Tech Support Guy banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I got this message with windows pop

"windows cannot find regsvr.exe. Make sure you typed the name correctly, and then try again. To search a file, click the start button, and then click search."

I tried to fix this problem with combifix.exe. the combifix report is as follows:

ComboFix 09-03-01.01 - Arvapally 2009-03-02 17:17:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2036.1573 [GMT 5.5:30]
Running from: c:\documents and settings\Arvapally\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\28463
c:\windows\system32\28463\svchost.001
c:\windows\system32\setting.ini
c:\windows\system32\setup.ini
c:\windows\system32\svchost .exe
.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.
2009-03-02 16:30 . 2009-03-02 16:30 d-------- c:\documents and settings\Arvapally\Application Data\True Sword
2009-03-01 09:49 . 2009-03-01 22:56 d-------- c:\program files\ThreatFire
2009-03-01 09:49 . 2009-03-02 16:14 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-01 09:49 . 2009-03-01 09:49 d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-01 09:49 . 2009-02-02 14:03 51,472 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-03-01 09:49 . 2009-02-02 14:04 39,184 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-03-01 09:49 . 2009-02-02 14:04 33,040 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-03-01 09:49 . 2009-02-02 14:04 12,560 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-03-01 09:25 . 2009-03-01 09:25 d-------- c:\documents and settings\Arvapally\Application Data\dvdcss
2009-02-28 19:06 . 2009-02-28 19:06 d-------- c:\program files\GMATPrep
2009-02-25 18:49 . 2008-12-21 04:45 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-25 18:49 . 2007-04-17 15:02 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-25 18:49 . 2007-03-08 10:40 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-25 18:49 . 2008-12-21 04:45 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-25 18:49 . 2008-12-21 04:45 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-25 18:49 . 2008-12-21 04:45 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-25 18:49 . 2008-12-21 04:45 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-25 18:49 . 2008-12-21 04:45 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-25 18:49 . 2008-12-19 14:40 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-18 19:59 . 2009-02-18 19:59 d--h----- c:\windows\system32\GroupPolicy
2009-02-13 18:39 . 2009-02-13 18:39 d-------- C:\jishnavi
2009-02-04 18:25 . 2009-02-04 18:25 d-------- c:\documents and settings\sys\Application Data\Talkback
2009-02-04 18:24 . 2009-02-04 18:24 d-------- c:\program files\Common Files\xing shared
2009-02-04 18:24 . 2009-02-04 18:24 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 11:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-02-20 15:24 --------- d-----w c:\program files\QLEDR05
2009-02-07 11:52 --------- d-----w c:\program files\Google
2009-02-04 12:54 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-04 12:54 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-04 12:54 --------- d-----w c:\program files\Real
2009-02-04 12:54 --------- d-----w c:\program files\Common Files\Real
2009-01-31 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-31 16:19 --------- d-----w c:\program files\Yahoo!
2009-01-28 03:04 --------- d-----w c:\program files\Kap.GMATTests
2009-01-27 10:09 --------- d-----w c:\documents and settings\Arvapally\Application Data\support
2009-01-26 12:25 --------- d-----w c:\program files\Winamp
2009-01-26 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-26 02:13 --------- d-----w c:\program files\Alwil Software
2009-01-19 09:56 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-15 03:39 155,995 ----a-w c:\windows\java\Packages\KSUO7DNP.ZIP
2009-01-15 03:39 --------- d-----w c:\program files\Common Files\Motive
2009-01-15 03:39 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-01-11 11:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-11 11:42 --------- d-----w c:\documents and settings\Arvapally\Application Data\Symantec
2009-01-11 11:41 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-01-11 07:54 --------- d-----w c:\documents and settings\sys\Application Data\dvdcss
2009-01-08 12:08 --------- d-----w c:\documents and settings\sys\Application Data\McAfee.com Personal Firewall
2009-01-06 15:39 --------- d-----w c:\documents and settings\Arvapally\Application Data\McAfee.com Personal Firewall
2009-01-06 14:27 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-01-06 14:13 --------- d-----w c:\program files\McAfee.com
2009-01-06 14:05 --------- d-----w c:\program files\Symantec_Client_Security
2009-01-06 14:04 --------- d-----w c:\program files\Symantec
2009-01-05 10:56 --------- d-----w c:\documents and settings\sys\Application Data\support
2009-01-04 04:52 --------- d-----w c:\documents and settings\sys\Application Data\Nokia
2009-01-04 04:14 --------- d-----w c:\program files\aod
2009-01-04 03:50 --------- d-----w c:\documents and settings\sys\Application Data\DataLayer
2009-01-02 13:01 --------- d-----w c:\program files\Bluesoleil_3.2_VoIP_English_070406
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-12 21:47 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-10-24 09:05 360,054 ----a-w c:\program files\JISHNAVI.bmp
2008-04-01 09:31 699,392 --sha-r c:\documents and settings\sys\Application Data\regsvr.exe
2008-04-01 09:31 699,392 --sha-r c:\documents and settings\Arvapally\Application Data\regsvr.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 435760]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1776936]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1196328]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1525032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 211480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 317976]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 289304]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 226864]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 330784]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 372736]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2008-07-03 280064]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3813376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-04 259600]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-02-02 263440]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 c:\windows\RTHDCPL.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"=
"c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\program files\\mcafee.com\\shared\\mghtml.exe"=
"c:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\Common Files\\Motive\\MotiveBrowser.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
[HKLM\~\Services\\SERVIC~1.EXE"=]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ThreatFire\\TFTray.exe"=
"c:\\Program Files\\ThreatFire\\TFGui.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"=
"c:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"=
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-01 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-01 39184]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nprjlo.sys --> c:\windows\system32\drivers\nprjlo.sys [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-01 33040]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-03-01 c:\windows\Tasks\At2.job
- c:\windows\system32\svchost []
2009-03-02 c:\windows\Tasks\McAfee.com Update Check (JISHNAVI-Arvapally).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe []
2009-03-02 c:\windows\Tasks\McAfee.com Update Check (JISHNAVI-Arvapally).job
- c:\progra~1\mcafee.com\agent [2009-01-11 17:12]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Yahoo Messsenger - c:\documents and settings\Arvapally\Application Data\support\svchost.exe
HKLM-Run-ErrorDoctor - c:\program files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 17:20:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
- - - - - - - > 'lsass.exe'(760)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2009-03-02 17:22:08
ComboFix-quarantined-files.txt 2009-03-02 11:52:05
Pre-Run: 38,371,344,384 bytes free
Post-Run: 38,693,007,360 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
204 --- E O F --- 2009-02-25 13:20:34

Pls help to solve the problem.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top