Real
2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Jasc Software Inc
2007-02-02 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Gtek
2007-02-02 01:11 <DIR> d-------- C:\WINDOWS\pss
2007-02-02 00:42 <DIR> d-------- C:\Program Files\WinPFind
2007-01-30 17:03 <DIR> d-------- C:\VundoFix Backups
2007-01-30 17:02 <DIR> d-------- C:\Program Files\VundoFix
2007-01-29 22:22 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-29 21:20 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2007-01-29 21:18 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-29 21:18 <DIR> d-------- C:\WINDOWS\peernet
2007-01-29 21:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-29 17:27 <DIR> d-------- C:\WINDOWS\EHome
2007-01-26 18:31 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2007-01-26 18:31 11,776 --------- C:\WINDOWS\SYSTEM32\spnpinst.exe
2007-01-25 21:15 <DIR> d-------- C:\JavaDownloads


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-02 20:57 -------- d-------- C:\Program Files\hijackthis
2007-01-30 16:44 -------- d---s---- C:\DOCUME~1\CHRIST~1\Application Data\microsoft
2007-01-29 22:21 -------- d-------- C:\Program Files\messenger
2007-01-29 21:18 -------- d-------- C:\Program Files\movie maker
2007-01-29 21:13 -------- d-------- C:\Program Files\windows nt
2007-01-03 17:25 -------- d-------- C:\Program Files\microsoft works
2006-12-28 17:57 -------- d-------- C:\Program Files\norton antivirus
2006-12-12 19:42 -------- d-------- C:\Program Files\winbudget


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\RECYCLER\NPROTECT
C:\RECYCLER\NPROTECT\00061003.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061015.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061017.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061018.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061019.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061020.DOC 168 bytes
C:\RECYCLER\NPROTECT\00061028.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061033.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061035.ldb 128 bytes
C:\RECYCLER\NPROTECT\00061051.DIC 168 bytes
C:\RECYCLER\NPROTECT\00061052.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061053.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061054.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061055.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061056.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061057.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061058.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061059.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061060.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061061.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061062.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061063.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061064.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061065.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061066.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061067.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061068.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061071.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061072.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061073.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061074.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061076.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061077.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061078.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061079.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061080.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061081.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061082.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061083.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061084.DOC 168 bytes
C:\RECYCLER\NPROTECT\00061087.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061088.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061089.DIC 168 bytes
C:\RECYCLER\NPROTECT\00061090.DOC 168 bytes
C:\RECYCLER\NPROTECT\00061092.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061093.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061094.DIC 168 bytes
C:\RECYCLER\NPROTECT\00061095.DOC 168 bytes
C:\RECYCLER\NPROTECT\00061096.dat 49152 bytes
C:\RECYCLER\NPROTECT\00061100.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061108.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061109.LNK 4096 bytes
C:\RECYCLER\NPROTECT\00061110.edb 65536 bytes
C:\RECYCLER\NPROTECT\00061112 88 bytes
C:\RECYCLER\NPROTECT\00061113 216 bytes
C:\RECYCLER\NPROTECT\00061114.SYS 8192 bytes
C:\RECYCLER\NPROTECT\00061120 696 bytes
C:\RECYCLER\NPROTECT\00061121.txt 4096 bytes
C:\RECYCLER\NPROTECT\00061129.txt 4096 bytes
C:\RECYCLER\NPROTECT\00061130.txt 8192 bytes
C:\RECYCLER\NPROTECT\00061131.txt 4096 bytes
C:\RECYCLER\NPROTECT\00061132.txt 4096 bytes
C:\RECYCLER\NPROTECT\00061133 56 bytes
C:\RECYCLER\NPROTECT\00061134.txt 57344 bytes
C:\RECYCLER\NPROTECT\00061135.txt 8192 bytes
C:\RECYCLER\NPROTECT\00061136 16 bytes
C:\RECYCLER\NPROTECT\00061137.txt 104 bytes
C:\RECYCLER\NPROTECT\00061138.txt 104 bytes
C:\RECYCLER\NPROTECT\00061139.txt 104 bytes
C:\RECYCLER\NPROTECT\00061140.bat 4096 bytes
C:\RECYCLER\NPROTECT\00061141 4096 bytes
C:\RECYCLER\NPROTECT\00061142.txt 296 bytes
C:\RECYCLER\NPROTECT\00061143.txt 88 bytes
C:\RECYCLER\NPROTECT\00061144.txt 88 bytes
C:\RECYCLER\NPROTECT\00061145.txt 96 bytes
C:\RECYCLER\NPROTECT\00061146.txt 4096 bytes
C:\RECYCLER\NPROTECT\00061147.txt 88 bytes
C:\RECYCLER\NPROTECT\00061148.txt 88 bytes
C:\RECYCLER\NPROTECT\00061149.txt 96 bytes
C:\RECYCLER\NPROTECT\00061150.txt 88 bytes
C:\RECYCLER\NPROTECT\00061151.txt 88 bytes
C:\RECYCLER\NPROTECT\00061152.txt 96 bytes
C:\RECYCLER\NPROTECT\00061153.txt 96 bytes
C:\RECYCLER\NPROTECT\00061154.txt 88 bytes
C:\RECYCLER\NPROTECT\00061155.txt 96 bytes
C:\RECYCLER\NPROTECT\00061156.txt 96 bytes
C:\RECYCLER\NPROTECT\00061157.txt 80 bytes
C:\RECYCLER\NPROTECT\00061158.txt 88 bytes
C:\RECYCLER\NPROTECT\00061159.txt 88 bytes
C:\RECYCLER\NPROTECT\00061160.txt 96 bytes
C:\RECYCLER\NPROTECT\00061161.txt 104 bytes
C:\RECYCLER\NPROTECT\00061162.txt 96 bytes
C:\RECYCLER\NPROTECT\00061163.txt 96 bytes
C:\RECYCLER\NPROTECT\00061164.txt 96 bytes
C:\RECYCLER\NPROTECT\00061165.txt 96 bytes
C:\RECYCLER\NPROTECT\00061166.txt 96 bytes
C:\RECYCLER\NPROTECT\00061167.txt 88 bytes
C:\RECYCLER\NPROTECT\00061168.txt 88 bytes
C:\RECYCLER\NPROTECT\00061169.txt 96 bytes
C:\RECYCLER\NPROTECT\00061170.txt 248 bytes
C:\RECYCLER\NPROTECT\00061171.txt 96 bytes
C:\RECYCLER\NPROTECT\00061172.txt 152 bytes
C:\RECYCLER\NPROTECT\00061173.txt 96 bytes
C:\RECYCLER\NPROTECT\00061174.txt 328 bytes
C:\RECYCLER\NPROTECT\00061175.txt 96 bytes
C:\RECYCLER\NPROTECT\00061176.txt 152 bytes
C:\RECYCLER\NPROTECT\00061177.txt 144 bytes
C:\RECYCLER\NPROTECT\00061178.txt 152 bytes
C:\RECYCLER\NPROTECT\00061179.txt 144 bytes
C:\RECYCLER\NPROTECT\00061180.txt 264 bytes
C:\RECYCLER\NPROTECT\00061181.txt 88 bytes
C:\RECYCLER\NPROTECT\00061182.txt 96 bytes
C:\RECYCLER\NPROTECT\00061183.txt 88 bytes
C:\RECYCLER\NPROTECT\00061184.txt 96 bytes
C:\RECYCLER\NPROTECT\00061185.txt 88 bytes
C:\RECYCLER\NPROTECT\00061186.txt 96 bytes
C:\RECYCLER\NPROTECT\00061187.txt 88 bytes
C:\RECYCLER\NPROTECT\00061188.txt 184 bytes
C:\RECYCLER\NPROTECT\00061189.txt 176 bytes
C:\RECYCLER\NPROTECT\00061190.txt 224 bytes
C:\RECYCLER\NPROTECT\00061191.txt 176 bytes
C:\RECYCLER\NPROTECT\00061192.txt 224 bytes
C:\RECYCLER\NPROTECT\00061193.txt 176 bytes
C:\RECYCLER\NPROTECT\00061194.txt 224 bytes
C:\RECYCLER\NPROTECT\00061195.txt 176 bytes
C:\RECYCLER\NPROTECT\00061196.txt 8192 bytes
C:\RECYCLER\NPROTECT\00061197 472 bytes
C:\RECYCLER\NPROTECT\00061198.log 4096 bytes
C:\RECYCLER\NPROTECT\NPROTECT.LOG 647168 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 130

********************************************************************

Completion time: 07-02-11 12:03:22

And here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:13 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\dummyprogram.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124416642125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167796621406
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E0438ED-5B7D-49EA-833D-81E63897F975}: NameServer = 192.168.0.1
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you for all the help! :)
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
We never could get WinPFind to run, huh?

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top