|
|
|
Help
|
|
Member
|
17. November 2007 @ 00:13 |
Link to this message
|
I made a thread about "hidden adware" which explains my problem in detail, but no one replied so I searched on the computer for the registry value that spydoctor 5.1 gave me for the adware search bar that i cant delete, so I found it with registry editer and deleted it but it still comes back so i'm hoping that my log will help someone help me make sense of this annoyance.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:01 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Popup Eliminator\Popup Eliminator.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Patrick\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AutoDisplayObj Class - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\Program Files\Popup Eliminator\AutoDisplay490.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Popup Eliminator - {F50CE767-AE72-45EB-AECD-E8786C240373} - C:\Program Files\Popup Eliminator\PEToolBar490.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] "E:\Ulead Video Studio 10\uvPL.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Messenger Service A] MSNMSGR.EXE
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopupEliminator] "C:\Program Files\Popup Eliminator\Popup Eliminator.exe" /min
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Popup Eliminator\PEToolBar490.dll
O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Popup Eliminator\PEToolBar490.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
|
|
Advertisement
|
|
|
|
Member
|
17. November 2007 @ 17:39 |
Link to this message
|
hi Dumbpoopy,
i will help you, but you have to help me. i am getting posts with no feed back from the posters, we get so far then no more replies from them.
we can try combofix to see what it can dig up. you have spysweeper, a second anti-malware app wouldnt be a bad idea.
Please download ComboFix (by sUBs) from one of the following links:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to the Desktop.
Double-click combofix.exe and follow the prompts.
CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.
When finished, it produces a log.
Please provide the contents of the ComboFix log in your reply--
echoreply
|
Member
|
17. November 2007 @ 18:16 |
Link to this message
|
ComboFix 07-11-08.1 - Patrick 2007-11-17 18:48:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2385 [GMT -4:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Patrick\Application Data\inst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NNSERV
-------\NNServ
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 18:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 13:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-16 13:27 <DIR> d-------- C:\Program Files\MSBuild
2007-11-16 13:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-16 13:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-16 13:23 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-16 13:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-11-14 14:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 12:07 <DIR> d-------- C:\Program Files\Sygate
2007-11-11 12:07 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-11-11 12:07 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-11-11 12:07 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-11-10 22:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-10 22:41 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\PC Tools
2007-11-10 22:41 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-10 22:41 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-10 22:41 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-10 22:41 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-10 22:01 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-08 01:11 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-08 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-08 00:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 02:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-06 02:15 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2007-10-27 18:34 <DIR> d-------- C:\Program Files\Razor LAME
2007-10-25 15:22 <DIR> d-------- C:\Program Files\Audacity
2007-10-25 13:20 39,248 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-10-25 13:20 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-10-25 13:20 21,312 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-10-25 13:05 <DIR> d-------- C:\Program Files\Bell Mobility
2007-10-23 12:09 <DIR> d-------- C:\Program Files\LGGSM
2007-10-23 12:09 <DIR> d-------- C:\Program Files\LG Electronics
2007-10-23 12:09 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2007-10-23 11:57 <DIR> d-------- C:\Program Files\LG Drivers
2007-10-20 20:40 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 23:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 22:42 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent
2007-11-17 20:04 --------- d-----w C:\Documents and Settings\Patrick\Application Data\LimeWire
2007-11-13 16:45 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Vso
2007-11-02 14:14 --------- d-----w C:\Program Files\Java
2007-10-26 03:16 --------- d-----w C:\Program Files\HP
2007-10-25 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 00:39 164 ----a-w C:\install.dat
2007-10-20 13:29 --------- d-----w C:\Program Files\uTorrent
2007-10-16 05:21 --------- d-----w C:\Program Files\Azureus
2007-10-16 04:56 --------- d-----w C:\Program Files\BitLord
2007-10-16 04:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Azureus
2007-10-15 08:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2007-10-15 08:22 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-13 01:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-06 05:07 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Ahead
2007-10-04 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-10-04 22:23 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-10-03 19:46 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-03 19:43 --------- d-----w C:\Program Files\Nero
2007-10-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-03 19:41 --------- d-----w C:\Program Files\Ahead
2007-10-03 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-01 23:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 23:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 23:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 23:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-09-29 19:12 --------- d-----w C:\Program Files\Doom 3
2007-09-27 07:35 --------- d-----w C:\Documents and Settings\Patrick\Application Data\DAEMON Tools Pro
2007-09-27 07:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-09-25 06:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Image Zone Express
2007-09-25 06:45 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Printer Info Cache
2007-09-19 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-09-19 09:09 --------- d-----w C:\Program Files\WiFiConnector
2007-09-19 06:38 --------- d-----w C:\Program Files\Common Files\snp2std
2007-09-17 08:05 --------- d-----w C:\Program Files\LimeWire
2007-09-01 15:50 47,360 ----a-w C:\Documents and Settings\Patrick\Application Data\pcouffin.sys
2007-08-24 20:29 94,080 ----a-w C:\Documents and Settings\Patrick\Application Data\ezplay.sys
2007-08-24 20:29 81,920 ----a-w C:\Documents and Settings\Patrick\Application Data\ezpinst.exe
2007-08-21 08:08 256 ----a-w C:\sccfg.sys
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 23:23 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-08-17 23:23 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-08-17 23:23 8,478,720 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-08-17 23:23 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-08-17 23:23 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-08-17 23:23 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-08-17 23:23 5,860,736 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-08-17 23:23 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-08-17 23:23 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-08-17 23:23 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-08-17 23:23 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-08-17 23:23 360,448 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-08-17 23:23 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-08-17 23:23 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-08-17 23:23 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-08-17 23:23 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-08-17 23:23 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-08-17 23:23 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-08-17 23:23 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-08-17 23:23 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-08-17 23:23 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-08-17 23:23 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-08-17 23:23 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-08-17 23:23 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-17 23:23 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-08-17 23:23 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-08-17 23:23 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-08-17 23:23 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-08-17 23:23 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-08-17 23:23 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-07-17 21:07:44 80 --sh--r C:\WINDOWS\system32\06C42A2E5A.dll
2007-06-13 10:23:07 811,008 --sh--r C:\WINDOWS\system32\yknvfs.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 21:08 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-08-17 19:23 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-03 17:02]
"UVS10 Preload"="E:\Ulead Video Studio 10\uvPL.exe" [2006-03-07 03:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 07:00]
"MSN Messenger Service A"="MSNMSGR.EXE" []
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 21:47]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 19:14]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:00 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 18:40]
"emMON"="emMON.exe" [2006-05-31 00:24 C:\WINDOWS\emMON.exe]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-10 22:43]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 19:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"PopupEliminator"="C:\Program Files\Popup Eliminator\Popup Eliminator.exe" [2003-06-03 15:51]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 07:21:22]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-06-18 04:24:45]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-19 05:09:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 LF30FS;LF30FS;\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys
S2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 USB28xxBGA;USB 2820 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 19:00:59
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 19:04:13 - machine was rebooted
.
--- E O F ---
|
Member
|
17. November 2007 @ 18:20 |
Link to this message
|
|
sorry for the double post but after that scan, i swept with spy doctor and ended up having still the adware search bar, as well as 2 different trojans.
|
Member
|
17. November 2007 @ 19:19 |
Link to this message
|
hi,
the combofix log looks ok. so does the hjt log.
anyway to save/post the spyware doctor log showing the files its finding? what about spysweeper, is it finding anything? what about ad aware? it is possible to have harmless leftover registry entries.
echoreply
|
Member
|
18. November 2007 @ 18:39 |
Link to this message
|
Well spysweeper picks up that theres "traces" of something but it never tells me what or deletes them, so i got spyware doctor 5.1 and it keeps telling me that i have an adware easy search bar. And no matter what i do for the life of me it won't go away. And now after running the scan again i have one more infection of that search bar since last time.
|
Member
|
18. November 2007 @ 20:49 |
Link to this message
|
Quote:
it keeps telling me that i have an adware easy search bar.
are you actually seeing this search bar in internet explorer? or is it just in the registry?
echoreply
|
Member
|
18. November 2007 @ 22:23 |
Link to this message
|
it only shows up in the registry, and when i delete it from there, its back within 20 mins, would uninstalling internet explorer rid the problem?
|
Member
|
18. November 2007 @ 22:45 |
Link to this message
|
Quote:
would uninstalling internet explorer rid the problem?
no, i was assuming you were seeing the toolbar in IE. its possible to have harmless leftover registry entries. are you having any symptoms of malware? like popups, page redirects etc.
does the registry entry you are trying to delete provide any clues?like mention software or anything?
echoreply
|
Member
|
18. November 2007 @ 22:54 |
Link to this message
|
well it used to redirect me but then i got spyware doctor, all it tells me about this "adware toolbar" is that instead of the comp asking me to install something, this toolbar will automatically install things even if they're harmful.
|
Member
|
18. November 2007 @ 23:04 |
Link to this message
|
lets see if a online scan can dig up anything:
F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml
uses Internet Explorer only
click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet
"accept" the License Agreement, click "full system scan"
Once the download completes,the scan will begin automatically.Download may take awhile
The scan will take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
echoreply
|
Member
|
19. November 2007 @ 00:25 |
Link to this message
|
|
file:///C:/DOCUME~1/Patrick/LOCALS~1/Temp/OnlineScanner/ols_report.html
i can't believe i had like 6 viruses, especially ones that none of my scanners picked up. Im going to do a scan right now and see if this "tool bar" pops up again
|
Member
|
19. November 2007 @ 00:53 |
Link to this message
|
|
sigh....its still there.
|
Member
|
19. November 2007 @ 10:33 |
Link to this message
|
Quote:
6 viruses, especially ones that none of my scanners picked up
speaking of viruses, i dont see a resident antivirus app in your log.
i see spy sweeper and ad aware. these aren't AV apps.
Quote:
file:///C:/DOCUME~1/Patrick/LOCALS~1/Temp/OnlineScanner/ols_report.html
this isnt the online scan report.
look in add/remove programs panel for anything like:
NewdotNet or NewDotNet domains, uninstall if present.
go to start>run and type in--> services.msc,<--in the list of services that comes up look for>>NNServ
right click on it and select properties.
under the general tab:
the path to the .exe should be:C:\Program Files\NewDotNet\nnrun.exe
make sure that the service status is: Stopped, if not click the Stop button
and the Startup type is: disabled, if not change it to disable
click apply, then ok
post the reg key you keep trying to delete;
start>run type in regedit
find the key click on it. at top go to File>Export, name it something with a .txt extension change "save as type" to "text files"
post the saved .txt file
echoreply
|
|
Advertisement
|
|
|
Member
|
19. November 2007 @ 15:01 |
Link to this message
|
NNserv wasnt there, and NewDotNet wasn't there, and as far as i can tell this is the longest that the tool bar hasnt shown up, so maybe that scan help, but you are right about the av, spysweeper has one on it but i was thinking of getting avg. If the toolbar shows up again ill post, thanks for your help.
|
|
