Author Topic: Registry.... (Read 37967 times)

evilfantasy · « **Reply #15 on:** August 07, 2008, 01:28:37 PM »

Let's do this.

Download Combofix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

When finished ComboFix will produce a log for you.Post that log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

tina1rules · « **Reply #16 on:** August 07, 2008, 01:50:35 PM »

ok what did I do wrong..it is saying I cannot rename combo fix

evilfantasy · « **Reply #17 on:** August 07, 2008, 01:58:22 PM »

Have you already ran or have downloaded ComboFix?

tina1rules · « **Reply #18 on:** August 07, 2008, 02:00:31 PM »

I have AVG.

When I clicked the link iseen the term URLSEEK or something to that effect,I have seen that on my computer a couple times dodnn't know what is though.
And I have never heard of Combo Fix...so No

evilfantasy · « **Reply #19 on:** August 07, 2008, 02:13:22 PM »

What does it say exactly?

When you download it try renaming it before you save it to the Desktop. Name it Combo-Fix then try to save it.

tina1rules · « **Reply #20 on:** August 07, 2008, 06:49:44 PM »

ComboFix 08-08-07.01 - Owner 2008-08-07 18:33:02.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 03:12 . 2008-08-07 03:12   <DIR>   d--------   C:\Program Files\Glary Utilities
2008-07-28 09:55 . 2008-07-28 09:55   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-07-28 01:10 . 2008-07-28 12:07   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-07-28 00:55 . 2008-07-28 00:55   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-28 00:55 . 2008-08-02 09:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-28 00:55 . 2008-07-28 00:55   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-28 00:55 . 2008-07-28 00:55   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-28 00:55 . 2008-07-28 00:55   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Program Files\AVG
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 00:20 . 2008-07-28 00:20   <DIR>   d--------   C:\Documents and Settings\Super\Application Data\VersionTracker Pro
2008-07-25 18:02 . 2008-07-25 18:02   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2008-07-25 17:57 . 2008-07-25 17:57   <DIR>   d--------   C:\Program Files\TechTracker
2008-07-25 17:50 . 2008-07-25 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a--c---   C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a--c---   C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a--c---   C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-13 21:45 . 2008-07-13 21:47   <DIR>   d--------   C:\Program Files\Dofus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:16   ---------   d-----w   C:\Program Files\PokerStars
2008-08-07 18:21   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-08-07 15:47   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 15:47   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 06:13   ---------   d-----w   C:\Program Files\PopsMedia
2008-07-28 04:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-25 21:49   ---------   d-----w   C:\Program Files\Yahoo!
2008-07-25 21:49   ---------   d-----w   C:\Program Files\DivX
2008-07-02 03:52   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-02 03:51   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\TrueSwitch
2008-07-02 01:27   ---------   d-----w   C:\Program Files\Java
2008-06-25 00:47   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-25 00:47   ---------   d-----w   C:\Program Files\AIM6
2008-06-24 01:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 01:25   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-06-11 00:04   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-05-09 01:19   1,752   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-02-05 04:38   40   ----a-w   C:\Documents and Settings\Owner\language.dat
2007-10-06 14:08   8,088   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-05-18 20:17   300,680   ------w   C:\Documents and Settings\All Users\Application Data\arclib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 20:42 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 10:00 38128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 08:09 139264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-18 11:49 98304]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 00:55 1232152]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-05-18 11:48:11 2168360]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-25 17:57:35 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"YPCService"=3 (0x3)
"VETMSGNT"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"mcmispupdmgr"=3 (0x3)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"CAISafe"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

tina1rules · « **Reply #21 on:** August 07, 2008, 06:51:18 PM »

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 00:55]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 00:55]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 00:55]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 00:55]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2007-05-18 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0akcqlp.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:37:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 18:43:38
ComboFix-quarantined-files.txt 2008-08-07 22:43:34
ComboFix2.txt 2008-08-07 20:44:23

Pre-Run: 72,366,936,064 bytes free
Post-Run: 72,362,270,720 bytes free

184   --- E O F ---   2008-02-14 08:56:49
ComboFix 08-08-07.01 - Owner 2008-08-07 18:33:02.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 03:12 . 2008-08-07 03:12   <DIR>   d--------   C:\Program Files\Glary Utilities
2008-07-28 09:55 . 2008-07-28 09:55   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-07-28 01:10 . 2008-07-28 12:07   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-07-28 00:55 . 2008-07-28 00:55   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-28 00:55 . 2008-08-02 09:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-28 00:55 . 2008-07-28 00:55   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-28 00:55 . 2008-07-28 00:55   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-28 00:55 . 2008-07-28 00:55   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Program Files\AVG
2008-07-28 00:54 . 2008-07-28 00:54   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 00:20 . 2008-07-28 00:20   <DIR>   d--------   C:\Documents and Settings\Super\Application Data\VersionTracker Pro
2008-07-25 18:02 . 2008-07-25 18:02   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\VersionTracker Pro
2008-07-25 17:57 . 2008-07-25 17:57   <DIR>   d--------   C:\Program Files\TechTracker
2008-07-25 17:50 . 2008-07-25 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-15 21:12 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-07-15 21:12 . 2004-08-04 00:56   21,504   --a--c---   C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-15 21:12 . 2004-08-03 22:58   14,848   --a--c---   C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-07-15 21:12 . 2001-08-17 14:02   9,600   --a--c---   C:\WINDOWS\system32\dllcache\hidusb.sys
2008-07-13 21:45 . 2008-07-13 21:47   <DIR>   d--------   C:\Program Files\Dofus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:16   ---------   d-----w   C:\Program Files\PokerStars
2008-08-07 18:21   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-08-07 15:47   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 15:47   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 06:13   ---------   d-----w   C:\Program Files\PopsMedia
2008-07-28 04:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-25 21:49   ---------   d-----w   C:\Program Files\Yahoo!
2008-07-25 21:49   ---------   d-----w   C:\Program Files\DivX
2008-07-02 03:52   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-07-02 03:51   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\TrueSwitch
2008-07-02 01:27   ---------   d-----w   C:\Program Files\Java
2008-06-25 00:47   ---------   d-----w   C:\Program Files\Viewpoint
2008-06-25 00:47   ---------   d-----w   C:\Program Files\AIM6
2008-06-24 01:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-06-24 01:26   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 01:25   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-06-11 00:04   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-05-09 01:19   1,752   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-02-05 04:38   40   ----a-w   C:\Documents and Settings\Owner\language.dat
2007-10-06 14:08   8,088   ----a-w   C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2007-05-18 20:17   300,680   ------w   C:\Documents and Settings\All Users\Application Data\arclib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 20:42 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"PlayNC Launcher"="C:\program files\ncsoft\launcher\NCLauncher.exe" [2007-08-21 10:00 38128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-08-27 08:09 139264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-18 11:49 98304]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 00:55 1232152]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-05-18 11:48:11 2168360]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-25 17:57:35 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"YPCService"=3 (0x3)
"VETMSGNT"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"mcmispupdmgr"=3 (0x3)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"CAISafe"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 00:55]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-28 00:55]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 00:55]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-28 00:55]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2007-05-18 C:\WINDOWS\Tasks\ISP signup reminder 2.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0akcqlp.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:37:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 18:43:38
ComboFix-quarantined-files.txt 2008-08-07 22:43:34
ComboFix2.txt 2008-08-07 20:44:23

Pre-Run: 72,366,936,064 bytes free
Post-Run: 72,362,270,720 bytes free

184   --- E O F ---   2008-02-14 08:56:49

evilfantasy · « **Reply #22 on:** August 07, 2008, 07:00:02 PM »

Looks OK.

Delete ComboFix. It is a powerful tool and not needed for everyday use as it can easily destroy a system if not treated with care.

Please delete this file

C:\Documents and Settings\Owner\My Documents\ComboFix.exe

----------

place the XP CD in the CD drive.

Follow the instructions below:

Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
- Let this run undisturbed until the window with the blue progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage.
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

How is everything now?

tina1rules · « **Reply #23 on:** August 15, 2008, 02:36:09 PM »

ok I have a question. I can't find my xp disk,but I do have a windows xp office disk
Can I use this to do the process above,and should I go back and hide my folders that I unhid on page one?

evilfantasy · « **Reply #24 on:** August 15, 2008, 02:41:24 PM »

Yes rehide your folders. No the office disk won't work. Do you have a friend that has an XP disk? It would have to b ethe same as you have either XP Home or Pro.

tina1rules · « **Reply #25 on:** August 15, 2008, 03:09:31 PM »

I am sure I do have to make some calls now lol

and thank you for helping me.

evilfantasy · « **Reply #26 on:** August 15, 2008, 03:19:05 PM »

No problem.

tina1rules · « **Reply #27 on:** August 15, 2008, 09:12:54 PM »

okay so I can't get a disk at the moment but I will.
I notied I didn't answer one of your questions and actually mi stated something. I think I actually UNINSTALLED a program incorectly. I got some stupid updates a long time ago....installed they were retarded so I wanted to uninstall it. It happened to be a Norten program. I notce I still have Smnatec in the HJT log. How in the world do you get symnatec out of my computer? So I was ntil I get a disk if someone can help get any symatec or Mcafee(if you see any) off my puter. Thanks

evilfantasy · « **Reply #28 on:** August 15, 2008, 10:29:55 PM »

Norton Removal Tool (SymNRT)

McAfee Consumer Product Removal Tool

tina1rules · « **Reply #29 on:** August 15, 2008, 11:47:03 PM »

If my computer had a face at the moment I would punch it,grrr.Niether pages will work. The Norten one goes to he page where it says sending you Nortenexe,then after a few secs I get a cannot display page.

And I think the Mcafee one is working now,but it seems to be frozen...

Computer Hope Forum

News:

Author Topic: Registry.... (Read 37967 times)

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....

evilfantasy

Re: Registry....

tina1rules

Re: Registry....