|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
February 20th, 2005, 07:39 PM
|
|||
|
|||
|
Prvdi.exe Again
Good day to all
 am a newbie to this forum. please pardon any ignorance i may show about your protocols.  I use Panda and it's regularly updated. However, for the past couple of weeks, it's been telling me that there's this "prvdi.exe" trojan that it finds and disinfects. prvdi.exe keeps on coming back though. so i ran an online anti-virus check (housecall, trendmicro) and killed all the viruses detected, though that. but prdvi.exe showed up again. ran housecall once more, it said i had no viruses whatsoever. i am cynical though and would greatly appreciate any additional help/info (just in case prvdi.exe annoys me again... sigh...). I read over the posts and d/led HJT and got my log. here it is: Logfile of HijackThis v1.99.1 Scan saved at 9:17:02 AM, on 2/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\System32\ctfmon.exe D:\Program Files\Opera7\opera.exe C:\Program Files\Internet Explorer\iexplore.exe D:\PROGRA~1\WINZIP\winzip32.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.160.100/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: (no name) - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - (no file) O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.160.98/affiliates/msits.php?id=acc0000::/acc0000.exe O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/302.chm::/file.exe O16 - DPF: {1FC57765-BB86-4D91-B364-86370DBC4C7C} - http://www.snap.com/toolbar/snapbar.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7F54DC44-5264-4EB0-A9F6-E6E037904D0C}: NameServer = 210.23.235.34 210.23.234.65 O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE please, someone kindly tell me where/which file/registry entry that dratted prvdi.exe is linked to, and how may I get totally get rid of it? thank you so much and GBU
|
|
#2
February 22nd, 2005, 09:19 PM
|
|||
|
|||
|
Run HijackThis and put a check mark next to the following items and have HJT fix them:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.160.100/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: (no name) - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - (no file) O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.160.98/affiliates/msits.php?id=acc0000::/acc0000.exe O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/302.chm::/file.exe O16 - DPF: {1FC57765-BB86-4D91-B364-86370DBC4C7C} - http://www.snap.com/toolbar/snapbar.cab Next are the steps to remove that prvdi.exe (websiteviewer): Open the task manager (CTL + ALT + DEL) Go to "processes". Highlight and end process for any process shown as "websiteviewer", a number such as "127021.exe", "dialer.wsv" or "prvdi.exe". You may not have all of them or any at all. Make sure you are able to view hidden files! Search the computer for any of those files that you may have deleted as well as the ones listed above. DELETE any file found with those names. Empty the Recycle Bin after deleting them. Next, go to Start -> Run and type in regedit. Once opened, click find and search by each of the file names. If it finds an entry, delete it. You can hit F3 to resume your search! Finally, manually pull the plug from your computer and let it sit for a moment (so the motherboard will clear it's "temporary" info) then plug it back in and turn it on. The removal part shown above was provided from this link: CastleCops = HELP!. You can visit the website to see the original post but according to anyone on that site, it worked for them. Let me know what happens!
|
|
#3
February 25th, 2005, 06:53 PM
|
|||
|
|||
Hello, rave41799 and thanks for replying to my question.
Sorry it took me this long to reply, in turn. I did all that you advised me to do, but sadly, the friggin' prvdi.exe thing is still with me (sigh). Also, I noticed that lately, there's one particular IP addy that had been repetitiously attacking me. I got paranoid and installed BlackIce. This is on top of my personal firewall. Tried to WhoIs that IP addy, came up with no results. Must be a spoofed IP addy, or something else (proxy?). Anyway, am posting once more my new HJT log, along with screenshots of the most recent antivir scan showing prvdi.exe detected, and the BlackIce logs (for possible additional information that could help... hopefully ).Online scanning for viruses at housecall was negative. I guess I shouldn't be troubled anymore, but still, it makes me antsy to know that prvdi.exe (or whatever is triggering it) is still around in my system.    sighhhh.....=========== Logfile of HijackThis v1.99.1 Scan saved at 8:40:45 AM, on 2/26/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE D:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Program Files\ISS\BlackICE\rapapp.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe D:\Program Files\ISS\BlackICE\blackice.exe D:\Program Files\Opera7\opera.exe D:\Program Files\ISS\BlackICE\blackd.exe C:\WINDOWS\System32\ctfmon.exe D:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe C:\Unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [WinPatrol] "d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://210.1.70.65/nProtect/KeyCrypt/npkcx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7F54DC44-5264-4EB0-A9F6-E6E037904D0C}: NameServer = 203.176.2.2 203.176.2.3 O23 - Service: BlackICE - Internet Security Systems, Inc. - D:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: RapApp - Internet Security Systems, Inc. - D:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
|
|
#4
March 2nd, 2005, 08:47 PM
|
|||
|
|||
|
You should try adding prvdi.exe to your firewall's "Blocked List". Also, look for a file called dload.exe ... IF you find one with that name, delete it. It may not allow you to though so add dload.exe to your firewall's "Blocked List" and then reboot into Safe Mode and delete the file. It should be located either at C:\Windows or C:\Windows\System32 ..
Check around for it though and make sure it's gone ... Double check the other file names I said earlier JUST in case. Reboot and see what happens. Repost after you've done that .... I've been running around the internet for days trying to figure this one out. A few sites have had people do certain things, such as what I told you earlier, and it's worked fine but unfortunately, yours is being a bit difficult  I'm hoping it works; I'll keep looking in the meantime just in case there's something else out there about it. Good luck!
|
|
#5
March 2nd, 2005, 08:48 PM
|
|||
|
|||
|
Quote:
Also ... Try looking for a PD7.exe while you're in Safe Mode
|
|
#6
March 4th, 2005, 06:48 PM
|
|||
|
|||
|
Quote:
yes, it has really been driving me nuts to a certain degree that's why i'm so grateful for your time, and the effort you are expending on this friggin' thing. i followed all of your new instructions once more, but didn't find the files (pd7.exe, dload.exe, prvdi.exe). from the time i last posted a reply, up to today, i have been notified nine (aaaghhh...) times by Panda that it had found and disinfected prvdi.exe (screenshot attached) my latest housecall scan again said that i had no viruses. what a pain...  i went over my latest HJT log (below) and didn't notice anything out of the ordinary. Logfile of HijackThis v1.99.1 Scan saved at 8:17:22 AM, on 3/5/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE d:\Program Files\ISS\BlackICE\blackd.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE D:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe D:\Program Files\ISS\BlackICE\blackice.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Unzipped\hijackthis\HijackThis.exe D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [WinPatrol] "d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - D:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://210.1.70.65/nProtect/KeyCrypt/npkcx.cab O23 - Service: BlackICE - Internet Security Systems, Inc. - d:\Program Files\ISS\BlackICE\blackd.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: RapApp - Internet Security Systems, Inc. - d:\Program Files\ISS\BlackICE\rapapp.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE i guess i will simply have to reformat my HD to get rid of this pest. unfortunately, i will have to wait until i get either a new CD burner or spare HD to do back-ups first. in any case, thank you so much again for all the help. you are a very kind soul. GBU
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Prvdi.exe Again |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
