Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJL included - Computer slow down significantly [RESOLVED]


  • This topic is locked This topic is locked

#1
rumibudz

rumibudz

    Member

  • Member
  • PipPip
  • 62 posts
Hi, can anyone check this over and help me on why the computer had slow down?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:53 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chi Ho\Desktop\HiJackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {A5E0B170-04FA-11d1-B7DA-00A0C90348D6} - C:\WINDOWS\msdocvw.dll (file missing)
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [f5e5J8] C:\WINDOWS\imgvu.exe
O4 - HKLM\..\Run: [?? "h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\imgvu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ScanSpyware v3.5] "C:\Program Files\ScanSpyware v3.5\Scanner.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKLM\..\Policies\Explorer\Run: [application] C:\Program Files\ACSPMonitor\ASMonitor.exe hs
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7628 bytes


Thanks
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512
  • 0

#3
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
ComboFix 08-07-07.3 - Chi Ho 2008-07-08 19:33:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.100 [GMT -4:00]
Running from: C:\Documents and Settings\Chi Ho\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chi Ho\aax767.tmp.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\packet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 19:43 . 2008-07-08 19:43 <DIR> d-------- C:\Documents and Settings\Chi Ho\WPDNSE
2008-07-08 19:39 . 2008-07-08 19:39 60,416 --a------ C:\Perflib_Perfdata__755
2008-07-08 19:39 . 2008-07-08 19:41 2,160 --a------ C:\Perflib_Perfdata__754
2008-07-08 19:31 . 2008-07-08 19:31 3,325,520 --a------ C:\Documents and Settings\Chi Ho\mpengine.dll
2008-07-05 23:34 . 2008-07-05 23:34 <DIR> d-------- C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}
2008-07-05 23:34 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is33.exe
2008-07-05 23:10 . 2008-07-05 23:10 <DIR> d-------- C:\Temp\3197UGQM
2008-06-29 08:57 . 2008-06-29 09:34 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-5
2008-06-28 08:19 . 2008-06-28 08:19 <DIR> d-------- C:\Temp\30S2RD6U
2008-06-28 08:17 . 2008-06-28 08:17 <DIR> d-------- C:\Documents and Settings\Chi Ho\{F40E9AB6-2D86-48C6-9C0E-2F29AEFAC547}
2008-06-28 08:17 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is11.exe
2008-06-24 09:26 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2008-06-24 09:25 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\C2MP
2008-06-24 09:24 . 2008-07-05 15:13 44,792 --a------ C:\Documents and Settings\Chi Ho\2921.dat
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-06-24 09:09 . 2008-06-24 09:09 <DIR> d-------- C:\Program Files\Common Files\Hypnotizer
2008-06-24 08:20 . 2008-06-24 08:20 <DIR> d-------- C:\Documents and Settings\Chi Ho\mod763.tmp
2008-06-24 07:23 . 2008-06-24 07:24 <DIR> d-------- C:\Documents and Settings\Chi Ho\bc_cache
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 08:35 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 08:34 . 2008-06-14 09:29 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 23:44 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\AVG7
2008-06-28 12:17 --------- d-----w C:\Program Files\Viewpoint
2008-06-28 12:17 --------- d-----w C:\Program Files\Unity
2008-06-28 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 13:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 12:24 --------- d-----w C:\Program Files\DivX
2008-06-24 12:20 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\DivX
2008-06-20 20:08 --------- d-----w C:\Program Files\PartyGaming
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 22:40 --------- d-----w C:\Program Files\馬場大亨2000
2008-05-31 18:03 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-05-26 15:08 --------- d-----w C:\Program Files\Java
2008-05-26 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-26 05:03 --------- d-----w C:\Program Files\Common Files\logishrd
2008-05-26 05:02 --------- d-----w C:\Program Files\Logitech
2008-05-26 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-26 05:01 27,709,056 ----a-w C:\Documents and Settings\Chi Ho\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
2008-05-22 22:19 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-10 00:39 --------- d-----w C:\Program Files\AIM6
2008-05-10 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-04 18:27 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u5-windows-i586-p-iftw_1b121abb.exe
2008-01-13 18:14 219 ----a-w C:\Documents and Settings\Chi Ho\delme1.bat
2007-09-25 22:42 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u3-windows-i586-p-iftw_2cd32978.exe
2007-08-10 19:10 114,688 ----a-w C:\Documents and Settings\Chi Ho\vmpremov.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is53.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is13.exe
2005-04-09 05:02 284 ----a-w C:\Documents and Settings\Chi Ho\Application Data\ViewerApp.dat
2005-01-01 23:37 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-07-20 05:12 56 -csh--r C:\WINDOWS\system32\346D72D79C.sys
.

------- Sigcheck -------

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2003-07-16 12:40 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?? ?h'???r?WC:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\imgvu.exe" [?]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-12-12 14:22 217088]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21 274432]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-20 01:41 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 16:09 157592]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-15 21:15 167936]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 00:42 580096]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 03:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 20:15 219136]

C:\Documents and Settings\Chi Ho\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-04-19 19:14:35 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7b58d2-7076-11db-a730-00904b6ddd42}]
\Shell\AutoRun\command - I:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2004-08-19 04:36:52 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1084847308.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-01-22 03:43:16 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-07-08 07:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean.Chi Ho)Runs RegClean to optimize your registry.
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
HKLM-Run-sais - c:\program files\180solutions\sais.exe
HKLM-Run-f5e5J8 - C:\WINDOWS\imgvu.exe
HKLM-Explorer_Run-application - C:\Program Files\ACSPMonitor\ASMonitor.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 19:44:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"?? \"h'???r?WC:\\Program Files\\ISTsvc\\istsvc.exe"="C:\\WINDOWS\\imgvu.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\System32\winlogon.exe
-> C:\WINDOWS\System32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-07-08 19:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 23:54:24

Pre-Run: 28,404,346,880 bytes free
Post-Run: 28,295,557,120 bytes free

213 --- E O F --- 2008-07-08 23:34:00

New HJL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:47 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chi Ho\Desktop\HiJackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [?? "h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\imgvu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6879 bytes

Thanks Very much for your help
  • 0

#4
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
hi, i was also wondering where the recovery console from?

Thanks
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\Documents and Settings\Chi Ho\_is33.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Installing Recovery Console:

It appears your computer has no Recovery Console installed. We need to install Recovery Console first before proceed to our next fix. Please do the following..

Please go to Microsoft's website => HERE
Select the download that's appropriate for your Operating System. Microsoft Windows XP Professional Service Pack 2


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

After successfully install Recovery Console, a pop-on will appear asking to run ComboFix, please select NO.




NEXT



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"??\"h'???r?WC:\\Program Files\\ISTsvc\\istsvc.exe"=-

File::
C:\Documents and Settings\Chi Ho\2921.dat
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\Documents and Settings\Chi Ho\vmpremov.exe
C:\WINDOWS\imgvu.exe

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\ISTsvc

DirLook::
C:\Program Files\馬場大亨2000
C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}
C:\Temp\3197UGQM
C:\Temp\30S2RD6U

3. Save the above as CFScript.txt in your Desktop.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Jotti/VirusTotal result
  • Combofix
  • A new HijackThis log (after ComboFix step).


Regards
fenzodahl512
  • 0

#6
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Jotti's Malware scan
Scan taken on 09 Jul 2008 05:14:20 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

installing recovery console:
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

combofix after cfscript.txt
ComboFix 08-07-08.5 - Chi Ho 2008-07-09 1:29:36.2 - NTFSx86
Running from: C:\Documents and Settings\Chi Ho\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chi Ho\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Chi Ho\2921.dat
C:\Documents and Settings\Chi Ho\vmpremov.exe
C:\WINDOWS\imgvu.exe
C:\WINDOWS\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Chi Ho\2921.dat
C:\Documents and Settings\Chi Ho\vmpremov.exe
C:\Program Files\Viewpoint
C:\WINDOWS\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-09 01:36 . 2008-07-09 01:36 <DIR> d-------- C:\Documents and Settings\Chi Ho\WPDNSE
2008-07-08 22:25 . 2008-07-09 01:08 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-6
2008-07-08 19:39 . 2008-07-09 01:33 60,416 --a------ C:\Perflib_Perfdata__755
2008-07-08 19:39 . 2008-07-09 01:35 3,154 --a------ C:\Perflib_Perfdata__754
2008-07-08 19:31 . 2008-07-08 19:31 3,325,520 --a------ C:\Documents and Settings\Chi Ho\mpengine.dll
2008-07-05 23:34 . 2008-07-05 23:34 <DIR> d-------- C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}
2008-07-05 23:34 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is33.exe
2008-07-05 23:10 . 2008-07-05 23:10 <DIR> d-------- C:\Temp\3197UGQM
2008-06-29 08:57 . 2008-06-29 09:34 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-5
2008-06-28 08:19 . 2008-06-28 08:19 <DIR> d-------- C:\Temp\30S2RD6U
2008-06-28 08:17 . 2008-06-28 08:17 <DIR> d-------- C:\Documents and Settings\Chi Ho\{F40E9AB6-2D86-48C6-9C0E-2F29AEFAC547}
2008-06-28 08:17 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is11.exe
2008-06-24 09:26 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2008-06-24 09:25 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\C2MP
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-06-24 09:09 . 2008-06-24 09:09 <DIR> d-------- C:\Program Files\Common Files\Hypnotizer
2008-06-24 08:20 . 2008-06-24 08:20 <DIR> d-------- C:\Documents and Settings\Chi Ho\mod763.tmp
2008-06-24 07:23 . 2008-06-24 07:24 <DIR> d-------- C:\Documents and Settings\Chi Ho\bc_cache
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 08:35 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 08:34 . 2008-06-14 09:29 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 23:44 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\AVG7
2008-06-28 12:17 --------- d-----w C:\Program Files\Unity
2008-06-24 13:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 12:24 --------- d-----w C:\Program Files\DivX
2008-06-24 12:20 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\DivX
2008-06-20 20:08 --------- d-----w C:\Program Files\PartyGaming
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 22:40 --------- d-----w C:\Program Files\馬場大亨2000
2008-05-26 15:08 --------- d-----w C:\Program Files\Java
2008-05-26 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-26 05:03 --------- d-----w C:\Program Files\Common Files\logishrd
2008-05-26 05:02 --------- d-----w C:\Program Files\Logitech
2008-05-26 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-26 05:01 27,709,056 ----a-w C:\Documents and Settings\Chi Ho\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
2008-05-10 00:39 --------- d-----w C:\Program Files\AIM6
2008-05-10 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-04 18:27 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u5-windows-i586-p-iftw_1b121abb.exe
2008-01-13 18:14 219 ----a-w C:\Documents and Settings\Chi Ho\delme1.bat
2007-09-25 22:42 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u3-windows-i586-p-iftw_2cd32978.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is53.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is13.exe
2005-04-09 05:02 284 ----a-w C:\Documents and Settings\Chi Ho\Application Data\ViewerApp.dat
2005-01-01 23:37 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-07-20 05:12 56 -csh--r C:\WINDOWS\system32\346D72D79C.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727} ----

2008-07-05 23:34 649 --a------ C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}\setup.ini
2007-08-08 19:14 492032 --a------ C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}\ISSetup.dll
2007-08-08 19:14 373680 --a------ C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}\_Setup.dll

---- Directory of C:\Program Files\馬場大亨2000 ----


---- Directory of C:\Temp\30S2RD6U ----

2008-06-28 08:19 35328 --a------ C:\Temp\30S2RD6U\unpack.dll
2008-06-28 08:19 140800 --a------ C:\Temp\30S2RD6U\Resume.exe
2006-04-04 21:34 62991 --a------ C:\Temp\30S2RD6U\30S2RD70\30S2RDKH
2006-03-06 19:54 720 --a------ C:\Temp\30S2RD6U\Uninstall\presetup.rgn
2006-03-06 19:54 52800 --a------ C:\Temp\30S2RD6U\Uninstall\presetup.bmp
2006-03-06 19:54 44095 --a------ C:\Temp\30S2RD6U\Uninstall\packagedb
2006-03-06 19:54 2684 --a------ C:\Temp\30S2RD6U\Uninstall\maindb
2006-03-06 19:54 19847 --a------ C:\Temp\30S2RD6U\Uninstall\languages
2006-02-17 22:57 188416 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\PGInstall.exe
2006-02-05 23:12 92470 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\Gins.bmp
2006-02-05 23:12 7123 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\License.gif
2006-02-05 23:12 569454 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\2.bmp
2006-02-05 23:12 4356 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\Final.gif
2006-02-05 23:12 4275 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\Welcome.gif
2006-02-05 23:12 422454 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\Setup.bmp
2006-02-05 23:12 4166 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\DirSel.gif
2006-02-05 23:12 135834 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\top_panel.bmp
2006-02-05 23:12 112782 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\Cancelmain_panel.bmp
2006-01-30 00:15 46107 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\License.txt
2006-01-30 00:15 24576 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\ShowUrl1.exe
2006-01-30 00:15 24576 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\IconInIE.exe
2006-01-30 00:15 172 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\welcome.htm
2006-01-30 00:15 172 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\selDir.htm
2006-01-30 00:15 172 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\LicenseImg.htm
2006-01-30 00:15 170 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\LastDlg.htm
2006-01-30 00:15 10000 --a------ C:\Temp\30S2RD6U\Uninstall\presetup\regsvr32.exe
2005-03-28 15:24 349696 --a------ C:\Temp\30S2RD6U\Uninstall\plugins\0\CustomUI.dll

---- Directory of C:\Temp\3197UGQM ----

2008-07-05 23:10 35328 --a------ C:\Temp\3197UGQM\unpack.dll
2008-07-05 23:10 140800 --a------ C:\Temp\3197UGQM\Resume.exe
2006-04-04 21:34 62991 --a------ C:\Temp\3197UGQM\3197UGQS\3197UH6L
2006-03-06 19:54 720 --a------ C:\Temp\3197UGQM\Uninstall\presetup.rgn
2006-03-06 19:54 52800 --a------ C:\Temp\3197UGQM\Uninstall\presetup.bmp
2006-03-06 19:54 44095 --a------ C:\Temp\3197UGQM\Uninstall\packagedb
2006-03-06 19:54 2684 --a------ C:\Temp\3197UGQM\Uninstall\maindb
2006-03-06 19:54 19847 --a------ C:\Temp\3197UGQM\Uninstall\languages
2006-02-17 22:57 188416 --a------ C:\Temp\3197UGQM\Uninstall\presetup\PGInstall.exe
2006-02-05 23:12 92470 --a------ C:\Temp\3197UGQM\Uninstall\presetup\Gins.bmp
2006-02-05 23:12 7123 --a------ C:\Temp\3197UGQM\Uninstall\presetup\License.gif
2006-02-05 23:12 569454 --a------ C:\Temp\3197UGQM\Uninstall\presetup\2.bmp
2006-02-05 23:12 4356 --a------ C:\Temp\3197UGQM\Uninstall\presetup\Final.gif
2006-02-05 23:12 4275 --a------ C:\Temp\3197UGQM\Uninstall\presetup\Welcome.gif
2006-02-05 23:12 422454 --a------ C:\Temp\3197UGQM\Uninstall\presetup\Setup.bmp
2006-02-05 23:12 4166 --a------ C:\Temp\3197UGQM\Uninstall\presetup\DirSel.gif
2006-02-05 23:12 135834 --a------ C:\Temp\3197UGQM\Uninstall\presetup\top_panel.bmp
2006-02-05 23:12 112782 --a------ C:\Temp\3197UGQM\Uninstall\presetup\Cancelmain_panel.bmp
2006-01-30 00:15 46107 --a------ C:\Temp\3197UGQM\Uninstall\presetup\License.txt
2006-01-30 00:15 24576 --a------ C:\Temp\3197UGQM\Uninstall\presetup\ShowUrl1.exe
2006-01-30 00:15 24576 --a------ C:\Temp\3197UGQM\Uninstall\presetup\IconInIE.exe
2006-01-30 00:15 172 --a------ C:\Temp\3197UGQM\Uninstall\presetup\welcome.htm
2006-01-30 00:15 172 --a------ C:\Temp\3197UGQM\Uninstall\presetup\selDir.htm
2006-01-30 00:15 172 --a------ C:\Temp\3197UGQM\Uninstall\presetup\LicenseImg.htm
2006-01-30 00:15 170 --a------ C:\Temp\3197UGQM\Uninstall\presetup\LastDlg.htm
2006-01-30 00:15 10000 --a------ C:\Temp\3197UGQM\Uninstall\presetup\regsvr32.exe
2005-03-28 15:24 349696 --a------ C:\Temp\3197UGQM\Uninstall\plugins\0\CustomUI.dll


------- Sigcheck -------

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2003-07-16 12:40 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( [email protected]_19.53.39.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 23:42:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 05:35:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-08 06:57:12 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-08 23:47:16 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-08 06:57:13 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-08 23:47:17 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?? ?h'???r?WC:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\imgvu.exe" [?]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-12-12 14:22 217088]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21 274432]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-20 01:41 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 16:09 157592]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-15 21:15 167936]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 00:42 580096]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 03:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 20:15 219136]

C:\Documents and Settings\Chi Ho\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-04-19 19:14:35 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7b58d2-7076-11db-a730-00904b6ddd42}]
\Shell\AutoRun\command - I:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2004-08-19 04:36:52 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1084847308.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-01-22 03:43:16 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-07-08 07:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean.Chi Ho)Runs RegClean to optimize your registry.
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 01:37:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"?? \"h'???r?WC:\\Program Files\\ISTsvc\\istsvc.exe"="C:\\WINDOWS\\imgvu.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\System32\winlogon.exe
-> C:\WINDOWS\System32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-07-09 1:41:18 - machine was rebooted [Chi Ho]
ComboFix-quarantined-files.txt 2008-07-09 05:41:01
ComboFix2.txt 2008-07-08 23:55:40

Pre-Run: 28,559,060,992 bytes free
Post-Run: 28,544,835,584 bytes free

272 --- E O F --- 2008-07-08 23:34:00

hjl
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:37 AM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chi Ho\Desktop\HiJackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [?? "h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\imgvu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7187 bytes

thanks very much.....
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, before I proceed with the next fix, tell me what do you know about these two folders..

C:\Temp\30S2RD6U
C:\Temp\3197UGQM




NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\Temp\30S2RD6U\Resume.exe
      C:\Temp\3197UGQM\Uninstall\presetup\regsvr32.exe
  • Click on the submit button. You can only submit one file at a time..
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.
  • 0

#8
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi,

I don't know what those file are.

the following are the jotti's scan

Resume.exe
Scan taken on 09 Jul 2008 22:18:24 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

regsvr32.exe
Scan taken on 09 Jul 2008 22:21:49 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Thanks again
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\馬場大亨2000
C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}
C:\Temp\30S2RD6U
C:\Temp\3197UGQM

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply.. Post each log in separate post..

1. ComboFix
2. Malwarebytes'
3. A fresh HijackThis (after Malwarebytes' step)
4. Tell me about your computer behaviour..


Regards
fenzodahl512
  • 0

#10
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
ComboFix 08-07-08.5 - Chi Ho 2008-07-10 18:29:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.185 [GMT -4:00]
Running from: C:\Documents and Settings\Chi Ho\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chi Ho\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chi Ho\{48CB8E8D-1602-474F-A00C-8226C7A49727}
C:\Program Files\馬場大亨2000
C:\Temp\30S2RD6U
C:\Temp\30S2RD6U\30S2RD70\30S2RDKH
C:\Temp\30S2RD6U\Resume.exe
C:\Temp\30S2RD6U\Uninstall\languages
C:\Temp\30S2RD6U\Uninstall\maindb
C:\Temp\30S2RD6U\Uninstall\packagedb
C:\Temp\30S2RD6U\Uninstall\plugins\0\CustomUI.dll
C:\Temp\30S2RD6U\Uninstall\presetup.bmp
C:\Temp\30S2RD6U\Uninstall\presetup.rgn
C:\Temp\30S2RD6U\Uninstall\presetup\2.bmp
C:\Temp\30S2RD6U\Uninstall\presetup\Cancelmain_panel.bmp
C:\Temp\30S2RD6U\Uninstall\presetup\DirSel.gif
C:\Temp\30S2RD6U\Uninstall\presetup\Final.gif
C:\Temp\30S2RD6U\Uninstall\presetup\Gins.bmp
C:\Temp\30S2RD6U\Uninstall\presetup\IconInIE.exe
C:\Temp\30S2RD6U\Uninstall\presetup\LastDlg.htm
C:\Temp\30S2RD6U\Uninstall\presetup\License.gif
C:\Temp\30S2RD6U\Uninstall\presetup\License.txt
C:\Temp\30S2RD6U\Uninstall\presetup\LicenseImg.htm
C:\Temp\30S2RD6U\Uninstall\presetup\PGInstall.exe
C:\Temp\30S2RD6U\Uninstall\presetup\regsvr32.exe
C:\Temp\30S2RD6U\Uninstall\presetup\selDir.htm
C:\Temp\30S2RD6U\Uninstall\presetup\Setup.bmp
C:\Temp\30S2RD6U\Uninstall\presetup\ShowUrl1.exe
C:\Temp\30S2RD6U\Uninstall\presetup\top_panel.bmp
C:\Temp\30S2RD6U\Uninstall\presetup\Welcome.gif
C:\Temp\30S2RD6U\Uninstall\presetup\welcome.htm
C:\Temp\30S2RD6U\unpack.dll
C:\Temp\3197UGQM
C:\Temp\3197UGQM\3197UGQS\3197UH6L
C:\Temp\3197UGQM\Resume.exe
C:\Temp\3197UGQM\Uninstall\languages
C:\Temp\3197UGQM\Uninstall\maindb
C:\Temp\3197UGQM\Uninstall\packagedb
C:\Temp\3197UGQM\Uninstall\plugins\0\CustomUI.dll
C:\Temp\3197UGQM\Uninstall\presetup.bmp
C:\Temp\3197UGQM\Uninstall\presetup.rgn
C:\Temp\3197UGQM\Uninstall\presetup\2.bmp
C:\Temp\3197UGQM\Uninstall\presetup\Cancelmain_panel.bmp
C:\Temp\3197UGQM\Uninstall\presetup\DirSel.gif
C:\Temp\3197UGQM\Uninstall\presetup\Final.gif
C:\Temp\3197UGQM\Uninstall\presetup\Gins.bmp
C:\Temp\3197UGQM\Uninstall\presetup\IconInIE.exe
C:\Temp\3197UGQM\Uninstall\presetup\LastDlg.htm
C:\Temp\3197UGQM\Uninstall\presetup\License.gif
C:\Temp\3197UGQM\Uninstall\presetup\License.txt
C:\Temp\3197UGQM\Uninstall\presetup\LicenseImg.htm
C:\Temp\3197UGQM\Uninstall\presetup\PGInstall.exe
C:\Temp\3197UGQM\Uninstall\presetup\regsvr32.exe
C:\Temp\3197UGQM\Uninstall\presetup\selDir.htm
C:\Temp\3197UGQM\Uninstall\presetup\Setup.bmp
C:\Temp\3197UGQM\Uninstall\presetup\ShowUrl1.exe
C:\Temp\3197UGQM\Uninstall\presetup\top_panel.bmp
C:\Temp\3197UGQM\Uninstall\presetup\Welcome.gif
C:\Temp\3197UGQM\Uninstall\presetup\welcome.htm
C:\Temp\3197UGQM\unpack.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 18:37 . 2008-07-10 18:37 <DIR> d-------- C:\Documents and Settings\Chi Ho\WPDNSE
2008-07-09 21:24 . 2008-07-09 22:21 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-8
2008-07-09 20:23 . 2008-07-09 20:23 <DIR> d-------- C:\Documents and Settings\Chi Ho\Rar$DR03.631
2008-07-09 19:48 . 2008-07-09 20:07 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-7
2008-07-08 22:25 . 2008-07-09 01:08 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-6
2008-07-08 19:39 . 2008-07-10 18:34 60,416 --a------ C:\Perflib_Perfdata__755
2008-07-08 19:39 . 2008-07-10 18:35 800 --a------ C:\Perflib_Perfdata__754
2008-07-08 19:31 . 2008-07-08 19:31 3,325,520 --a------ C:\Documents and Settings\Chi Ho\mpengine.dll
2008-07-05 23:34 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is33.exe
2008-06-29 08:57 . 2008-06-29 09:34 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-5
2008-06-28 08:17 . 2008-06-28 08:17 <DIR> d-------- C:\Documents and Settings\Chi Ho\{F40E9AB6-2D86-48C6-9C0E-2F29AEFAC547}
2008-06-28 08:17 . 2007-08-08 19:14 456,416 --a------ C:\Documents and Settings\Chi Ho\_is11.exe
2008-06-24 09:26 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2008-06-24 09:25 . 2008-06-24 09:26 <DIR> d-------- C:\WINDOWS\system32\C2MP
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-24 09:15 . 2008-06-24 09:15 <DIR> d-------- C:\Program Files\AVI Codec Pack
2008-06-24 09:09 . 2008-06-24 09:09 <DIR> d-------- C:\Program Files\Common Files\Hypnotizer
2008-06-24 08:20 . 2008-06-24 08:20 <DIR> d-------- C:\Documents and Settings\Chi Ho\mod763.tmp
2008-06-24 07:23 . 2008-06-24 07:24 <DIR> d-------- C:\Documents and Settings\Chi Ho\bc_cache
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-14 08:35 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 08:34 . 2008-06-14 09:29 <DIR> d-------- C:\Documents and Settings\Chi Ho\plugtmp-4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 22:38 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\AVG7
2008-06-28 12:17 --------- d-----w C:\Program Files\Unity
2008-06-24 13:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 12:24 --------- d-----w C:\Program Files\DivX
2008-06-24 12:20 --------- d-----w C:\Documents and Settings\Chi Ho\Application Data\DivX
2008-06-20 20:08 --------- d-----w C:\Program Files\PartyGaming
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 15:08 --------- d-----w C:\Program Files\Java
2008-05-26 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-26 05:03 --------- d-----w C:\Program Files\Common Files\logishrd
2008-05-26 05:02 --------- d-----w C:\Program Files\Logitech
2008-05-26 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-26 05:01 27,709,056 ----a-w C:\Documents and Settings\Chi Ho\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
2008-05-10 00:39 --------- d-----w C:\Program Files\AIM6
2008-05-10 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-10 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-04 18:27 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u5-windows-i586-p-iftw_1b121abb.exe
2008-01-13 18:14 219 ----a-w C:\Documents and Settings\Chi Ho\delme1.bat
2007-09-25 22:42 382,352 ----a-w C:\Documents and Settings\Chi Ho\jre-6u3-windows-i586-p-iftw_2cd32978.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is53.exe
2007-08-08 23:14 456,416 ----a-w C:\Documents and Settings\Chi Ho\_is13.exe
2005-04-09 05:02 284 ----a-w C:\Documents and Settings\Chi Ho\Application Data\ViewerApp.dat
2005-01-01 23:37 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-07-20 05:12 56 -csh--r C:\WINDOWS\system32\346D72D79C.sys
.

------- Sigcheck -------

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2003-07-16 12:40 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 03:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( [email protected]_19.53.39.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 23:42:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 22:36:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-08 06:57:12 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-08 23:47:16 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-08 06:57:13 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-08 23:47:17 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?? ?h'???r?WC:\Program Files\ISTsvc\istsvc.exe"="C:\WINDOWS\imgvu.exe" [?]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 01:31 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 12:17 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-12-12 14:22 217088]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 16:44 679936]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33 155648]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 15:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 19:21 274432]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-20 01:41 180269]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 16:09 157592]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-15 21:15 167936]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 00:42 580096]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 03:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 20:15 219136]

C:\Documents and Settings\Chi Ho\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-04-19 19:14:35 24576]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:BitComet 6881 TCP
"6881:UDP"= 6881:UDP:BitComet 6881 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-22 02:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e7b58d2-7076-11db-a730-00904b6ddd42}]
\Shell\AutoRun\command - I:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2004-08-19 04:36:52 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1084847308.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-01-22 03:43:16 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-07-10 07:30:02 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean.Chi Ho)Runs RegClean to optimize your registry.
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 18:38:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"?? \"h'???r?WC:\\Program Files\\ISTsvc\\istsvc.exe"="C:\\WINDOWS\\imgvu.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\System32\winlogon.exe
-> C:\WINDOWS\System32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-07-10 18:46:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 22:45:42
ComboFix2.txt 2008-07-09 05:41:20
ComboFix3.txt 2008-07-08 23:55:40

Pre-Run: 28,429,189,120 bytes free
Post-Run: 28,414,312,448 bytes free

254 --- E O F --- 2008-07-08 23:34:00
  • 0

Advertisements


#11
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 5.1.2600 Service Pack 2

8:01:06 PM 7/10/2008
mbam-log-7-10-2008 (20-01-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125470
Time elapsed: 1 hour(s), 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\mpcodecplg.dll (Adware.WebDir) -> Quarantined and deleted successfully.
  • 0

#12
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:31 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Chi Ho\Desktop\HiJackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [?? "h'???r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\imgvu.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6908 bytes

The computer is running much smoother, is dare a way i can uninstall programs that is no longer on my computer, but is still on my add/remove software list.

Thanks very much for your help...
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please copy (Control+C) and paste (Control+V) the following code into the Notepad.

REGEDIT /E "%USERPROFILE%\Desktop\result.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Save it in Desktop as peek.bat and in Save as type: choose All Files

A new batch file (peek.bat) will then created on your desktop. Just double-click the file. A window will open and suddenly close, this is normal.

Please post the content of result.txt (located in your Desktop) in your next reply

If you do not sure how to make a batch file, please visit HERE for the tutorial.



The computer is running much smoother, is dare a way i can uninstall programs that is no longer on my computer, but is still on my add/remove software list.


If a program is no longer in your computer, but still have entry at Add or Remove Programs just right click at that entry and delete the entry.. Don't do this if you still have that particular programs inside your computer..
  • 0

#14
rumibudz

rumibudz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
hi, i created the peek.bat file, but after i clicked on it, no result.txt is created thanks
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. Please go to Start >> Run >> copy/paste below >> Press Enter

REGEDIT /E "%USERPROFILE%\Desktop\result2.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

A new textfile (result2.txt) will be created on your Desktop.. Plese post its content in your next reply...


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP