PDA

View Full Version : winprotector on my startup in msconfig



mrskay1955
2009-08-25, 01:07
HELP ME PLEASE, I HAVE SERIOUS PROBLEMS AND DON'T KNOW WHAT I AM DOING. LOL SOMEONE TOLD ME TO DO THIS, I HAVE WINPROTECTOR IN MY STARTUP IN MSCONFIG, AND WAS TOLD THIS IS BAD MALWARE, MY COMPUTER IS ACTING TERRIBLY SLOW. SO HERE IS THE HIJACK LOG. PLEASE HELP ME.
JAN

> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 6:07:14 PM, on 8/18/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16876)
> Boot mode: Normal
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> C:\Program Files\Bonjour\mDNSResponder.exe
> C:\Program Files\Java\jre6\bin\jqs.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> C:\WINDOWS\system32\HPZipm12.exe
> C:\Program Files\Softex\OmniPass\OPXPApp.exe
> C:\WINDOWS\System32\svchost.exe
> C:\PROGRA~1\AVG\AVG8\avgam.exe
> C:\PROGRA~1\AVG\AVG8\avgrsx.exe
> C:\PROGRA~1\AVG\AVG8\avgnsx.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\AVG\AVG8\avgemc.exe
> C:\Program Files\Canon\CAL\CALMAIN.exe
> C:\windows\system\hpsysdrv.exe
> C:\HP\KBD\KBD.EXE
> C:\Program Files\AVG\AVG8\avgcsrvx.exe
> C:\PROGRA~1\AVG\AVG8\avgtray.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\Common Files\AOL\1249702751\ee\AOLSoftware.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Common Files\AOL\Loader\aolload.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\AOL 9.1\waol.exe
> C:\Program Files\AOL 9.1\shellmon.exe
> C:\WINDOWS\system32\NOTEPAD.EXE
> C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = localhost;*.local
> R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} -
> (no file)
> R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
> (no file)
> R3 - URLSearchHook: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
> 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) -
> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
> Money\System\mnyside.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
> Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O2 - BHO: AVG Security Toolbar BHO -
> {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV
> Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl -
> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
> Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
> O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -
> C:\Program Files\AOL Toolbar\aoltb.dll
> O3 - Toolbar: AVG Security Toolbar -
> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program
> Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [hpsysdrv]
> c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
> Files\AOL\1249702751\ee\AOLSoftware.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
> O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
> O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User
> 'Default user')
> O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
> O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and
> Settings\All Users\Application
> Data\AOL\ieToolbar\resources\en-US\local\search.html
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
> C:\Program Files\Microsoft Money\System\mnyside.dll
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe O16 - DPF:
> {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> _http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuw eb_site.cab?1230780502843_
> (http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/
>wuweb_site.cab?1230780502843) O16 - DPF:
> {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
> _http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab_
> (http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab)
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
> C:\Program Files\AVG\AVG8\avgpp.dll
> O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
> O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program
> Files\Common Files\AOL\ACS\AOLAcsd.exe
> O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o.
> - C:\PROGRA~1\AVG\AVG8\avgemc.exe
> O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. -
> C:\PROGRA~1\AVG\AVG8\avgfws8.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -
> C:\Program Files\Softex\OmniPass\Omniserv.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>
> --
> End of file - 7206 bytes

Blade81
2009-08-27, 07:38
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

tashi
2009-09-02, 00:02
mrskay1955, this topic has been closed due to inactivity.

If it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you Blade81.