Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Just checking my HJT log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Just checking my HJT log

Unread postby bryanyeo87 » August 13th, 2007, 2:06 am

My HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:01 PM, on 13-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\kxmixer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BigDogPath] ; C:\WINDOWS\VM_STI.EXE V-Gear TalkCam 1.1
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Alcmtr] ; ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NVRaidService] ; C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] ; RTHDCPL.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] ; "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] ; "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{743BD23C-5278-45D0-971A-51EC170A8726}: NameServer = 202.188.0.133,202.188.245.2
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4373 bytes


Is it clean? other then the runonce 04HKUS, coz that was the slipstream i created
User avatar
bryanyeo87
Regular Member
 
Posts: 42
Joined: August 13th, 2007, 1:36 am
Advertisement
Register to Remove

Unread postby askey127 » August 13th, 2007, 2:54 pm

brianyeo87,
What is your relationship to tm.net? Is it your Internet Service Provider?
-----------------------------------------------------------
Remove log item with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entry:
O4 - HKLM\..\Run: [Alcmtr] ; ALCMTR.EXE
Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.

Let me know about tm.net
Not much otherwise in your log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby bryanyeo87 » August 14th, 2007, 12:20 am

yeap, tm.net is my ISP

O4 - HKLM\..\Run: [Alcmtr] ; ALCMTR.EXE
removed, but now i have no sound coming out of the HD port of my built in sound card :cry:
User avatar
bryanyeo87
Regular Member
 
Posts: 42
Joined: August 13th, 2007, 1:36 am

Unread postby askey127 » August 14th, 2007, 5:55 am

TO member tan_pang:

Your post has been removed.
I know you were just trying to be helpful, but -
This forum does not allow members to respond to other people's threads in this part of the forum.
Postings in the Malware Removal room are restricted to those asking for help and authorized, trained staff members.

askey127
Last edited by askey127 on August 14th, 2007, 6:00 am, edited 1 time in total.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » August 14th, 2007, 5:58 am

bryanyeo87,
About ALCMTR.EXE, see here:
http://www.bleepingcomputer.com/startup ... E-240.html

Did you do anything else in addition to checking that entry?
That entry has been removed thousands of times by HJT without incident.

Thanks for the ISP info.
askey127

Edit: upon further examination, I see that the O4 entry in your log has a slight syntax difference from the usual ALCMTR.EXE entry. Realtek may be changing the Registry entry used when this "spyware" is installed. If this is a problem, we can restore the entry from the HJT backups. - askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby bryanyeo87 » August 15th, 2007, 8:35 pm

nopez, anyway, seemed to fix it by re-installing the drivers
User avatar
bryanyeo87
Regular Member
 
Posts: 42
Joined: August 13th, 2007, 1:36 am

Unread postby bryanyeo87 » August 15th, 2007, 8:36 pm

and of course, ticking the ALCMTR.EXE entry
User avatar
bryanyeo87
Regular Member
 
Posts: 42
Joined: August 13th, 2007, 1:36 am

Unread postby askey127 » August 15th, 2007, 9:49 pm

Glad everything worked out.
Good Luck.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » August 17th, 2007, 7:04 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 285 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware