|
|
|
Logfile of HijackThis v1.99.1 need help
|
|
|
kwakaman
Newbie
|
6. August 2007 @ 05:53 |
Link to this message
|
I've been having problems with my pc, all sorts of wierd things seem to happen. For example uninstall doesn't seem to work, Can't view video on msn but can on you tube, lost "show desk top" icon in task bar but have an unknown file type SCF 79 bytes. Windows office installer runs and says that it cannot find the DATA1 file. Other odd things I can't remember right now.
I have run Regcure, AVG free edition virus scanner and AVG anti-spyware. The virus scanner found two possible threats in winnt/system32/xunzip30.ocx and xzipper30.ocx which are now in the virus vault and seem to have come from trying to unistall registry patrol which I've manually deleted.
Can you help?
Logfile of HijackThis v1.99.1
Scan saved at 14:25:16, on 06/08/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1185538282079
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1185546504108
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3457CB0-36C4-4A98-8044-97D927037422}: NameServer = 194.106.56.6 194.106.33.42
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
|
|
Advertisement
|
 |
|
|
|
Auttaja
Suspended permanently
|
7. August 2007 @ 09:05 |
Link to this message
|
Create Uninstall list
[*]Open HiJackThis
[*] Click on the configure button on the bottom right
[*] Click on the tab "Misc Tools"
[*] Click on the Box that says "Open Uninstall Manager.."
[*] Click on the button "Save list"
[*] Copy and past the List from notepad into your post
This message has been edited since posting. Last time this message was edited on 7. August 2007 @ 09:05
|
|
kwakaman
Newbie
|
8. August 2007 @ 00:06 |
Link to this message
|
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
ArcSoft PhotoBase
AVG 7.5
BeWAN ADSL modem
Canon Camera Support Core Library
Canon Camera TWAIN Driver 6.6
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon i550
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
DP Editor Ver.1.0
Exif Launcher Ver.1.0
Exif Viewer Ver.1.1
HijackThis 2.0.2
InCD (Ahead Software)
Microsoft Office 2000 Premium
Mozilla Firefox (2.0.0.6)
Nero - Burning Rom
NVIDIA Drivers
QuickTime
RegCure 1.4.0.4
Scan Manager 5.2
Security Update for Windows Media Player 9 (KB917734)
SideWinder Precision 2
Sound Blaster Audigy
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB904706
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933566
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
|
|
kwakaman
Newbie
|
8. August 2007 @ 00:40 |
Link to this message
|
And here is the log from combofix, SpeedUpMyPC should have deleted and I don't recognize RegistrySmart.
Thanks for the help.
ComboFix 07-08-07.6 - "Rob" 08/08/2007 9:21:56.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.1546 [GMT 1:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1.\salesmonitor
((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))
2007-08-08 09:21 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_370.dat
2007-08-08 09:19 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-08 08:55 d-------- C:\Program Files\Trend Micro
2007-08-07 19:41 d-------- C:\Lotus
2007-08-07 19:41 d-------- C:\Lizzie
2007-08-06 10:33 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-08-06 10:33 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-08-06 10:33 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-08-06 10:33 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-08-06 10:33 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-08-06 10:33 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-08-06 10:33 192,512 --a--c--- C:\WINNT\system32\dllcache\unregmp2.exe
2007-08-05 12:22 d-------- C:\unzipped
2007-08-04 14:13 d-------- C:\Program Files\RegCure
2007-08-03 19:46 d-------- C:\DOCUME~1\JOSH~3.GOR\APPLIC~1\Creative
2007-08-03 19:37 299,008 --ah----- C:\DOCUME~1\JOSH~3.GOR\NTUSER.DAT
2007-08-03 19:03 9,728 --a--c--- C:\WINNT\system32\dllcache\npwmsdrm.dll
2007-08-03 19:03 82,432 --a--c--- C:\WINNT\system32\dllcache\drmstor.dll
2007-08-03 19:03 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-08-03 19:03 301,712 --a--c--- C:\WINNT\system32\dllcache\drmclien.dll
2007-08-03 19:03 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-08-03 18:19 69,392 --a------ C:\WINNT\system32\olecli32.dll
2007-08-03 18:19 483,600 -----c--- C:\WINNT\system32\dllcache\ntdll.dll
2007-08-03 18:19 42,256 -----c--- C:\WINNT\system32\dllcache\mqdssrv.dll
2007-08-03 18:19 23,824 -----c--- C:\WINNT\system32\dllcache\mqupgrd.dll
2007-08-03 18:19 196,880 -----c--- C:\WINNT\system32\dllcache\osloader.exe
2007-08-02 15:20 3,968 --a------ C:\WINNT\system32\drivers\AvgArCln.sys
2007-08-01 14:06 d---s---- C:\DOCUME~1\Josh\UserData
2007-08-01 09:24 d-------- C:\Program Files\Adaptec
2007-07-31 09:48 d-------- C:\DOCUME~1\Josh\APPLIC~1\Creative
2007-07-31 09:47 335,872 --ah----- C:\DOCUME~1\Josh\NTUSER.DAT
2007-07-30 16:32 62,464 --a------ C:\WINNT\system32\CNDPTPC.dll
2007-07-30 16:32 117,760 --a------ C:\WINNT\system32\CNDPTPU.dll
2007-07-30 13:44 26,944 --------- C:\WINNT\system32\drivers\avg7rsnt.sys
2007-07-29 21:00 d-------- C:\Program Files\inKline Global
2007-07-29 13:58 d-------- C:\DOCUME~1\ADMINI~1.GOR\APPLIC~1\Creative
2007-07-28 13:08 d-------- C:\DOCUME~1\Lizzie\APPLIC~1\Creative
2007-07-27 18:25 58,128 -----c--- C:\WINNT\system32\dllcache\rasman.dll
2007-07-27 18:25 56,592 -----c--- C:\WINNT\system32\dllcache\msasn1.dll
2007-07-27 18:25 531,216 -----c--- C:\WINNT\system32\dllcache\rasdlg.dll
2007-07-27 18:25 483,600 --a------ C:\WINNT\system32\NTDLL.DLL
2007-07-27 18:25 401,168 -----c--- C:\WINNT\system32\dllcache\advapi32.dll
2007-07-27 18:25 36,624 -----c--- C:\WINNT\system32\dllcache\olecnv32.dll
2007-07-27 18:25 35,088 -----c--- C:\WINNT\system32\dllcache\csrsrv.dll
2007-07-27 18:25 33,552 -----c--- C:\WINNT\system32\dllcache\lsass.exe
2007-07-27 18:25 266,000 -----c--- C:\WINNT\system32\dllcache\localspl.dll
2007-07-27 18:25 200,464 -----c--- C:\WINNT\system32\dllcache\rasapi32.dll
2007-07-27 18:25 125,200 -----c--- C:\WINNT\system32\dllcache\msv1_0.dll
2007-07-27 18:24 973,072 --a------ C:\WINNT\system32\sfcfiles.dll
2007-07-27 18:24 957,712 --a------ C:\WINNT\system32\OLE32.DLL
2007-07-27 18:24 726,800 --a------ C:\WINNT\system32\msdtcprx.dll
2007-07-27 18:24 57,104 --a--c--- C:\WINNT\system32\dllcache\w32tm.exe
2007-07-27 18:24 57,104 --a------ C:\WINNT\system32\wlnotify.dll
2007-07-27 18:24 57,104 --a------ C:\WINNT\system32\w32tm.exe
2007-07-27 18:24 53,008 --a--c--- C:\WINNT\system32\dllcache\agentdpv.dll
2007-07-27 18:24 52,496 --a------ C:\WINNT\system32\mtxclu.dll
2007-07-27 18:24 513,808 --a------ C:\WINNT\system32\LSASRV.DLL
2007-07-27 18:24 48,400 --a--c--- C:\WINNT\system32\dllcache\w32time.dll
2007-07-27 18:24 48,400 --a------ C:\WINNT\system32\w32time.dll
2007-07-27 18:24 399,120 --a------ C:\WINNT\system32\USERENV.DLL
2007-07-27 18:24 398,608 --a------ C:\WINNT\system32\txfaux.dll
2007-07-27 18:24 29,456 --a--c--- C:\WINNT\system32\dllcache\vdmdbg.dll
2007-07-27 18:24 29,456 --a------ C:\WINNT\system32\vdmdbg.dll
2007-07-27 18:24 261,904 --a------ C:\WINNT\system32\scesrv.dll
2007-07-27 18:24 242,448 --a------ C:\WINNT\system32\es.dll
2007-07-27 18:24 239,888 --a------ C:\WINNT\system32\wow32.dll
2007-07-27 18:24 212,240 --a------ C:\WINNT\system32\rpcss.dll
2007-07-27 18:24 186,640 --a------ C:\WINNT\system32\WINLOGON.EXE
2007-07-27 18:24 17,680 --a------ C:\WINNT\system32\seclogon.dll
2007-07-27 18:24 17,680 --a------ C:\WINNT\system32\linkinfo.dll
2007-07-27 18:24 167,184 --a------ C:\WINNT\system32\WINTRUST.DLL
2007-07-27 18:24 146,192 --a------ C:\WINNT\system32\WLDAP32.DLL
2007-07-27 18:24 1,471,248 --a------ C:\WINNT\system32\comsvcs.dll
2007-07-27 18:24 1,202,448 --a--c--- C:\WINNT\system32\dllcache\msdtctm.dll
2007-07-27 18:24 1,202,448 --a------ C:\WINNT\system32\msdtctm.dll
2007-07-27 18:23 78,096 --a------ C:\WINNT\system32\cryptsvc.dll
2007-07-27 18:23 71,440 --a--c--- C:\WINNT\system32\dllcache\browser.dll
2007-07-27 18:23 71,440 --a------ C:\WINNT\system32\browser.dll
2007-07-27 18:23 63,760 --a--c--- C:\WINNT\system32\dllcache\adsmsext.dll
2007-07-27 18:23 63,760 --a------ C:\WINNT\system32\adsmsext.dll
2007-07-27 18:23 563,984 --a------ C:\WINNT\system32\CRYPT32.DLL
2007-07-27 18:23 56,080 --a------ C:\WINNT\system32\cabinet.dll
2007-07-27 18:23 549,136 --a------ C:\WINNT\system32\netcfgx.dll
2007-07-27 18:23 49,424 --a------ C:\WINNT\system32\EVENTLOG.DLL
2007-07-27 18:23 46,352 --a------ C:\WINNT\system32\BASESRV.DLL
2007-07-27 18:23 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2007-07-27 18:23 366,864 --a------ C:\WINNT\system32\NETLOGON.DLL
2007-07-27 18:23 338,704 --a------ C:\WINNT\system32\MSGINA.DLL
2007-07-27 18:23 299,792 --a--c--- C:\WINNT\system32\dllcache\dsprop.dll
2007-07-27 18:23 299,792 --a------ C:\WINNT\system32\dsprop.dll
2007-07-27 18:23 29,968 --a------ C:\WINNT\system32\profmap.dll
2007-07-27 18:23 236,816 --a--c--- C:\WINNT\system32\dllcache\cmd.exe
2007-07-27 18:23 236,816 --a------ C:\WINNT\system32\cmd.exe
2007-07-27 18:23 14,096 --a--c--- C:\WINNT\system32\dllcache\ntvdmd.dll
2007-07-27 18:23 14,096 --a------ C:\WINNT\system32\ntvdmd.dll
2007-07-27 18:23 134,928 --a------ C:\WINNT\system32\adsldpc.dll
2007-07-27 18:23 130,832 --a--c--- C:\WINNT\system32\dllcache\adsldp.dll
2007-07-27 18:23 130,832 --a------ C:\WINNT\system32\adsldp.dll
2007-07-27 18:23 122,128 --a------ C:\WINNT\system32\mstask.exe
2007-07-27 18:23 117,520 --a------ C:\WINNT\system32\PSBASE.DLL
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
30/07/07 16:32 --------- d-a------ C:\Program Files\Canon
30/07/07 12:03 --------- d-a------ C:\Program Files\ahead
30/07/07 12:00 --------- d--h----- C:\Program Files\InstallShield Installation Information
28/07/07 11:38 --------- d-------- C:\DOCUME~1\Rob\APPLIC~1\Uniblue
27/07/07 19:06 --------- d-a------ C:\Program Files\Paint Shop Pro 5
27/07/07 17:28 --------- d-a------ C:\Program Files\Windows NT
27/07/07 15:29 --------- d-------- C:\Program Files\Google
27/07/07 12:37 --------- d-ah----- C:\Program Files\WindowsUpdate
26/07/07 21:27 --------- d-------- C:\Program Files\PCRescue4.0
24/07/02 12:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
22/05/07 19:14 8784 --------- C:\WINNT\system32\ractrlkeyhook.dll
17/07/07 13:22 --------- d-------- C:\DOCUME~1\Rob\APPLIC~1\Real
16/07/07 09:25 --------- d-------- C:\Program Files\HTMLValidator80
16/07/07 07:47 --------- d-------- C:\Program Files\HTMLValidator70
15/06/02 16:23 1803848 --a------ C:\Program Files\winzip81.exe
12/06/07 13:54 --------- d-------- C:\DOCUME~1\Rob\APPLIC~1\RegistrySmart
07/08/07 19:49 24 --a------ C:\WINNT\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-00531102}.dat
07/08/07 19:49 24 --a------ C:\WINNT\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-00531102}.dat
06/08/07 10:33 --------- d-------- C:\Program Files\Common Files\Adaptec Shared
06/08/07 09:53 --------- d-a------ C:\Program Files\QuickTime
05/05/05 14:38 120480 --a------ C:\Program Files\Download Paint_Shop_Pro_9_IE now.exe
03/08/03 16:18 271 ---h----- C:\Program Files\desktop.ini
03/08/03 16:18 21952 ---h----- C:\Program Files\folder.htt
01/06/07 13:06 2514328 --------- C:\WINNT\system32\csevalidator.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 20:05 C:\WINNT\system32\mobsync.exe]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [20/04/01 15:52 ]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [23/06/06 17:49 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [30/07/07 13:44 ]
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [09/07/01 03:50 ]
"RegShave"="C:\Progra~1\REGSHAVE\REGSHAVE.exe" [24/04/00 12:26 ]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [26/12/01 02:00 ]
"AdslTaskBar"="stmctrl.dll" [01/12/04 16:53 C:\WINNT\system32\stmctrl.dll]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-gb\msnappau.exe" [13/08/04 17:41 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [27/07/07 16:15 ]
"nwiz"="nwiz.exe" [23/06/06 17:49 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [23/06/06 17:49 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/08/07 19:30 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/04/07 12:13 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
R0 hpt3xx;hpt3xx;C:\WINNT\system32\DRIVERS\hpt3xx.sys
R0 hptpro;hptpro;C:\WINNT\system32\DRIVERS\hptpro.sys
R1 Avg7RsNT;AVG7 Rezident Driver;C:\WINNT\system32\Drivers\avg7rsnt.sys
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINNT\system32\drivers\e10kx2k.sys
R3 Stmatm;ATM/ADSL miniport;C:\WINNT\system32\DRIVERS\stmatm.sys
R3 sunkfilt62;USB 6/1 Driver;C:\WINNT\system32\DRIVERS\sunkfilt62.sys
R3 tap0801;TAP-Win32 Adapter V8;C:\WINNT\system32\DRIVERS\tap0801.sys
R3 TaurusPci;ADSL Modem PCI Service;C:\WINNT\system32\DRIVERS\toruspci.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINNT\system32\drivers\LMIRfsDriver.sys
S3 AtmElan;ATM Emulated LAN;C:\WINNT\system32\DRIVERS\atmlane.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINNT\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINNT\system32\DRIVERS\HIDSwvd.sys
S3 lmimirr;lmimirr;C:\WINNT\system32\DRIVERS\lmimirr.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys
S3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys
S4 BsUDF;InCD UDF Driver;C:\WINNT\system32\drivers\BsUDF.sys
Contents of the 'Scheduled Tasks' folder
2007-08-08 07:38:40 C:\WINNT\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-04 13:13:43 C:\WINNT\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-06-12 12:44:16 C:\WINNT\Tasks\RegistrySmart Scheduled Scan.job - C:\Program Files\RegistrySmart\RegistrySmart.exe
2007-08-06 08:27:02 C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-14 14:38:55 C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 09:24:01
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D312AEC5-3C38-74AF-2D85-472711F5A0DB}]
"fbpflkbfmeppnflifcpoadflckfdabdkigjancehmkja?"=hex:66,61,6d,66,62,6a,6d,61,63,6a,61,6b,00,00
"naiifbdpekmpcimpchaegikjdlbf?"=hex:6a,61,70,66,62,6a,66,66,67,62,66,66,70,6b,68,65,6a,6d,6b,67,00,..
"macidcabpmdnleapbghbfneihp?"=hex:6a,61,70,66,62,6a,66,66,67,62,66,66,70,6b,68,65,6a,6d,6b,67,00,..
scanning hidden files ...
**************************************************************************
Completion time: 08/08/2007 9:25:12
--- E O F ---
|
|
Auttaja
Suspended permanently
|
8. August 2007 @ 02:28 |
Link to this message
|
|
|
Advertisement
|
|
|
|
kwakaman
Newbie
|
8. August 2007 @ 04:57 |
Link to this message
|
|
OK, done that now what.
I have used regcure in the past without a problem.
|
|
