Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please Help


  • Please log in to reply
3 replies to this topic

#1 verit4s

verit4s

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 20 November 2005 - 01:16 PM

I have used Norton AntiVirus, Spyboy and Adaware numerous times, but every time the spyware hijacks my browser (firefox and IE) and reinstalls itself.

Please assist me, this is getting out of control.

Logfile of HijackThis v1.99.1
Scan saved at 1:14:14 PM, on 11/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\D-Tools\daemon.exe
E:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Opware12] "E:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120063693670
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32FA40C-CDAE-491E-91C4-300B3157CEA8}: NameServer = 206.47.244.55 206.47.244.111
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\r2p8lc7u1f.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Serverla - Unknown owner - C:\WINDOWS\System32\serverla.exe" -service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks in advance

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:49 AM

Posted 20 November 2005 - 01:59 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 verit4s

verit4s
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 20 November 2005 - 08:22 PM

I think that fixed it, but let me put it up just in case...

********
7:48 PM: | Start of Session, Sunday, November 20, 2005 |
7:48 PM: Spy Sweeper started
7:48 PM: Sweep initiated using definitions version 574
7:48 PM: Starting Memory Sweep
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: Found Adware: icannnews
7:49 PM: Detected running threat: C:\WINDOWS\system32\r2p8lc7u1f.dll (ID = 83)
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: Detected running threat: C:\WINDOWS\system32\iWsnap.dll (ID = 83)
7:51 PM: Memory Sweep Complete, Elapsed Time: 00:03:10
7:51 PM: Starting Registry Sweep
7:51 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:51 PM: Starting Cookie Sweep
7:51 PM: Found Spy Cookie: yieldmanager cookie
7:51 PM: jason@ad.yieldmanager[2].txt (ID = 3751)
7:51 PM: Found Spy Cookie: azjmp cookie
7:51 PM: jason@azjmp[2].txt (ID = 2270)
7:51 PM: Found Spy Cookie: did-it cookie
7:51 PM: jason@did-it[1].txt (ID = 2523)
7:51 PM: Found Spy Cookie: starware.com cookie
7:51 PM: jason@h.starware[1].txt (ID = 3442)
7:51 PM: Found Spy Cookie: touchclarity cookie
7:51 PM: jason@msn.touchclarity[1].txt (ID = 3566)
7:51 PM: Found Spy Cookie: aptimus cookie
7:51 PM: jason@network.aptimus[1].txt (ID = 2235)
7:51 PM: jason@www.starware[1].txt (ID = 3442)
7:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:51 PM: Starting File Sweep
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: Found Adware: look2me
7:52 PM: appwrap[1].exe (ID = 65722)
7:52 PM: appwrap[2].exe (ID = 65739)
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: aza8lc7u1f.dll (ID = 159)
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: r2p8lc7u1f.dll (ID = 159)
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: iwsnap.dll (ID = 159)
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: File Sweep Complete, Elapsed Time: 00:12:38
8:04 PM: Full Sweep has completed. Elapsed time 00:15:59
8:04 PM: Traces Found: 14
8:05 PM: Removal process initiated
8:05 PM: Quarantining All Traces: icannnews
8:05 PM: icannnews is in use. It will be removed on reboot.
8:05 PM: C:\WINDOWS\system32\r2p8lc7u1f.dll is in use. It will be removed on reboot.
8:05 PM: C:\WINDOWS\system32\iWsnap.dll is in use. It will be removed on reboot.
8:05 PM: Quarantining All Traces: look2me
8:05 PM: look2me is in use. It will be removed on reboot.
8:05 PM: aza8lc7u1f.dll is in use. It will be removed on reboot.
8:05 PM: r2p8lc7u1f.dll is in use. It will be removed on reboot.
8:05 PM: iwsnap.dll is in use. It will be removed on reboot.
8:05 PM: Quarantining All Traces: aptimus cookie
8:05 PM: Quarantining All Traces: azjmp cookie
8:05 PM: Quarantining All Traces: did-it cookie
8:05 PM: Quarantining All Traces: starware.com cookie
8:05 PM: Quarantining All Traces: touchclarity cookie
8:05 PM: Quarantining All Traces: yieldmanager cookie
8:05 PM: Warning: Launched explorer.exe
8:05 PM: Warning: Quarantine process could not restart Explorer.
8:06 PM: Preparing to restart your computer. Please wait...
8:06 PM: Removal process completed. Elapsed time 00:00:54
********
7:43 PM: | Start of Session, Sunday, November 20, 2005 |
7:43 PM: Spy Sweeper started
7:46 PM: Your spyware definitions have been updated.
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: | End of Session, Sunday, November 20, 2005 |

Logfile of HijackThis v1.99.1
Scan saved at 8:19:40 PM, on 11/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Opware12] "E:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120063693670
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32FA40C-CDAE-491E-91C4-300B3157CEA8}: NameServer = 206.47.244.55 206.47.244.111
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Serverla - Unknown owner - C:\WINDOWS\System32\serverla.exe" -service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thank you for your help!

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:49 AM

Posted 21 November 2005 - 11:38 AM

Ok! Glad i was able to help you! :thumbsup:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :flowers: :trumpet:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users