1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Yet Another Register Log

Discussion in 'Virus & Other Malware Removal' started by tooltrader, May 24, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. tooltrader

    tooltrader Thread Starter

    Joined:
    May 24, 2005
    Messages:
    2
    Hello, let me start out by saying that I purchased CounterSpy and ran a "deep scan" of my computer and it removed several spyware's and adwares, but they seem to reappear. After contacting Spyware's "tech support" I was told to download the free scanner and report the findings here - boy am I glad I spent $20 for that! Along with this I have lost the ability to modify the toolbars in Internet Explorer. I have already downloaded hijack per the other posts and have run a scan, here are the results:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:16:37 PM, on 5/24/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\Promon.exe
    C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
    C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\My Documents\Hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - ~4E0BB6DF-33CD-8807-528E-79405BBF46FA} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [KeywordFinder] LOPTCON.exe
    O4 - HKLM\..\Run: [SysEntry] newbreed.exe
    O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
    O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
    O4 - HKCU\..\Run: [Preliminary] prgsys0984.exe
    O4 - HKCU\..\Run: [prcmon] barint.exe
    O4 - HKCU\..\Run: [Bogobot] teqq32.exe
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE5D2C8-19BC-4F8C-AC9A-5CEA3D688888}: NameServer = 69.50.184.86,195.225.176.110
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe


    Any help that you can give me in solving my problem would be greatly appreciated.
    thank you,
    Brad
     
  2. BannerGuy

    BannerGuy

    Joined:
    Mar 30, 2005
    Messages:
    429
    First of all welcome to the forums... its a good place to get help...

    Couple questions... do you have any Anti-virus software? If not I would suggest downloading either AVG or Avast! both are free and suggested by the community... Just download one, two Anti-virus programs causes issues.

    Second download a couple of the spyware programs in my signature and install, update, and run them... I hate to say it but these are just as good as the one you paid $20 for. (Microsoft is my fave). Run a FULL system scan and be sure to remove ANY programs that they suggest to remove.

    last... go to START --> Run and type %temp% and hit enter. Remove any items you find in the window.

    There may be a couple things in your HJT log, but I will leave it up to the Guru's to point them out. But from what I see you may well need thier advice
     
  3. tooltrader

    tooltrader Thread Starter

    Joined:
    May 24, 2005
    Messages:
    2
    Well I downloaded AVAST and ran the scan both on boot and regular scan, I still have my problems. Any help with the log would be appreciated.
    thank you,
    Brad
     
  4. BannerGuy

    BannerGuy

    Joined:
    Mar 30, 2005
    Messages:
    429
    well good to hear that you dont have any viruses... at least none of the recent ones. Did you download and do full system scans with the anti-virus programs that were in my signature? Some may come back, but with the right tools the Vx and others should not. I suggest Ad-aware and Microsoft, which seem to overlap coverage of scans pretty well... be sure they are updated and you are running FULL system scans. After you do this please rerun adn repost your HJT log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/365231

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice