1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

regedit.exe problem [HijackThis Log]

Discussion in 'Malware and Virus Removal Archive' started by HCJ444, 2006/01/09.

  1. 2006/01/09
    HCJ444

    HCJ444 Inactive Thread Starter

    Joined:
    2006/01/08
    Messages:
    1
    Likes Received:
    0
    Been having a problem with this for a while now and in the past few days is has gotten to be really bad. Right when I start the computer windows start popping up saying 'Registry editing has been disabled by your administator.'
    This is most likely viral and I have no idea how to get rid of it. Here are the results of the hijackthis that I did.
    Logfile of HijackThis v1.99.1
    Scan saved at 3:20:52 PM, on 1/8/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\ufhu.exe
    C:\WINDOWS\System32\legend.exe
    C:\WINDOWS\System32\MsnChat.exe
    C:\WINDOWS\System32\w3st.exe
    C:\WINDOWS\System32\update.exe
    C:\WINDOWS\System32\hkkzt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\iexplore.exe
    C:\WINDOWS\Nhksrv.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\zilpe\zlip.exe
    C:\WINDOWS\System32\Ghost.exe
    C:\WINDOWS\regedit.exe
    C:\Documents and Settings\Hank\Desktop\HijackThis.exe
    C:\WINDOWS\regedit.exe
    C:\WINDOWS\regedit.exe
    C:\WINDOWS\regedit.exe
    C:\WINDOWS\regedit.exe
    C:\WINDOWS\regedit.exe
    C:\WINDOWS\mPsvc64.exe
    C:\WINDOWS\regedit.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.directsearchzone.com/sp2.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972}_ - (no file)
    F2 - REG:system.ini: Shell=explorer.exe 4DFlowerBox.scr
    F3 - REG:win.ini: load=iexplore.exe
    F3 - REG:win.ini: run=iexplore.exe
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [strtas] lo31.exe
    O4 - HKLM\..\Run: [System Updates] ufhu.exe
    O4 - HKLM\..\Run: [winconfig] vwtcw.exe
    O4 - HKLM\..\Run: [winsconfig] max.com
    O4 - HKLM\..\Run: [] C:\Program Files\zilpe\zlip.exe
    O4 - HKLM\..\Run: [MCX Update] op1.exe
    O4 - HKLM\..\Run: [Launch Norton AntiVirus 2000] kimdf.exe
    O4 - HKLM\..\Run: [Windows Workstation Service] legend.exe
    O4 - HKLM\..\Run: [Microsoft Update 32] MsnChat.exe
    O4 - HKLM\..\Run: [MSN MESSENGER ISP] w3st.exe
    O4 - HKLM\..\Run: [Service Monitor] update.exe
    O4 - HKLM\..\Run: [Coder Lovely] hkkzt.exe
    O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\mPsvc64.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LonPS2] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
    O4 - HKLM\..\Run: [ShellRun32] C:\WINDOWS\System32\iexplore.exe
    O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\System32\dll\conf\x\Ghost.exe
    O4 - HKLM\..\Run: [meshal] C:\WINDOWS\System32\m1RC.exe
    O4 - HKLM\..\Run: [Task manager] taskmgr.exe
    O4 - HKLM\..\Run: [SECRETSERVICE] C:\WINDOWS\System32\Ghost.exe
    O4 - HKLM\..\RunServices: [strtas] lo31.exe
    O4 - HKLM\..\RunServices: [System Updates] ufhu.exe
    O4 - HKLM\..\RunServices: [winconfig] vwtcw.exe
    O4 - HKLM\..\RunServices: [winsconfig] max.com
    O4 - HKLM\..\RunServices: [MCX Update] op1.exe
    O4 - HKLM\..\RunServices: [Launch Norton AntiVirus 2000] kimdf.exe
    O4 - HKLM\..\RunServices: [Windows Workstation Service] legend.exe
    O4 - HKLM\..\RunServices: [Microsoft Update 32] MsnChat.exe
    O4 - HKLM\..\RunServices: [MSN MESSENGER ISP] w3st.exe
    O4 - HKLM\..\RunServices: [Service Monitor] update.exe
    O4 - HKLM\..\RunServices: [Coder Lovely] hkkzt.exe
    O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\mPsvc64.exe
    O4 - HKLM\..\RunServices: [SERV PacK2] NuRx.exe
    O4 - HKLM\..\RunServices: [System Service] Ruff.exe
    O4 - HKLM\..\RunServices: [Shell32] C:\WINDOWS\System32\iexplore.exe
    O4 - HKLM\..\RunServices: [Task manager] taskmgr.exe
    O4 - HKCU\..\Run: [strtas] lo31.exe
    O4 - HKCU\..\Run: [System Updates] ufhu.exe
    O4 - HKCU\..\Run: [Windows Workstation Service] legend.exe
    O4 - HKCU\..\Run: [REGEDIT] C:\WINDOWS\System32\ferwhz\zlip3254.exe
    O4 - HKCU\..\Run: [MSN MESSENGER ISP] w3st.exe
    O4 - HKCU\..\Run: [Windows Update Manager] C:\WINDOWS\mPsvc64.exe
    O4 - HKCU\..\Run: [Task manager] taskmgr.exe
    O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
    O4 - HKCU\..\RunServices: [System Updates] ufhu.exe
    O4 - HKCU\..\RunServices: [Windows Workstation Service] legend.exe
    O4 - HKCU\..\RunServices: [MSN MESSENGER ISP] w3st.exe
    O4 - Global Startup: bslogitech.exe
    O4 - Global User Startup: bslogitech.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) - http://www.powerflasher.de/plugin/powerres.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {69DEAF94-AF66-11D3-BEC0-00105AA9B6AE} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe


    All help appreciated.:D
     
    HCJ444,
    #1
  2. 2006/02/05
    HumBug

    HumBug Well-Known Member

    Joined:
    2002/06/20
    Messages:
    151
    Likes Received:
    0
    HumBug,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...