# Yet Another Register Log

Discussion in 'Virus & Other Malware Removal' started by tooltrader, May 24, 2005.

Hello, let me start out by saying that I purchased CounterSpy and ran a "deep scan" of my computer and it removed several spyware's and adwares, but they seem to reappear. After contacting Spyware's "tech support" I was told to download the free scanner and report the findings here - boy am I glad I spent $20 for that! Along with this I have lost the ability to modify the toolbars in Internet Explorer. I have already downloaded hijack per the other posts and have run a scan, here are the results: Logfile of HijackThis v1.99.1 Scan saved at 5:16:37 PM, on 5/24/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Promon.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\My Documents\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~4E0BB6DF-33CD-8807-528E-79405BBF46FA} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KeywordFinder] LOPTCON.exe O4 - HKLM\..\Run: [SysEntry] newbreed.exe O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKCU\..\Run: [Preliminary] prgsys0984.exe O4 - HKCU\..\Run: [prcmon] barint.exe O4 - HKCU\..\Run: [Bogobot] teqq32.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3FE5D2C8-19BC-4F8C-AC9A-5CEA3D688888}: NameServer = 69.50.184.86,195.225.176.110 O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110 O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.86,195.225.176.110 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe Any help that you can give me in solving my problem would be greatly appreciated. thank you, Brad 2. ### BannerGuy Joined: Mar 30, 2005 Messages: 429 First of all welcome to the forums... its a good place to get help... Couple questions... do you have any Anti-virus software? If not I would suggest downloading either AVG or Avast! both are free and suggested by the community... Just download one, two Anti-virus programs causes issues. Second download a couple of the spyware programs in my signature and install, update, and run them... I hate to say it but these are just as good as the one you paid$20 for. (Microsoft is my fave). Run a FULL system scan and be sure to remove ANY programs that they suggest to remove.

last... go to START --> Run and type %temp% and hit enter. Remove any items you find in the window.

There may be a couple things in your HJT log, but I will leave it up to the Guru's to point them out. But from what I see you may well need thier advice

Well I downloaded AVAST and ran the scan both on boot and regular scan, I still have my problems. Any help with the log would be appreciated.
thank you,

well good to hear that you dont have any viruses... at least none of the recent ones. Did you download and do full system scans with the anti-virus programs that were in my signature? Some may come back, but with the right tools the Vx and others should not. I suggest Ad-aware and Microsoft, which seem to overlap coverage of scans pretty well... be sure they are updated and you are running FULL system scans. After you do this please rerun adn repost your HJT log.

