Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Mek2005

Pages: [1]

Tech Clinic / Strange issues.

« on: March 08, 2005, 04:03:18 AM »

Here are the logs. It looks like this virus scanner picked up a lot of stuff that programs like Spyware Doctor and AdAware missed:

File C:\PROGRA~1\CxtPls\cxtpls.dll infected by "not-a-virus:AdWare.Apropos.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msbe.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\CxtPls\CxtPls.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\CxtPls\WINGEN~1.DLL infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\zeta.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ahadp.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\angelex.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl0.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pingppac.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qh4mkbv9.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\TFTP3728 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\veritas.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\4QUSQIJZ\prompt[1].php infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\8RS2UDEF\AproposClientInstaller[1].exe infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\8RS2UDEF\AutoUpdaterInstaller[1].exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\8RS2UDEF\iesetup6a[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\8RS2UDEF\xo[2].exe infected by "Trojan.Win32.LowZones.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\IVQ3G23P\a770af7a[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\RSB345FP\dd[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\RSB345FP\g1[1].exe infected by "Trojan.Win32.LowZones.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\RSB345FP\iesetup6b[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\!Submit\auf0.exe infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
File C:\!Submit\bin\adv.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\!Submit\bin\adx.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\!Submit\bin\bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\!Submit\ieupdate.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\!Submit\MediaPassK.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4QUSQIJZ\prompt[1].php infected by "Trojan-Downloader.JS.IstBar.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8RS2UDEF\AproposClientInstaller[1].exe infected by "Trojan-Downloader.Win32.Apropo.s" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8RS2UDEF\AutoUpdaterInstaller[1].exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8RS2UDEF\iesetup6a[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8RS2UDEF\xo[2].exe infected by "Trojan.Win32.LowZones.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\IVQ3G23P\a770af7a[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\RSB345FP\dd[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\RSB345FP\g1[1].exe infected by "Trojan.Win32.LowZones.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\RSB345FP\iesetup6b[1].exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Admin\My Documents\Setups\setup_ares.exe infected by "not-a-virus:AdWare.NavExcel.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\AIM\Sysfiles\WxBug.EXE infected by "not-a-virus:AdWare.MiniBug" Virus. Action Taken: No Action Taken.
File C:\Program Files\CxtPls\CxtPls.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\CxtPls\uninstaller.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\CxtPls\WinGenerics.dll infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\temp\Bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ahadp.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\u6f6uftuc_.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.

Here's a new Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 3:02:22 AM, on 3/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE
C:\Documents and Settings\Admin\Desktop\hijackthis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [3s6X36O] vsssock.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O4 - HKCU\..\Run: [IBp7RWiqP] vfpsvpia.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Tech Clinic / Strange issues.

« on: March 07, 2005, 02:29:24 PM »

Five minutes later...

Logfile of HijackThis v1.99.1
Scan saved at 1:27:18 PM, on 3/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\itunes.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Admin\My Documents\procexpnt\procexp.exe
C:\Documents and Settings\Admin\My Documents\hijackthis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ITUNES] itunes.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\RunServices: [ITUNES] itunes.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

And they're all coming back now.

Tech Clinic / Strange issues.

« on: March 07, 2005, 02:11:08 PM »

New Hijack log. I tried to kill off a few things from the last one. I'm sure they'll be back:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:06 PM, on 3/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Admin\My Documents\procexpnt\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Admin\My Documents\hijackthis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Tech Clinic / Strange issues.

« on: March 07, 2005, 01:30:43 AM »

In addition, everything that was removed in the last shutdown (veritas.exe, g1, etc.) restored itself, and doesn't seem to be removable through safe mode or any sort of anti-spy software that I've got. It's not even detecting them as problems, though clearly they are.

There's something unseen here that's causing things removed to suddenly reappear.

Tech Clinic / Strange issues.

« on: March 07, 2005, 01:19:39 AM »

While that removed the spyware, the program crashes are continuing. They're actually now crashing in a variety of different ways that they weren't before, and it's exceptionally odd.

I appreciate your help so far. Hijack is now crashing whenever I try to save a log file, but I managed after a few tries.

Here's a new log of Hijack:

Logfile of HijackThis v1.99.0
Scan saved at 12:17:03 AM, on 3/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\My Documents\procexpnt\procexp.exe
C:\PROGRA~1\SIMU\WIZARD\WIZARD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

I wasn't able to get another Process log. It's now crashing whenever I try to save a log file, but works fine otherwise.

Tech Clinic / Strange issues.

« on: March 06, 2005, 11:14:12 PM »

They're malware. The strange thing is that when I started this thread, they weren't there, and I hadn't visited any new sites. I kind of wonder how they got here in the last two hours.

Here's the scan results:

Service load:
0%              100%
File:    veritas.exe
Status:
INFECTED/MALWARE
Packers detected:
PE_PATCH, ASPROTECT, PE-DIMINISHER, PE-CRYPT

AntiVir
Worm/Spybot.160768 (0.37 seconds taken)
Avast
No viruses found (1.51 seconds taken)
AVG Antivirus
No viruses found (0.49 seconds taken)
BitDefender
No viruses found (0.71 seconds taken)
ClamAV
No viruses found (0.62 seconds taken)
Dr.Web
Win32.HLLW.MyBot (0.90 seconds taken)
F-Prot Antivirus
No viruses found (0.43 seconds taken)
Fortinet
No viruses found (0.44 seconds taken)
Kaspersky Anti-Virus
Backdoor.Win32.Rbot.gen (1.13 seconds taken)
mks_vir
No viruses found (0.24 seconds taken)
NOD32
probably unknown NewHeur_PE (probable variant) (1.55 seconds taken)
Norman Virus Control
No viruses found (1.32 seconds taken)

----------------

Service load:
0%              100%
File:    g1.exe
Status:
INFECTED/MALWARE
Packers detected:
PE-DIMINISHER, PE-CRYPT

AntiVir
No viruses found (0.83 seconds taken)
Avast
No viruses found (3.06 seconds taken)
AVG Antivirus
No viruses found (0.97 seconds taken)
BitDefender
Trojan.QLow.A (0.95 seconds taken)
ClamAV
No viruses found (0.72 seconds taken)
Dr.Web
Trojan.DownLoader.735 (0.89 seconds taken)
F-Prot Antivirus
No viruses found (0.12 seconds taken)
Fortinet
W32/Sdbot.KQ-net (0.42 seconds taken)
Kaspersky Anti-Virus
Trojan.Win32.LowZones.c (1.01 seconds taken)
mks_vir
No viruses found (0.22 seconds taken)
NOD32
No viruses found (0.73 seconds taken)
Norman Virus Control
Sandbox: W32/Malware; [ General information ]

* File length: 21530 bytes.

[ Changes to registry ]
* Sets value "Flags"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1200"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1206"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1400"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1402"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1405"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1407"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1604"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1605"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1606"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1607"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3". (0.67 seconds taken)

--------------

Service load:
0%              100%
File:    bar.exe
Status:
INFECTED/MALWARE
Packers detected:
PE-DIMINISHER, PE-CRYPT

AntiVir
No viruses found (1.19 seconds taken)
Avast
No viruses found (2.74 seconds taken)
AVG Antivirus
No viruses found (1.47 seconds taken)
BitDefender
Trojan.QLow.A (1.52 seconds taken)
ClamAV
No viruses found (1.70 seconds taken)
Dr.Web
Trojan.DownLoader.735 (2.86 seconds taken)
F-Prot Antivirus
No viruses found (0.28 seconds taken)
Fortinet
W32/Sdbot.KQ-net (1.26 seconds taken)
Kaspersky Anti-Virus
Trojan.Win32.LowZones.c (2.62 seconds taken)
mks_vir
No viruses found (0.40 seconds taken)
NOD32
No viruses found (0.99 seconds taken)
Norman Virus Control
Sandbox: W32/Malware; [ General information ]

* File length: 21530 bytes.

[ Changes to registry ]
* Sets value "Flags"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1001"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1004"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1200"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1201"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1206"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1400"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1402"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1405"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1406"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1407"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1601"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1604"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1605"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1606"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3".
* Sets value "1607"="" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3". (1.29 seconds taken)

----------------

Just for fun, I've got ad.exe which I noticed was in my C directory as well. Doesn't look like Hijack picked it up:

Service load:
0%              100%
File:    ad.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.)
Packers detected:
UPX

AntiVir
No viruses found (0.40 seconds taken)
Avast
No viruses found (1.53 seconds taken)
AVG Antivirus
No viruses found (0.51 seconds taken)
BitDefender
No viruses found (0.61 seconds taken)
ClamAV
No viruses found (0.68 seconds taken)
Dr.Web
No viruses found (0.92 seconds taken)
F-Prot Antivirus
No viruses found (0.18 seconds taken)
Fortinet
No viruses found (0.47 seconds taken)
Kaspersky Anti-Virus
not-a-virus:AdWare.WinAD.ab (1.03 seconds taken)
mks_vir
No viruses found (0.46 seconds taken)
NOD32
No viruses found (1.03 seconds taken)
Norman Virus Control
No viruses found (1.87 seconds taken)

-------------

I'm using Spyware Blaster and IE-Spyad2 for protection against this sort of thing. It looks like viruses/spyware are getting in anyway. Something keeps on setting my restrictanonymous key in LSA back to 1.

Tech Clinic / Strange issues.

« on: March 06, 2005, 10:37:55 PM »

I'm not sure the registry fixes are going to be helpful, though I tried a few to no avail. Oddly, two IE windows popped up with porn advertisements last time I restarted my computer (that's never happened before). So there's something going on here.

I'm using the latest version of Firefox, though I'm using an older version of Trillian because I like that one better.

Basically what happens with the TaskManager is I hit ALT+CTR+DEL and it pops up the green monitor in the systray, but that's all it does -- it runs the process without actually popping up a window for it, and I can't get the window to appear no matter what I do.

I installed AVG's free antivirus software which found two bits of malicious data and removed them, but the problems are persisting, and programs are still crashing.

Here's a new log from HiJackThis and also from the program you gave me:

Logfile of HijackThis v1.99.0
Scan saved at 9:26:54 PM, on 3/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\veritas.exe
C:\WINDOWS\system32\spoolsv.exe
c:\g1.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\bar.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

From Process:
Process   PID   CPU   Description   Company Name
System Idle Process   0   94.29
Interrupts   n/a      Hardware Interrupts
DPCs   n/a      Deferred Procedure Calls
System   4   0.95
smss.exe   432      Windows NT Session Manager   Microsoft Corporation
csrss.exe   480      Client Server Runtime Process   Microsoft Corporation
winlogon.exe   508      Windows NT Logon Application   Microsoft Corporation
services.exe   552   2.86   Services and Controller app   Microsoft Corporation
svchost.exe   740      Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe   792      Generic Host Process for Win32 Services   Microsoft Corporation
wuauclt.exe   3432      Automatic Updates   Microsoft Corporation
svchost.exe   868      Generic Host Process for Win32 Services   Microsoft Corporation
svchost.exe   884      Generic Host Process for Win32 Services   Microsoft Corporation
CCSETMGR.EXE   1044      Symantec Settings Manager Service   Symantec Corporation
SPBBCSvc.exe   1164      SPBBC Service   Symantec Corporation
CCEVTMGR.EXE   1244      Symantec Event Manager Service   Symantec Corporation
spoolsv.exe   1732      Spooler SubSystem App   Microsoft Corporation
avgamsvr.exe   1036      AVG Alert Manager   GRISOFT, s.r.o.
avgupsvc.exe   1648      AVG Update Service   GRISOFT, s.r.o.
navapsvc.exe   1880      Norton AntiVirus Auto-Protect Service   Symantec Corporation
NPFMntor.exe   2076      Norton AntiVirus Firewall Install Monitor   Symantec Corporation
symlcsvc.exe   2156      Symantec Core Component   Symantec Corporation
lsass.exe   564      LSA Shell (Export Version)   Microsoft Corporation
taskmgr.exe   4012      Windows TaskManager   Microsoft Corporation
explorer.exe   1176      Windows Explorer   Microsoft Corporation
CCAPP.EXE   1508      Symantec User Session   Symantec Corporation
avgcc.exe   1568      AVG Control Center   GRISOFT, s.r.o.
avgemc.exe   1628      AVG E-Mail Scanner   GRISOFT, s.r.o.
veritas.exe   1640
g1.exe   1076
bar.exe   1840
firefox.exe   3292      Firefox   Mozilla
procexp.exe   4092   1.90   Sysinternals Process Explorer   Sysinternals
notepad.exe   3712      Notepad   Microsoft Corporation

Process: Procexp Pid: -2

Type   Name

Personally, I'm not seeing anything malicious either, but if there's nothing malicious, then where would those porn popups in IE windows have come from at startup?

The fact that taskmgr immediately minimizes to the systray and becomes inaccessible has me highly suspicious, I just can't see what's causing the problem.

-Mike

Tech Clinic / Strange issues.

« on: March 06, 2005, 08:24:57 PM »

Hi there. I'm new to this forum and posting here as a last resort. I'm having some issues that I can't seem to kill, and they're unlike anything I've seen before.

I'm running Windows XP Home, and I'll provide a HijackThis log below, but here's a list of basic problems. First off, Task Manager auto-minimizes to the systray when I try to open it and refuses to display in window format. If it's minimized, it stops responding.

I use Trillian to chat with via AIM (no IRC/other messengers) and whenever I try to open a chat log file or receive a file, it stops responding, but it works fine if I don't touch those features.

If I try to download anything in Firefox, the download gets to about 95% and then the program stops responding. Firefox itself browses just fine, so long as I don't try to save or download anything.

If I'm in gmail and go to click "Browse" to attach a file to an e-mail, Firefox freezes and stops responding. I seem to be able to send and receive e-mail just fine.

If I'm in a particular gaming client that uses commands to pop open Firefox windows to access various parts of the game's website, and I input one of those commands, the client freezes and stops responding. I can still input text into the client window and play just fine.

I don't have any of these issues for the first few minutes after restarting my PC -- everything works fine. Within five minutes, though, without fail, it all pretty much goes to hell.

I recently ran full system scans with AdAware and Spyware Doctor cleared all of the spyware that it found off the PC while it was running in safe mode. I also ran a full system scan with TDS-3 (trojan checker) in safe mode and cleared all of the positive matches it found. I've manually gone through every faulty registry key, cleared those, and deleted malware found in Program Files and the system32 folders while in safe mode.

For some reason, the problem is continuing, and the programs continue to stop responding whenever I try any of the above activities (and more).

[Edited to add:] Another thing that crashes after about twenty minutes is my sound card. I stop being able to play sound files because it can't find it. This all sounds to me like something virus-associated, but I can't find any virii on the system.

People seem to appreciate hijackthis logs, so here's mine:

Logfile of HijackThis v1.99.0
Scan saved at 7:18:15 PM, on 3/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107918627181
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

If anybody's able to help with this, I'd greatly appreciate it. I'm at my wit's end in terms of figuring out what could be wrong.

-Mike

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Mek2005

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.

Tech Clinic / Strange issues.