1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

clean my windows registry

Discussion in 'All Other Software' started by marthita, Apr 19, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. marthita

    marthita Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    3
    Hi I new in this, but i was reading and find out about some suspicious entries in the registry. I need that someone can look my hijackthis.log and tell me if there is something to delete. Thanks and i'll be waiting for an answer


    Logfile of HijackThis v1.97.7
    Scan saved at 12:15:23 p.m., on 19/04/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\ARCHIVOS DE PROGRAMA\HANDSPRING\HOTSYNC.EXE
    C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
    C:\ARCHIVOS DE PROGRAMA\ATNOTES\ATNOTES.EXE
    C:\ARCHIVOS DE PROGRAMA\HANDSPRING\ALARMAPP.EXE
    C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.6:8080
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: HotSync Manager.lnk = ?
    O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Startup: ATnotes.lnk = C:\Archivos de programa\ATnotes\ATnotes.exe
    O4 - Startup: Alarm Manager.LNK = C:\Archivos de programa\Handspring\AlarmApp.exe
    O8 - Extra context menu item: Get It With Kontiki - res://C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL/201
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
    O9 - Extra button: SEARCH (HKLM)
    O9 - Extra button: ANTIVIRUS (HKLM)
    O9 - Extra button: ENTERTAINMENT (HKLM)
    O9 - Extra button: SECURITY (HKLM)
    O9 - Extra button: SEARCH (HKLM)
    O9 - Extra button: ANTIVIRUS (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7.0) - http://www.epson.cl/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://207.79.139.204/mapas/mgaxctrl.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {436C49C7-2426-404D-932B-531973B44540} (Custodium.com) - http://www.custodium.com/cabs/custodium.cab
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://webcam.uoct.cl:8080/wg_webeye.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.5476273148
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = manquehue.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = manquehue.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.74.160.103,200.74.160.104
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Download CWShredder:
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    Unzip, run and hit the ->fix tab to fix all found problems

    CWShredder takes advantage of seurity holes in windows so you should install all critical as well as hotfixes available from windows update.


    Then repost a fresh Hijack this log .

    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ and save it to a folder on your desktop.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
     
  3. marthita

    marthita Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    3
    Thanks and here is a new hijack log
    Logfile of HijackThis v1.97.7
    Scan saved at 02:31:41 p.m., on 19/04/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
    C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\ARCHIVOS DE PROGRAMA\HANDSPRING\HOTSYNC.EXE
    C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
    C:\ARCHIVOS DE PROGRAMA\ATNOTES\ATNOTES.EXE
    C:\ARCHIVOS DE PROGRAMA\HANDSPRING\ALARMAPP.EXE
    C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.6:8080
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL
    O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\ARCHIVOS DE PROGRAMA\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Archivos de programa\Network Associates\VirusScan\AVSYNMGR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
    O4 - Startup: HotSync Manager.lnk = ?
    O4 - Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Startup: ATnotes.lnk = C:\Archivos de programa\ATnotes\ATnotes.exe
    O4 - Startup: Alarm Manager.LNK = C:\Archivos de programa\Handspring\AlarmApp.exe
    O8 - Extra context menu item: Get It With Kontiki - res://C:\ARCHIVOS DE PROGRAMA\KONTIKI\BIN\BH304181.DLL/201
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AOL - Mensajero Instantáneo® (HKLM)
    O9 - Extra button: ANTIVIRUS (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Smart Viewer 7.0) - http://www.epson.cl/viewer/activeXViewer/activexviewer.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://207.79.139.204/mapas/mgaxctrl.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {436C49C7-2426-404D-932B-531973B44540} (Custodium.com) - http://www.custodium.com/cabs/custodium.cab
    O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://webcam.uoct.cl:8080/wg_webeye.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.5476273148
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = manquehue.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = manquehue.net
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.74.160.103,200.74.160.104
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Rescan and put a check next to each of these then close all browser windows and click "fix checked"

    O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD0.DLL

    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
     
  5. marthita

    marthita Thread Starter

    Joined:
    Apr 19, 2004
    Messages:
    3
    Thank again and my last question is, i found a sotware xoftspy from paretologic, and when i scan my registry it say that i been spy programs (data miner and malware). I can send you a picture of the results os the scan. But I don´t known how, any email?
    I'll wait for your expert help before i do something. Perhaps there are another software better than xoftspy?

    (y)
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221919

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice