-
February 21st, 2004, 10:02 AM
#1
registry keys
i installed Advanced Uninstaller Pro to get rid of a program. i also ran all the internet and computer cleaners and stuff. i ran the registry cleanup, thinking that it would do my computer good but i guess it didnt. adaware finds nothing wrong in the registry, niether does norton. but everytime i run spybot it finds all of these things like registry change, wrong APP path, and back up files. none of those are immediate threats but i dont want to leave them like that. and no matter how many times i go to "fix selected problems" they always come back... is there anything i can do to fix my registry?
-
February 21st, 2004, 10:11 AM
#2
heres my hijack this log if it helps... i have no ideaaa
Logfile of HijackThis v1.97.7
Scan saved at 10:09:02 AM, on 2/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Alex\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
-
February 21st, 2004, 11:37 AM
#3
Geezer
Mmmm ... what I think is happening is that some of the stuff you have starting is just putting things back.
I think we need to know the exact wording of the stuff that won't go ...
-
February 21st, 2004, 11:52 AM
#4
Banned
Are you sure that is's Spybot giving these messages:
registry change, wrong APP path, and back up files.
Spybot shouldn't be finding these types of things. You must mean the reg checker, right? Other that finding these "problems" is there anything wrong with your PC and how it runs?
Hey -ed, what is this one:
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
download accelerator???
-
February 21st, 2004, 12:51 PM
#5
well my younger brother looks at porn and all these viruses came from his side on XP. i found a lot of junk in the temporary internet folders and even the Ncase installer. like i said, i used the Advanced uninstaller pro to get rid of some stuff on the computer then used the registry cleanup. i dont know exactly what it did, but ever since then im getting the registry stuff on spybot. with spybot, all im doing is the "check for problems". im pretty sure that the registry is the only messed up thing on my computer. ive been running scans like mad for the past 4 days and spybot is the only thing that comes up with anything.
heres all the spybot stuff
Windows Registry: setup.exe - Wrong app path
Windows Registry: winnt32. exe - Wrong app Path
Windows Registry: table30.exe - Wrong app path
Windows Registry: MsoHtmEd.exe - Wrong app path
Windows Registry: install.exe - Wrong app Path
Common Dialogs: History (8 files)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ComDlg32\OpenSaveMRU - Registry Key
Internet Explorer: Cookies (20 cookies)
C:\Documents and Settings\Alex\Cookies - Directory
Internet Explorer: Downloaded directry.....
i dont feel like typing out all the IE ones, but basically the spybot thinks all the cookies and history stuff is evil....Then spybot has all these backup files likee
Log: Activity: SchedLgU.Txt
C:\WINDOWS\SchedLgU.TXT
Log: Shutdown:System32\wbem\logs\wbemess.log
C:\WINDOWS\System32\wbem\logs\wbemess.log
then it has some more registry keys and registry changes with IE likeee
Windows Explorer: User Assistant history IE (9 files)
Windows Explorer: Run history (2 files)
Windows Explorer: Program run history (1 entries)
Windows Explorer: Last visited history (4 files)
there are a lot more...if you want some more in depth stuff just ask me for a screen shot, theres no way im typing all that out.... and now that i look at it, those are some major problems that its finding.
-
February 21st, 2004, 01:06 PM
#6
Banned
Do you have more that one partition? What is the full syntax of "wrong app path"? WinNt32.exe is the Dos mode/command prompt install for win2k, etc, and setup is what setup? Do you have another folder on a partition with an installation of 2k or xp? Table30.exe is for Adobe Acrobat. Do you dual boot?
Funny: your HiJack looks clean other than a few items that don't need to be there. Looks to me like you got all the junk already, which is good.
-
February 21st, 2004, 01:16 PM
#7
Originally Posted by TripleRLtd
Do you have more that one partition? What is the full syntax of "wrong app path"? WinNt32.exe is the Dos mode/command prompt install for win2k, etc, and setup is what setup? Do you have another folder on a partition with an installation of 2k or xp? Table30.exe is for Adobe Acrobat. Do you dual boot?
Funny: your HiJack looks clean other than a few items that don't need to be there. Looks to me like you got all the junk already, which is good.
erm.. i only have the c: ...and then i dont think i dual boot. and thennn i dont understand anything else.
-
February 21st, 2004, 02:07 PM
#8
Geezer
Originally Posted by TripleRLtd
Hey -ed, what is this one:
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
download accelerator???
Its a nasty apparently after much googling & wants gone ... I'd link you but the flaming sites (spywareinfo) busy being attacked ain't it ?
-
February 21st, 2004, 02:25 PM
#9
Registered User
The wrong app path messages are from spybot's reg checker. It means that the file is not located at the location where the registry thinks it is. After you click "fix selected problem", you have to provide a correct path to the file or delete the registry entry. If you just click ok or ignore, the messages are going to come back.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks