Paintball Guns and Gear forums banner

1 - 5 of 5 Posts

·
Allen
Joined
·
5,718 Posts
Discussion Starter #1
Alright well i got rid of the virus i had so thats cool but now i have this big ass flashing screen on my desktop the says"danger spyware" and i cant get it to go the **** away i have run spython,spybot, and adaware and its still there so i got hijackthis to try and figure it out but thats a little over my head so here is the log file from hijackthis maybe somebody can look at it and tell me what to remove or give me some ideas on how to fix this

oh and this box thing happens to have a link to razespyware remover ****ing bastards

but thanks for any help

Logfile of HijackThis v1.99.1
Scan saved at 5:14:45 PM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D26AF06-30E5-4A4A-9BAA-EA751C26BA75}: NameServer = 85.255.115.18,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{A366BF7D-BDEA-4809-A638-07DB9A2662F9}: NameServer = 85.255.115.18,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5EF26D2-E8D9-4E5A-89F7-DF93D017EB44}: NameServer = 85.255.115.18,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB3589EB-3F5D-4C8D-99C1-A7471C291BE2}: NameServer = 85.255.115.18,85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.168
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

·
ABCDEFGHIJKLMNOPQRSTFU
Joined
·
5,450 Posts
Try booting up in safe mode (withOUT networking) and scanning. That usually will get stuff that can sometimes hide from you.

Update all of your definitions, reboot in safemode, scan, and win.
 
1 - 5 of 5 Posts
Top