I made a thread about "hidden adware" which explains my problem in detail, but no one replied so I searched on the computer for the registry value that spydoctor 5.1 gave me for the adware search bar that i cant delete, so I found it with registry editer and deleted it but it still comes back so i'm hoping that my log will help someone help me make sense of this annoyance. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:10:01 AM, on 11/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Popup Eliminator\Popup Eliminator.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Patrick\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AutoDisplayObj Class - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\Program Files\Popup Eliminator\AutoDisplay490.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Popup Eliminator - {F50CE767-AE72-45EB-AECD-E8786C240373} - C:\Program Files\Popup Eliminator\PEToolBar490.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UVS10 Preload] "E:\Ulead Video Studio 10\uvPL.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [MSN Messenger Service A] MSNMSGR.EXE O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [emMON] emMON.exe O4 - HKLM\..\Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopupEliminator] "C:\Program Files\Popup Eliminator\Popup Eliminator.exe" /min O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Popup Eliminator\PEToolBar490.dll O9 - Extra 'Tools' menuitem: Popup Eliminator - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Popup Eliminator\PEToolBar490.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
hi Dumbpoopy, i will help you, but you have to help me. i am getting posts with no feed back from the posters, we get so far then no more replies from them. we can try combofix to see what it can dig up. you have spysweeper, a second anti-malware app wouldnt be a bad idea. Please download ComboFix (by sUBs) from one of the following links: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to the Desktop. Double-click combofix.exe and follow the prompts. CAUTION: Do not mouse-click ComboFix's window while it is running. It may cause it to stall. When finished, it produces a log. Please provide the contents of the ComboFix log in your reply-- echoreply
ComboFix 07-11-08.1 - Patrick 2007-11-17 18:48:55.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2385 [GMT -4:00] Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Patrick\Application Data\inst.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NNSERV -------\NNServ ((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))) . 2007-11-17 18:47 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-16 13:33 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-16 13:27 <DIR> d-------- C:\Program Files\MSBuild 2007-11-16 13:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-16 13:24 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-16 13:23 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-16 13:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-11-14 14:50 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-11 12:07 <DIR> d-------- C:\Program Files\Sygate 2007-11-11 12:07 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-11-11 12:07 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-11-11 12:07 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-11-11 12:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-11-10 22:41 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-10 22:41 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\PC Tools 2007-11-10 22:41 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-10 22:41 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-10 22:41 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-10 22:41 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-10 22:01 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 01:11 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-08 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-08 00:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-06 02:15 <DIR> d-------- C:\Program Files\Kaspersky Lab 2007-11-06 02:15 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab 2007-10-27 18:34 <DIR> d-------- C:\Program Files\Razor LAME 2007-10-25 15:22 <DIR> d-------- C:\Program Files\Audacity 2007-10-25 13:20 39,248 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2007-10-25 13:20 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2007-10-25 13:20 21,312 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2007-10-25 13:05 <DIR> d-------- C:\Program Files\Bell Mobility 2007-10-23 12:09 <DIR> d-------- C:\Program Files\LGGSM 2007-10-23 12:09 <DIR> d-------- C:\Program Files\LG Electronics 2007-10-23 12:09 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll 2007-10-23 11:57 <DIR> d-------- C:\Program Files\LG Drivers 2007-10-20 20:40 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 23:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-17 22:42 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent 2007-11-17 20:04 --------- d-----w C:\Documents and Settings\Patrick\Application Data\LimeWire 2007-11-13 16:45 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Vso 2007-11-02 14:14 --------- d-----w C:\Program Files\Java 2007-10-26 03:16 --------- d-----w C:\Program Files\HP 2007-10-25 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-21 00:39 164 ----a-w C:\install.dat 2007-10-20 13:29 --------- d-----w C:\Program Files\uTorrent 2007-10-16 05:21 --------- d-----w C:\Program Files\Azureus 2007-10-16 04:56 --------- d-----w C:\Program Files\BitLord 2007-10-16 04:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Azureus 2007-10-15 08:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead 2007-10-15 08:22 --------- d-----w C:\Program Files\DVD Decrypter 2007-10-13 01:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-06 05:07 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Ahead 2007-10-04 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-10-04 22:23 --------- d-----w C:\Program Files\DAEMON Tools Pro 2007-10-03 19:46 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-03 19:43 --------- d-----w C:\Program Files\Nero 2007-10-03 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-03 19:41 --------- d-----w C:\Program Files\Ahead 2007-10-03 10:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-10-01 23:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll 2007-10-01 23:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys 2007-10-01 23:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys 2007-10-01 23:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys 2007-09-29 19:12 --------- d-----w C:\Program Files\Doom 3 2007-09-27 07:35 --------- d-----w C:\Documents and Settings\Patrick\Application Data\DAEMON Tools Pro 2007-09-27 07:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-09-25 06:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Image Zone Express 2007-09-25 06:45 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Printer Info Cache 2007-09-19 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-09-19 09:09 --------- d-----w C:\Program Files\WiFiConnector 2007-09-19 06:38 --------- d-----w C:\Program Files\Common Files\snp2std 2007-09-17 08:05 --------- d-----w C:\Program Files\LimeWire 2007-09-01 15:50 47,360 ----a-w C:\Documents and Settings\Patrick\Application Data\pcouffin.sys 2007-08-24 20:29 94,080 ----a-w C:\Documents and Settings\Patrick\Application Data\ezplay.sys 2007-08-24 20:29 81,920 ----a-w C:\Documents and Settings\Patrick\Application Data\ezpinst.exe 2007-08-21 08:08 256 ----a-w C:\sccfg.sys 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-17 23:23 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-08-17 23:23 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-08-17 23:23 8,478,720 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-08-17 23:23 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-08-17 23:23 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-08-17 23:23 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-08-17 23:23 5,860,736 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-08-17 23:23 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-08-17 23:23 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-08-17 23:23 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-08-17 23:23 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-08-17 23:23 360,448 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-08-17 23:23 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-08-17 23:23 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-08-17 23:23 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-08-17 23:23 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-08-17 23:23 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-08-17 23:23 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-08-17 23:23 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-08-17 23:23 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-08-17 23:23 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-08-17 23:23 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-08-17 23:23 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-08-17 23:23 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-08-17 23:23 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-08-17 23:23 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-08-17 23:23 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-08-17 23:23 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-08-17 23:23 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2007-08-17 23:23 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2007-07-17 21:07:44 80 --sh--r C:\WINDOWS\system32\06C42A2E5A.dll 2007-06-13 10:23:07 811,008 --sh--r C:\WINDOWS\system32\yknvfs.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 21:08 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-08-17 19:23 C:\WINDOWS\system32\nwiz.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-03 17:02] "UVS10 Preload"="E:\Ulead Video Studio 10\uvPL.exe" [2006-03-07 03:52] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 07:00] "MSN Messenger Service A"="MSNMSGR.EXE" [] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 21:47] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 19:14] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:00 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 18:40] "emMON"="emMON.exe" [2006-05-31 00:24 C:\WINDOWS\emMON.exe] "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-10 22:43] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 19:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] "PopupEliminator"="C:\Program Files\Popup Eliminator\Popup Eliminator.exe" [2003-06-03 15:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 07:21:22] InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-06-18 04:24:45] Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-19 05:09:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys R2 LF30FS;LF30FS;\??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys S2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys S3 USB28xxBGA;USB 2820 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-17 19:00:59 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-17 19:04:13 - machine was rebooted . --- E O F ---
sorry for the double post but after that scan, i swept with spy doctor and ended up having still the adware search bar, as well as 2 different trojans.
hi, the combofix log looks ok. so does the hjt log. anyway to save/post the spyware doctor log showing the files its finding? what about spysweeper, is it finding anything? what about ad aware? it is possible to have harmless leftover registry entries. echoreply
Well spysweeper picks up that theres "traces" of something but it never tells me what or deletes them, so i got spyware doctor 5.1 and it keeps telling me that i have an adware easy search bar. And no matter what i do for the life of me it won't go away. And now after running the scan again i have one more infection of that search bar since last time.
are you actually seeing this search bar in internet explorer? or is it just in the registry? echoreply
it only shows up in the registry, and when i delete it from there, its back within 20 mins, would uninstalling internet explorer rid the problem?
no, i was assuming you were seeing the toolbar in IE. its possible to have harmless leftover registry entries. are you having any symptoms of malware? like popups, page redirects etc. does the registry entry you are trying to delete provide any clues?like mention software or anything? echoreply
well it used to redirect me but then i got spyware doctor, all it tells me about this "adware toolbar" is that instead of the comp asking me to install something, this toolbar will automatically install things even if they're harmful.
lets see if a online scan can dig up anything: F-secure scan: http://support.f-secure.com/enu/home/ols.shtml uses Internet Explorer only click on the "start scanning button" near bottom of page. click to accept/install the ActiveX applet "accept" the License Agreement, click "full system scan" Once the download completes,the scan will begin automatically.Download may take awhile The scan will take some time to finish. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply. echoreply
file:///C:/DOCUME~1/Patrick/LOCALS~1/Temp/OnlineScanner/ols_report.html i can't believe i had like 6 viruses, especially ones that none of my scanners picked up. Im going to do a scan right now and see if this "tool bar" pops up again
speaking of viruses, i dont see a resident antivirus app in your log. i see spy sweeper and ad aware. these aren't AV apps. this isnt the online scan report. look in add/remove programs panel for anything like: NewdotNet or NewDotNet domains, uninstall if present. go to start>run and type in--> services.msc,<--in the list of services that comes up look for>>NNServ right click on it and select properties. under the general tab: the path to the .exe should be:C:\Program Files\NewDotNet\nnrun.exe make sure that the service status is: Stopped, if not click the Stop button and the Startup type is: disabled, if not change it to disable click apply, then ok post the reg key you keep trying to delete; start>run type in regedit find the key click on it. at top go to File>Export, name it something with a .txt extension change "save as type" to "text files" post the saved .txt file echoreply
NNserv wasnt there, and NewDotNet wasn't there, and as far as i can tell this is the longest that the tool bar hasnt shown up, so maybe that scan help, but you are right about the av, spysweeper has one on it but i was thinking of getting avg. If the toolbar shows up again ill post, thanks for your help.
