Thread: i cant get rid of StrongestOptimizer
View Single Post
Old 05-07-2007, 02:15 PM   #3 (permalink)
Quanta123
Registered User
 
Join Date: May 2007
Posts: 31
OS: XP


Re: i cant get rid of StrongestOptimizer
Thx for reply. I really cant see the H-J-T forum. The browser immediately shuts down. Heres the Log:

"Jorge Martins" - 2007-05-07 21:01:54 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))


2007-05-06 20:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-06 20:20 <DIR> d-------- C:\Programas\Your Uninstaller 2006
2007-05-06 20:20 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\URSoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 20:46:22 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\about amok
2007-05-06 19:20:07 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\URSoft
2007-05-06 19:13:35 -------- d--h--w C:\Programas\InstallShield Installation Information
2007-05-06 19:11:55 -------- d-----w C:\Programas\GameSpy Arcade
2007-05-06 19:11:08 -------- d-----w C:\Programas\Finale 2003
2007-05-06 18:46:04 -------- d-----w C:\Programas\eMule
2007-04-25 18:48:41 -------- d-----w C:\Programas\TVU Player
2007-04-25 18:11:45 -------- d-----w C:\Programas\PartyGaming.Net
2007-03-25 17:22:30 64,140 ----a-w C:\WINDOWS\system32\perfc016.dat
2007-03-25 17:22:30 428,328 ----a-w C:\WINDOWS\system32\perfh016.dat
2007-03-17 13:43:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:34 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:34 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:34 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\DOCUME~1\JORGEM~1\AMBIEN~1\ANTI-C~1\SPYBOT~1\SDHelper.dll"
"{8ABC10F3-9DFD-6742-EB72-D9D7C8DD4570}"="C:\WINDOWS\gacud1.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ESB"="C:\\WINDOWS\\System32\\ESB.exe"
"4mtcsb"="C:\\WINDOWS\\System32\\4mtcsb.EXE"
"PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AudioHQ"="C:\\Programas\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"Creative Launcher"="C:\\Programas\\Creative\\Launcher\\CTLauncher.exe"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"InCD"="C:\\Programas\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="C:\\Programas\\Java\\jre1.5.0\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"
"GRIDINSIDEDEAF64"="C:\\Documents and Settings\\All Users\\Application Data\\third mags grid inside\\JOYLINK.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background"
"plus this"="C:\\DOCUME~1\\JORGEM~1\\APPLIC~1\\ABOUTA~1\\SaveIso.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Programas\ewido\security suite\shellhook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\Anti-coisas\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A9CA42FA91C1FC66.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-07 21:04:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-07 21:04:22
C:\ComboFix-quarantined-files.txt ... 2007-05-07 21:04
Quanta123 is offline