Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
5 replies to this topic

#1 venable

venable

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 03 December 2005 - 03:04 PM

I've gotten rid of most of the trojans and adware, but there seems to be something that none of the programs are finding that's still popping up ads. thanks

morgan

Logfile of HijackThis v1.99.1
Scan saved at 11:18:01 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wupdmgr.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Morgan\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094705006515
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktp0l77m1.dll (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\nxdsbcli.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:14 AM

Posted 03 December 2005 - 03:08 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

#3 venable

venable
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 03 December 2005 - 03:55 PM

Here's the spysweeper log:

********
12:12 PM: | Start of Session, Saturday, December 03, 2005 |
12:12 PM: Spy Sweeper started
12:12 PM: Sweep initiated using definitions version 577
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: Starting Memory Sweep
12:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:14 PM: Found Adware: look2me
12:14 PM: Detected running threat: C:\WINDOWS\system32\nxdsbcli.dll (ID = 163672)
12:14 PM: Detected running threat: C:\WINDOWS\system32\udrvpa.dll (ID = 163672)
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: Memory Sweep Complete, Elapsed Time: 00:03:57
12:16 PM: Starting Registry Sweep
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: Found Adware: dollarrevenue
12:24 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
12:24 PM: Found Adware: command
12:24 PM: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
12:24 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
12:24 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
12:24 PM: Found Adware: spysheriff
12:24 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\msctl32.dll\ (4 subtraces) (ID = 1021403)
12:24 PM: Found Adware: cws_secure32.html hijack
12:24 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-1677128483-839522115-500\software\microsoft\internet explorer\main\ || start page (ID = 946023)
12:24 PM: Found Adware: coolwebsearch (cws)
12:24 PM: HKU\S-1-5-21-1606980848-1677128483-839522115-1003\software\microsoft\internet explorer\keywords\ (2 subtraces) (ID = 109820)
12:24 PM: Found Adware: findthewebsiteyouneed hijacker
12:24 PM: HKU\S-1-5-21-1606980848-1677128483-839522115-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
12:24 PM: HKU\S-1-5-21-1606980848-1677128483-839522115-1003\software\microsoft\internet explorer\main\ || start page (ID = 946023)
12:24 PM: Found Trojan Horse: trojan-backdoor-superbgirlz
12:24 PM: HKU\S-1-5-21-1606980848-1677128483-839522115-1003\software\classes\clsid\{4f141cba-1457-6cca-03a7-7aa21b61ea0f}\ (3 subtraces) (ID = 954563)
12:24 PM: Registry Sweep Complete, Elapsed Time:00:07:53
12:24 PM: Starting Cookie Sweep
12:24 PM: Found Spy Cookie: yieldmanager cookie
12:24 PM: morgan@ad.yieldmanager[2].txt (ID = 3751)
12:24 PM: Found Spy Cookie: adecn cookie
12:24 PM: morgan@adecn[1].txt (ID = 2063)
12:24 PM: Found Spy Cookie: cc214142 cookie
12:24 PM: morgan@ads.cc214142[1].txt (ID = 2367)
12:24 PM: Found Spy Cookie: atwola cookie
12:24 PM: morgan@atwola[1].txt (ID = 2255)
12:24 PM: Found Spy Cookie: azjmp cookie
12:24 PM: morgan@azjmp[2].txt (ID = 2270)
12:24 PM: Found Spy Cookie: go.com cookie
12:24 PM: morgan@espn.go[1].txt (ID = 2729)
12:24 PM: Found Spy Cookie: exitexchange cookie
12:24 PM: morgan@exitexchange[2].txt (ID = 2633)
12:24 PM: morgan@go[1].txt (ID = 2728)
12:24 PM: Found Spy Cookie: starware.com cookie
12:24 PM: morgan@h.starware[2].txt (ID = 3442)
12:24 PM: Found Spy Cookie: screensavers.com cookie
12:24 PM: morgan@i.screensavers[1].txt (ID = 3298)
12:24 PM: Found Spy Cookie: monstermarketplace cookie
12:24 PM: morgan@monstermarketplace[1].txt (ID = 3006)
12:24 PM: Found Spy Cookie: overture cookie
12:24 PM: morgan@perf.overture[1].txt (ID = 3106)
12:24 PM: Found Spy Cookie: qksrv cookie
12:24 PM: morgan@qksrv[1].txt (ID = 3213)
12:24 PM: Found Spy Cookie: rn11 cookie
12:24 PM: morgan@rn11[2].txt (ID = 3261)
12:24 PM: morgan@rsi.espn.go[1].txt (ID = 2729)
12:24 PM: morgan@sports.espn.go[2].txt (ID = 2729)
12:24 PM: morgan@starware[2].txt (ID = 3441)
12:24 PM: Found Spy Cookie: reliablestats cookie
12:24 PM: morgan@stats1.reliablestats[2].txt (ID = 3254)
12:24 PM: Found Spy Cookie: trafficmp cookie
12:24 PM: morgan@trafficmp[1].txt (ID = 3581)
12:24 PM: morgan@www.screensavers[2].txt (ID = 3298)
12:24 PM: morgan@www.starware[1].txt (ID = 3442)
12:24 PM: Found Spy Cookie: adserver cookie
12:24 PM: morgan@z1.adserver[1].txt (ID = 2142)
12:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:24 PM: Starting File Sweep
12:26 PM: Found Adware: targetsaver
12:26 PM: tsupdate2[1].ini (ID = 193498)
12:26 PM: hr0005dme.dll (ID = 163672)
12:26 PM: tupmib.dll (ID = 159)
12:26 PM: nxdsbcli.dll (ID = 163672)
12:27 PM: udrvpa.dll (ID = 163672)
12:28 PM: toolbar[1].txt (ID = 194384)
12:28 PM: toolbar.exe (ID = 194384)
12:28 PM: installer[1].exe (ID = 168558)
12:28 PM: ktjol7131.dll (ID = 159)
12:29 PM: secure32.html (ID = 184319)
12:29 PM: stub_113_4_0_4_0[1].exe (ID = 193995)
12:33 PM: tsuninst.exe (ID = 193501)
12:37 PM: Found Adware: apropos
12:37 PM: wingenerics.dll (ID = 50187)
12:37 PM: glf46glf46.exe (ID = 193501)
12:37 PM: dwusic.dll (ID = 163672)
12:40 PM: krlrvzu4kilywahs.vbs (ID = 185675)
12:40 PM: donotdelete[1].htm (ID = 198788)
12:40 PM: drsmartload.dat (ID = 198788)
12:40 PM: File Sweep Complete, Elapsed Time: 00:15:43
12:40 PM: Full Sweep has completed. Elapsed time 00:27:52
12:40 PM: Traces Found: 88
12:43 PM: Removal process initiated
12:43 PM: Quarantining All Traces: look2me
12:44 PM: look2me is in use. It will be removed on reboot.
12:44 PM: nxdsbcli.dll is in use. It will be removed on reboot.
12:44 PM: udrvpa.dll is in use. It will be removed on reboot.
12:44 PM: C:\WINDOWS\system32\nxdsbcli.dll is in use. It will be removed on reboot.
12:44 PM: C:\WINDOWS\system32\udrvpa.dll is in use. It will be removed on reboot.
12:44 PM: Quarantining All Traces: spysheriff
12:44 PM: Quarantining All Traces: apropos
12:44 PM: apropos is in use. It will be removed on reboot.
12:44 PM: wingenerics.dll is in use. It will be removed on reboot.
12:44 PM: Quarantining All Traces: coolwebsearch (cws)
12:44 PM: Quarantining All Traces: trojan-backdoor-superbgirlz
12:44 PM: Quarantining All Traces: command
12:44 PM: Quarantining All Traces: cws_secure32.html hijack
12:44 PM: Quarantining All Traces: dollarrevenue
12:44 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
12:44 PM: Quarantining All Traces: targetsaver
12:44 PM: Quarantining All Traces: adecn cookie
12:44 PM: Quarantining All Traces: adserver cookie
12:44 PM: Quarantining All Traces: atwola cookie
12:44 PM: Quarantining All Traces: azjmp cookie
12:44 PM: Quarantining All Traces: cc214142 cookie
12:44 PM: Quarantining All Traces: exitexchange cookie
12:44 PM: Quarantining All Traces: go.com cookie
12:44 PM: Quarantining All Traces: monstermarketplace cookie
12:44 PM: Quarantining All Traces: overture cookie
12:44 PM: Quarantining All Traces: qksrv cookie
12:44 PM: Quarantining All Traces: reliablestats cookie
12:44 PM: Quarantining All Traces: rn11 cookie
12:44 PM: Quarantining All Traces: screensavers.com cookie
12:44 PM: Quarantining All Traces: starware.com cookie
12:44 PM: Quarantining All Traces: trafficmp cookie
12:44 PM: Quarantining All Traces: yieldmanager cookie
12:44 PM: Preparing to restart your computer. Please wait...
12:44 PM: Removal process completed. Elapsed time 00:00:59
********
12:12 PM: | Start of Session, Saturday, December 03, 2005 |
12:12 PM: Spy Sweeper started
12:12 PM: Sweep initiated using definitions version 577
12:12 PM: Sweep Canceled
12:12 PM: Traces Found: 0
12:12 PM: | End of Session, Saturday, December 03, 2005 |
********
12:10 PM: | Start of Session, Saturday, December 03, 2005 |
12:10 PM: Spy Sweeper started
12:11 PM: Your spyware definitions have been updated.
12:12 PM: | End of Session, Saturday, December 03, 2005 |


And here's hijackthis after reboot:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:59 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Morgan\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094705006515
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktp0l77m1.dll (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\nxdsbcli.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:14 AM

Posted 03 December 2005 - 03:59 PM

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ktp0l77m1.dll (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\nxdsbcli.dll (file missing)


Clean Log!! Posted Image
How's everything running?

David

#5 venable

venable
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 03 December 2005 - 04:03 PM

Everything seems clean -- no popups. I'll zap those entries and see if it comes up without them on reboot.

Thanks a million!

morgan

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:14 AM

Posted 03 December 2005 - 04:04 PM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users