1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Winpatrol Warning ..

Discussion in 'Windows XP' started by BAM, Apr 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    this progrma wants to be added to my dads startup list on his computer id ont know what it is shouldi let it be added ? Rundll32 C:\Windows\System32:adfczdc,init1 ... he says that he havnt installed anything


    this is the Hijack Log file from that computer:

    Logfile of HijackThis v1.97.7
    Scan saved at 08:45:55, on 2004-04-06
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
    C:\Norman\NVC\BIN\Zanda.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nipsvc.exe
    C:\NORMAN\nvc\BIN\NJEEVES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\NORMAN\Nvc\BIN\ZLH.EXE
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program\BillP Studios\WinPatrol\WinPatrol.exe
    C:\NORMAN\Nvc\BIN\cclaw.exe
    C:\NORMAN\Nvc\BIN\NYMSE.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\NORMAN\Nvc\BIN\NIP.EXE
    C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\NORMAN\Nvc\BIN\npfmsg2.exe
    C:\Documents and Settings\Pelle Engberg\Mina dokument\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.telia.com:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program\BillP Studios\WinPatrol\WinPatrol.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [adfczdc] rundll32 C:\WINDOWS\System32:adfczdc.dll,Init 1
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
    O4 - HKLM\..\RunOnce: [*adfczdc] rundll32 C:\WINDOWS\System32:adfczdc.dll,Init 1
    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
    O9 - Extra button: Informationshanteraren (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...gamers.com/index.php?page=3dview.php&id=30cal
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/sikes/se/win/QuickTimeInstaller.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.6178125
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  2. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    anybody know :-S ?
     
  3. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    You downloaded winpatrol which Manages Startup programs, tasks, cookies; will sniff out Worms, Trojan horses, Cookies, Adware, Spyware, Klez, Assumption and other malicious programs so its requesting to be put in the startup folder which it was designed to do thats all.
     
  4. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    no ive had Winpatrol on that comp for a year but i dont know what this program is.. do you know whta progema it is ?
     
  5. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    In all honesty I have never seen that before. Whay you can do is click http://www.kaspersky.com/remoteviruschk.html, then browse, then navigate to C:\WINDOWS\System32:adfczdc.dll and click "submit". Wait for the results then post them here.
     
  6. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    does this mean that its running ? O4 - HKLM\..\Run: [adfczdc] rundll32 C:\WINDOWS\System32:adfczdc.dll,Init 1 O4 - HKLM\..\RunOnce: [*adfczdc] rundll32 C:\WINDOWS\System32:adfczdc.dll,Init 1
    ?
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    O4 - HKLM\..\RunOnce: [*adfczdc] rundll32 C:\WINDOWS\System32:adfczdc.dll,Init 1

    I would say so. Have you been able to locate the file and have it checked at the URL mobo gave you?
     
  8. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    Current object: adfczdc

    adfczdc Ok


    Statistics:
    Known viruses: 85540 Updated: 6.04.2004
    File size (Kb): 1 Scan time: 00:00:01
    Speed (Kb/sec): 1 Virus bodies: 0
    Archives: 0 Packed: 0
    Folders: 0 Files: 1
    Suspicious: 0 Warnings: 0

    the fiel was added 3 days ago ..
     
  9. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    ehhh when i was going to do a Spy bot scan my AV progrma said that there was a Fedix.A Worm in that program shall i delete it :-s ?
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  11. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    okay and now about this adfczdc what shall i do i havnt installed any programs since it got to my computer cant i just disable the startup on it and remvoe it form my hard drive ?
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Have you submitted it yet?
     
  13. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    yes on that Kaspersky page but that was only a online scanner and it didnt find anything ... i also sended the file to their sendus suspected virus email ...
     
  14. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    ohh i ogt a answer from some one there and there was nothing virus like in it ...
     
  15. BAM

    BAM Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    135
    i cant remove the file and when i try to remove the register things they get back there again ...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217564

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice