Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
[SOLVED] regscan [moved from general security] [SOLVED] regscan [moved from general security]
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 06-17-2007, 03:38 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 2
OS: xp home


[SOLVED] regscan [moved from general security]
Hello, I have a problem with a trojan called regscan. How do I remove it. Best regards tower1948
tower1948 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-17-2007, 03:57 PM   #2 (permalink)
Moderator Hardware Team
 
koala's Avatar
 
Join Date: Mar 2005
Location: UK
Posts: 9,293
OS: XP/UBUNTU

My System

Re: regscan
Hi, welcome to TSF

Please follow the instructions here and then post all the requested logs in a new thread here for the security analysts to look at.

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.


http://www.processlibrary.com/directory/files/regscan
Quote:
regscan.exe is added by Trojan.W32.Rbot. It is a worm which attemps to spread via network shares. It also contains backdoor Trojan capabilities allowing unauthorised remote access to the infected computer. If found on your system make sure that you have downloaded the latest update for your antivirus application. This process is a security risk and should be removed from your system.
__________________

New members: Subscribe to your thread (Thread Tools) to
receive an instant email notification when you get a reply.
TSF Folding@Home Team 85015 - details here
koala is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-18-2007, 11:56 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 2
OS: xp home


Re: regscan
Thank you so far. Here is a logfile:

Deckard's System Scanner v20070611.50
Run by Jens on 2007-06-18 at 18:22:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2007-06-18 16:22:09 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2007-06-18 16:08:03 UTC - RP9 - Removed BOINC
8: 2007-06-18 14:56:27 UTC - RP8 - Gendan handling
7: 2007-06-17 17:35:16 UTC - RP7 - Genoprettelsesfunktion til Microsoft Sikkerhedskopiering
6: 2007-06-17 16:19:44 UTC - RP6 - Genoprettelsesfunktion til Microsoft Sikkerhedskopiering


-- First Restore Point --
1: 2007-06-12 20:41:35 UTC - RP1 - Systemkontrolpunkt


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jens.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:23:22, on 18-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmer\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\F-Secure\FSGUI\fsguiexe.exe
C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Documents and Settings\Jens\Lokale indstillinger\Temporary Internet Files\Content.IE5\JMR90N3L\dss[1].exe
C:\PROGRA~1\HIJACK~1\Jens.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [seticlient] C:\Programmer\SETI@home\SETI@home.exe -min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programmer\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programmer\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: Nordea Online investering 7 - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk...nkCSP-1204.exe
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk...nkCSP-0504.exe
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authen...dccsp-0506.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/23...CX/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activ.../e-Safekey.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmer\Photodex\ProShowGold\ScsiAccess.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver>
R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 F-Secure Filter (F-Secure File System Filter) - c:\programmer\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\programmer\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\programmer\f-secure\anti-virus\win2k\fsrec.sys

S3 irsir (Microsoft seriel infrarød driver) - c:\windows\system32\drivers\irsir.sys (file missing)
S3 RT73 (D-Link USB Wireless LAN Card Driver) - c:\windows\system32\drivers\dr71wu.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Client - 7681197 (F-Secure Automatic Update) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe <Not Verified; BackWeb Technologies Inc.; RunnerEXE Application>
R2 fsbwsys - "c:\programmer\f-secure\backweb\7681197\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter - "c:\programmer\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA - "c:\programmer\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 ScsiAccess - c:\programmer\photodex\proshowgold\scsiaccess.exe
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\programmer\f-secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 F-Secure Network Request Broker - "c:\programmer\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

S3 F-Secure BackWeb LAN Access - "c:\programmer\f-secure\backweb\7681197\program\fsbwlan.exe" (file missing)


-- Files created between 2007-05-18 and 2007-06-18 -----------------------------

2007-06-18 18:17:51 0 d-------- C:\Programmer\SpywareBlaster
2007-06-18 18:12:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-06-18 16:56:57 0 d-------- C:\DanskeBank
2007-06-18 16:56:55 0 dr-h----- C:\Documents and Settings\Jens\Recent
2007-06-17 23:31:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-06-17 23:25:59 0 d-------- C:\Programmer\Yahoo!
2007-06-17 23:25:46 0 d-------- C:\Programmer\CCleaner
2007-06-16 20:48:49 0 d-------- C:\Programmer\a-squared HiJackFree
2007-06-16 15:27:36 0 d-------- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-06-12 22:41:23 6029312 --a------ C:\Documents and Settings\Jens\ntuser.dat
2007-06-12 22:41:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Scansoft
2007-06-12 22:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-12 22:37:44 0 d-------- C:\WINDOWS\Prefetch
2007-06-12 22:32:00 0 d-------- C:\Programmer\msn gaming zone
2007-06-12 22:26:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-06-12 22:00:39 0 d-------- C:\WINDOWS\setup.pss
2007-06-10 15:12:12 0 d-------- C:\xpsp2
2007-06-10 14:37:11 0 d-------- C:\xpcd
2007-05-27 21:22:39 0 d-------- C:\Documents and Settings\Jens\Application Data\CD-LabelPrint


-- Find3M Report ---------------------------------------------------------------

2007-06-18 18:08:07 0 d-------- C:\Programmer\BOINC
2007-06-18 16:56:56 0 d-------- C:\Documents and Settings\Jens\Application Data\Canon
2007-06-12 22:40:25 321526 --a------ C:\WINDOWS\system32\perfh006.dat
2007-06-12 22:40:25 45404 --a------ C:\WINDOWS\system32\perfc006.dat
2007-06-12 22:29:19 0 d-------- C:\Programmer\Fælles filer\SYSTEM
2007-06-12 22:28:23 22732 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-15 15:44:27 0 d-------- C:\Programmer\iSofter
2007-05-15 15:25:22 0 d-------- C:\Programmer\Betsson Poker
2007-05-09 21:42:45 0 d-------- C:\Programmer\DiscWizard for Windows
2007-05-01 17:40:10 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-05-01 17:39:30 0 d-------- C:\Programmer\D-Link
2007-04-30 18:13:57 0 d-------- C:\Programmer\F-Secure
2007-04-27 14:31:10 0 d-------- C:\Programmer\MSXML 4.0
2007-04-27 13:53:52 0 d-------- C:\Programmer\Canon


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programmer\google\googletoolbar2.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"seticlient"="C:\\Programmer\\SETI@home\\SETI@home.exe -min"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"IrMon"="IrMon.exe"
"F-Secure Manager"="\"C:\\Programmer\\F-Secure\\Common\\FSM32.EXE\" /splash"
"ATIPTA"="C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Acrobat Assistant 7.0"="\"C:\\Programmer\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SSBkgdUpdate"="\"C:\\Programmer\\Fælles filer\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Programmer\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"IJNetworkScanUtility"="C:\\Programmer\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.EXE"
"F-Secure TNB"="\"C:\\Programmer\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programmer\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"updateMgr"="\"C:\\Programmer\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-18 at 18:26:21 ---------
Attached Files
File Type: txt extra.txt (13.8 KB, 2 views)
tower1948 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-20-2007, 09:35 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: regscan [moved from general security]
Hello tower1948,

Quote:
I have a problem with a trojan called regscan.
Is one of your onboard tools detecting this? If so, what is the full path of it's location?


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:57 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82