"Registry Cleaner Recommend" pop up, Hijack Log

ljzmcm · 15-May-2008, 12:05 PM #1

I keep getting a "Registry Cleaner Recommended" pop up and have tried tons of things to get rid of it. CCleaner, Regfix, all do not work. Hijack i assume will find it but I dont know how to read logs, any help?

================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:42 AM, on 5/15/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\afinding.exe
C:\WINDOWS\System32\Atievxx.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system\proxy.exe
C:\WINDOWS\System32\perfs.exe
C:\WINDOWS\System32\routing.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\System32\wserving.exe
C:\WINDOWS\System32\config\svchost.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\System32\inf\svchosts.exe
C:\WINDOWS\System32\msspa.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\System32\config\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\config\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\Indt2.sys

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [lsass] C:\WINDOWS\TEMPlsetd.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [nyuserinit] C:\WINDOWS\System32\inf\svchosts.exe C:\WINDOWS\System32\lwfdfia16_080514.dll tanlt88
O4 - HKCU\..\Policies\Explorer\Run: [mscheck] rundll32.exe "C:\WINDOWS\System32\wicheck080513.dll" myjkl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: office.lnk = C:\WINDOWS\system\sgcxcxxaspf080514.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1204773496250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1206502362577
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\System32\afinding.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsService - Unknown owner - C:\WINDOWS\system\proxy.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\System32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\System32\routing.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\System32\wserving.exe

--
End of file - 3995 bytes
================================================================

ljzmcm · 15-May-2008, 04:32 PM #2

bump, help please!

ljzmcm · 15-May-2008, 04:50 PM #3

bump 2, S. O. S!

ljzmcm · 15-May-2008, 05:14 PM #4

biggity bumptified

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)