Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IMAPI.exe how do i get rid of it


  • Please log in to reply

#1
tom9927

tom9927

    New Member

  • Member
  • Pip
  • 6 posts
well im having a bet of a problem with removing this a real pest wied though i got from windows update i kwn wied but true

anyway heres a log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svehost.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\tom\Desktop\KillBox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tom\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMem] D:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207854853165
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

any ideas


now as iv done a kilbox with the processes from the prevous post of this problem and it nothing was found something did happen though when windows got to windows log on it rebooted i kwn lol

im also getting the exploer crash

update iv fixed it with combofix

first i ran hijack this

then i ran killbox found the program name deleted the entry xd

then i used combo fix

heres a log incase u can spot anything else

ComboFix 08-04-11.5 - tom 2008-04-11 23:39:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 1:00]
Running from: C:\Documents and Settings\tom\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\_000030_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\geBstqRL.dll
C:\WINDOWS\system32\ljJBqpME.dll
C:\WINDOWS\system32\LRqtsBeg.ini
C:\WINDOWS\system32\LRqtsBeg.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\NPF


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 23:29 . 2008-04-11 23:34 <DIR> d-------- C:\SDFix
2008-04-11 23:28 . 2008-04-11 23:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 23:28 . 2008-04-11 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 22:36 . 2008-04-11 22:36 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-11 22:36 . 2008-04-11 22:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-11 22:36 . 2008-04-11 22:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-11 22:31 . 2008-04-11 22:28 1,066,176 --a------ C:\WINDOWS\MSCOMCTL.OCX
2008-04-11 22:30 . 2008-04-11 22:28 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-04-11 22:30 . 2008-04-11 22:28 1,066,176 --a------ C:\MSCOMCTL.OCX
2008-04-11 22:29 . 2008-04-11 22:29 <DIR> d-------- C:\Program Files\MSBuild
2008-04-11 22:25 . 2008-04-11 22:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-11 22:24 . 2008-04-11 22:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-11 22:23 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-04-11 22:14 . 2008-04-11 22:14 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-11 22:00 . 2008-04-11 22:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 21:36 . 2008-04-11 21:36 <DIR> d-------- C:\Program Files\uTorrent
2008-04-11 21:36 . 2008-04-11 22:34 <DIR> d-------- C:\Documents and Settings\tom\Application Data\uTorrent
2008-04-11 09:35 . 2008-04-11 09:35 <DIR> d-------- C:\Documents and Settings\tom\Application Data\NPLUTO Corporation
2008-04-11 09:35 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-11 09:35 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-11 00:11 . 2008-04-11 00:11 <DIR> d-------- C:\Program Files\Realtek
2008-04-11 00:11 . 2008-04-11 00:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 00:10 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-10 23:24 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-10 23:24 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-10 23:24 . 2006-08-21 13:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-10 23:20 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-10 23:12 . 2008-04-10 23:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-10 22:42 . 2008-04-10 23:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-10 22:40 . 2008-04-10 22:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-10 22:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002576_.tmp
2008-04-10 22:34 . 2008-04-10 22:34 <DIR> d-------- C:\WINDOWS\EHome
2008-04-10 22:20 . 2004-08-04 00:56 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2008-04-10 22:20 . 2004-08-04 00:56 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2008-04-10 22:18 . 2008-04-10 22:41 <DIR> d-------- C:\WINDOWS\PeerNet
2008-04-10 22:10 . 2008-04-10 22:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-10 21:58 . 2004-08-04 00:56 597,504 --a------ C:\WINDOWS\system32\crypt32.dll
2008-04-10 21:58 . 2004-08-04 00:56 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2008-04-10 21:58 . 2004-08-04 00:56 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2008-04-10 21:57 . 2004-08-04 00:56 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll
2008-04-10 21:56 . 2008-04-10 21:56 <DIR> d-------- C:\ijji
2008-04-10 21:56 . 2008-04-10 23:13 <DIR> d--h----- C:\Documents and Settings\tom\Application Data\ijjigame
2008-04-10 21:54 . 2008-04-10 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-10 21:51 . 2008-04-10 21:51 0 --a------ C:\WINDOWS\msicpl.ini
2008-04-10 21:47 . 2008-04-10 21:47 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 21:38 . 2008-04-10 21:40 <DIR> d-------- C:\Program Files\MSI
2008-04-10 21:38 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-04-10 21:38 . 2008-02-01 17:07 18,487 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-04-10 21:38 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-04-10 21:38 . 2008-01-31 17:18 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-04-10 21:35 . 2008-04-10 21:35 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-04-10 21:35 . 2008-04-10 21:48 <DIR> d-------- C:\WINDOWS\NV164400.TMP
2008-04-10 21:35 . 2008-03-24 19:52 175,336 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-10 21:34 . 2008-04-10 21:34 <DIR> d-------- C:\NVIDIA
2008-04-10 21:34 . 2008-04-11 21:12 <DIR> d-------- C:\Documents and Settings\tom\Application Data\Xfire
2008-04-04 22:31 . 2008-04-04 22:31 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 19:40 --------- d-----w C:\Documents and Settings\tom\Application Data\Talkback
2008-04-10 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-10 19:01 --------- d-----w C:\Program Files\DIFX
2008-04-10 19:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-10 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-24 18:52 6,547,872 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-03-10 08:10 4,224 ----a-w C:\WINDOWS\system32\drivers\NVStrap.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WinMem"="D:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"RivaTunerStartupDaemon"="D:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 09:10 2691072]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2008-03-24 19:52 86016]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 11:41 498176]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Xfire.lnk - D:\Program Files\Xfire\xfire.exe [2008-04-04 22:30:56 2987856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PC Alert 4.lnk - D:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2008-04-10 21:43:59 552960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBqpME]
ljJBqpME.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 PCAlertDriver;PCAlertDriver;D:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [2006-12-26 14:08]
R3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2005-06-08 18:51]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-03-10 09:10]
S3 dump_wmimmc;dump_wmimmc;d:\Program Files\DriftCity\GameGuard\dump_wmimmc.sys []
S3 HwIOctl;HwIOctl;C:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI\HwIOctl.sys []
S3 Memctl;Memctl;C:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI\Memctl.sys []

*Newly Created Service* - PCALERTDRIVER
*Newly Created Service* - WEBNTACCESS
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 23:42:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLASHSYS]
"ImagePath"="\??\C:\WINDOWS\System32\Drivers\FLASHSYS.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WEBNTACCESS]
"ImagePath"="\??\C:\WINDOWS\system32\NTACCESS.SYS"
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-11 23:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 22:44:27
Pre-Run: 2,364,481,536 bytes free
Post-Run: 2,308,218,880 bytes free
.
2008-04-11 08:28:24 --- E O F ---

Edited by tom9927, 11 April 2008 - 04:48 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP