1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible RootKit

Discussion in 'Virus & Other Malware Removal' started by Exerticus, Sep 30, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Exerticus

    Exerticus Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    4
    Recently, every time that I start up my computer I get an error message that appears, saying that one or more registry files had to be recovered or copied from a previous registry backup. This is really all that has been happening, lately anyway. No recurring error for me is really small enough for me to just leave alone, and so I ran a virus scan, which as it scanned through my Windows folder and Registry files, alternating between the two of them in an AVG quick scan, my computer quickly crashed and restarted. So, I wanted to make sure that this wasn't just a small error, I did the same thing two more times and each time I was given the same result. I went into safe mode and did a full scan of both my hard drives in AVG, found a few things, got rid of them, and booted back up normally. I was greeted with the same error message as before. Looking further into my AVG scan settings, to make sure I didn't miss anything, I came across the discovery that the 'Scan for RootKits' option had been unchecked and grayed out. Given the facts that the computer crashes during a scan when it reaches the registry files/windows files, and that the scanning option for RootKits has been strangely grayed out and unchecked, I can't help but think that it might be one. Sure, it isn't doing anything major, yet, but I really don't want to wait until something major does happen before I try and get rid of it. I downloaded various anti-RootKit programs DarkSpy and IceSword being two of them, each of them came up negative for RootKits, however, when I got DarkSpy to run before the error message appeared, it came up with one process marked in red, but it quickly disappeared after the error message came up. If you could help me out with this, then I would appreciate it. I run Windows XP by the way. I doubt you could find anything very useful in this log, but I might as well post it up anyway on the off-chance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:41:57 PM, on 9/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Unlocker\UnlockerAssistant.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe D:\WINDOWS\RTHDCPL.EXE D:\PROGRA~1\AVG\AVG8\avgtray.exe D:\Program Files\Razer\DeathAdder\razerhid.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe D:\Program Files\GameTracker\GameTracker.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe D:\Program Files\Bret Taylor\Stickies\Stickies.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe D:\Program Files\Registry Mechanic\RegMech.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Razer\DeathAdder\razertra.exe D:\Program Files\Razer\DeathAdder\razerofa.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\explorer.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Steam\Steam.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adparatus - {8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Duhiki - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [DeathAdder] D:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [GameTracker] "D:\Program Files\GameTracker\GameTracker.exe" O4 - HKCU\..\Run: [Stickies] D:\Program Files\Bret Taylor\Stickies\Stickies.exe O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /H O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVP Monitor.lnk = D:\Program Files\AntiViral Toolkit Pro\avpm.exe O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8477 bytes
     
  2. Exerticus

    Exerticus Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    4
  3. Exerticus

    Exerticus Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    4
  4. Exerticus

    Exerticus Thread Starter

    Joined:
    Sep 30, 2008
    Messages:
    4
    Update: Now, when I run the program RegCure, as it gets to File/Path References, during the middle of the scan, it always ends up closing instantly. This happens in the same area of the registry that the computer crashes in the AVG scan.
     
  5. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    RegCure is one of the crummiest programs around. It breaks more than it ever fixes.

    Can you post your log again this time turning WORD WRAP off.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/754942

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice