After rebooting for Spysweeper's search, I immediately made a system restore
and deleted the old files. I then used MS Clean and Norton Clean, and took
Spysweeper's suggestion to reset my IE browser settings. Then I made
the HiJackThis log attached below the Spy Sweeper log below. E: drive
is my Cd-r/w drive, so ignore that it couldn't access that.
NO MORE a-d-a-ware POPUPS SO FAR! THANK YOU!
However: CWshredder is still finding CWS.Jksearch.
So I suspect I'm not finished quite yet: xhob2res.dll is also still in my
registry, although mkxml.dll is gone (or renamed). What now?
Here are the current logs for Spy Sweeper / HiJackThis:
********
8:45 AM: | Start of Session, Saturday, November 05, 2005 |
8:45 AM: Spy Sweeper started
8:45 AM: Sweep initiated using definitions version 567
8:45 AM: Starting Memory Sweep
8:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 AM: Found Adware: icannnews
8:45 AM: Detected running threat: C:\WINNT\system32\aeferror.dll (ID = 83)
8:46 AM: Detected running threat: C:\WINNT\system32\fn4021hmg.dll (ID = 83)
8:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 AM: Memory Sweep Complete, Elapsed Time: 00:02:54
8:48 AM: Starting Registry Sweep
8:48 AM: Found Trojan Horse: kitten free sex dialer
8:48 AM: HKLM\software\sds software\ (8 subtraces) (ID = 129640)
8:48 AM: Registry Sweep Complete, Elapsed Time:00:00:12
8:48 AM: Starting Cookie Sweep
8:48 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:48 AM: Starting File Sweep
8:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 AM: Warning: Failed to access drive E:
9:09 AM: File Sweep Complete, Elapsed Time: 00:20:56
9:09 AM: Full Sweep has completed. Elapsed time 00:24:06
9:09 AM: Traces Found: 11
9:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 AM: Removal process initiated
9:10 AM: Quarantining All Traces: icannnews
9:10 AM: icannnews is in use. It will be removed on reboot.
9:10 AM: C:\WINNT\system32\aeferror.dll is in use. It will be removed on reboot.
9:10 AM: C:\WINNT\system32\fn4021hmg.dll is in use. It will be removed on reboot.
9:10 AM: Quarantining All Traces: kitten free sex dialer
9:10 AM: Warning: Launched explorer.exe
9:10 AM: Warning: Quarantine process could not restart Explorer.
9:11 AM: Preparing to restart your computer. Please wait...
9:11 AM: Removal process completed. Elapsed time 00:00:44
********
8:43 AM: | Start of Session, Saturday, November 05, 2005 |
8:43 AM: Spy Sweeper started
8:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 AM: Your spyware definitions have been updated.
8:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 AM: | End of Session, Saturday, November 05, 2005 |
*************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:26:13 AM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WDC\SetIcon.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MXOALDR.EXE
C:\WINNT\GWHotKey.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\wuauclt.exe
C:\hijack\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Fnord Explorer
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1123380463149
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
