Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Log File.. Need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Log File.. Need help

Unread postby jasonst » July 5th, 2008, 3:11 am

Er need help badly to remove this virus on my computer. from what I saw it should be called the " AntiVirXP08 " .. Was borwsing some website about direct X and got it installed unaware.
Using a Chinese based computer, but able to communicate with english. One thing from what I seen from other post, most of them is required to access to Safe Mode... My computer have the problem accessing it. Hopefully there is some solutions...

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at03:08:44 PM, on 2008/7/5
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Security\TssCore.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\iason8\桌面\windows-kb890830-v1.42.exe
d:\c73a03e21eb07a9cc3f7f2ff25234adb\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMrhctm5j0eede] C:\Program Files\rhctm5j0eede\rhctm5j0eede.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SMSTray] D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\jvvo.exe
O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2639513405
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11948 bytes
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am
Advertisement
Register to Remove

Re: Log File.. Need help

Unread postby Bio-Hazard » July 5th, 2008, 12:21 pm

Welcome to the MWR forums. My name is Bio-Hazard. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear.
  • Absence of symptoms does not mean that everything is clear.
  • I f you don't know or understand something please don't hesitate to ask.
  • It is important that you reply to this thread. Do not start a new topic.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.


Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 6th, 2008, 6:11 am

Hey thanks for replying.

Here is the log, not sure if its correct :

AVG 8.0
HijackThis 2.0.2
Lame ACM MP3 Codec
Microsoft Visual C++ 2005 Redistributable
Samsung Media Studio
XviD MPEG-4 Video Codec


Thanks again.
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby jasonst » July 6th, 2008, 9:06 am

Er this is my new log file, after through a scan by AVG trail.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:27PM, on 2008/7/6
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMrhctm5j0eede] C:\Program Files\rhctm5j0eede\rhctm5j0eede.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SMSTray] D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\jvvo.exe
O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2639513405
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 12570 bytes
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 6th, 2008, 10:59 am

Remove one of your Anti Virus programs.

You are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG8
    Avast4

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them.


P2P Warning!

BitTorrent

I understand that downloading music and other files may be important to you; however, the P2P programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., copyrighted material, pirated software, and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

An often unanticipated and unintended consequence of using p2p programs is that you may be leaving your computer open to access by others without either your knowledge or consent. I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. This is how you can uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    BitTorrent

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

If you wish to keep them, you MUST NOT use them until your computer is clean.



Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 6th, 2008, 1:22 pm

Thanks for the advise, here is the ComboFix log file, not sure if its correct... Also the new hijack log. Oh ya , may I ask if it's okay to have program like DivX online media player installed on computer ? Also does online games directs malware into computer too ? Thanks

Hope the translations would help out abit.


ComboFix Log :


Translation ( Not all translation are correct... But the meaning is somewhere around there) :

1.其他遭刪除的檔案 : Other file that got deleted.
2. 之間建立的檔案 : File made between..
3. 開始 : Start
4. 桌面 : Desktop
5. 已建立新的還原點 :Already made new restore point
6. 近三個月內更動的檔案 : Files modified during 3 months
7. 重要登錄檔 : Important Register file
8. *注意* 空白或合法的登錄值將不會顯示 : *Attention* Blank or legal registers will not be shown
9. 「開始」功能表\程式集\啟動 : Start Menu\Program\Activate
10. 排程工作資料夾的內容 : Schedule work file content
11. 掃描隱藏的程序 : Scanning hidden program
12. 掃描完成 ( Scan complete )
13. 隱藏檔案?: 0 ( Hidden file : 0 )
14. 位元組可用 ( Bytes Available )




ComboFix 08-07-05.1 - iason8 2008-07-07 0:49:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.1.1028.18.107 [GMT 8:00]
執行位置?: C:\Documents and Settings\iason8\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\iason8\桌面\WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
* 已建立新的還原點
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


(((((((((((((((((((((((((((( 2008-06-06 - 2008-07-06 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-07-07 00:22 . 2008-07-07 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-06 23:49 . 2008-07-07 00:41 <DIR> d-------- C:\Program Files\Rakion
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\iason8\Application Data\DataCast
2008-07-06 22:14 . 2008-07-06 22:14 <DIR> d-------- C:\Program Files\Samsung
2008-07-06 19:52 . 2008-07-06 19:52 <DIR> d-------- C:\Program Files\DivX
2008-07-06 16:32 . 2008-07-06 16:32 268 --ah----- C:\sqmdata12.sqm
2008-07-06 16:32 . 2008-07-06 16:32 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 15:12 . 2008-07-06 15:12 268 --ah----- C:\sqmdata11.sqm
2008-07-06 15:12 . 2008-07-06 15:12 244 --ah----- C:\sqmnoopt11.sqm
2008-07-05 23:45 . 2008-07-05 23:45 244 --ah----- C:\sqmnoopt10.sqm
2008-07-05 23:45 . 2008-07-05 23:45 232 --ah----- C:\sqmdata10.sqm
2008-07-05 15:15 . 2008-07-05 15:15 244 --ah----- C:\sqmnoopt09.sqm
2008-07-05 15:15 . 2008-07-05 15:15 232 --ah----- C:\sqmdata09.sqm
2008-07-05 15:07 . 2008-07-05 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 14:47 . 2008-07-05 14:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-05 14:47 . 2008-07-05 14:47 232 --ah----- C:\sqmdata08.sqm
2008-07-05 14:12 . 2008-07-05 14:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-05 14:06 . 2008-07-05 14:06 268 --ah----- C:\sqmdata07.sqm
2008-07-05 14:06 . 2008-07-05 14:06 244 --ah----- C:\sqmnoopt07.sqm
2008-07-04 20:31 . 2008-07-04 20:31 268 --ah----- C:\sqmdata06.sqm
2008-07-04 20:31 . 2008-07-04 20:31 244 --ah----- C:\sqmnoopt06.sqm
2008-07-03 21:28 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-03 21:28 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-07-03 21:28 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-03 21:27 . 2008-07-03 21:27 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-07-03 21:26 . 2008-07-03 21:26 <DIR> d-------- C:\Program Files\MarkAny
2008-07-01 16:55 . 2008-07-01 16:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 16:55 . 2008-07-01 16:55 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-30 23:17 . 2008-07-03 21:14 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 16:07 . 2008-06-29 16:07 <DIR> dr-h----- C:\Documents and Settings\iason8\Application Data\SecuROM
2008-06-29 16:07 . 2008-06-29 16:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 12:10 . 2008-06-29 12:10 <DIR> d-------- C:\Documents and Settings\iason8\Application Data\rhctm5j0eede
2008-06-29 12:05 . 2008-06-29 12:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 12:05 . 2008-06-29 12:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 02:11 . 2008-06-25 02:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 02:10 . 2008-06-25 02:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-06-25 01:59 . 2008-06-25 02:00 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-25 01:59 . 2008-06-25 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-25 01:57 . 2008-06-25 01:57 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-25 01:51 . 2008-06-25 01:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\MSBuild
2008-06-25 01:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-25 01:40 . 2008-06-25 01:40 <DIR> d-------- C:\Documents and Settings\All Users\「開始」
2008-06-21 17:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-21 17:42 . 2002-12-12 00:14 1,294,336 --a--c--- C:\WINDOWS\system32\dllcache\dsound3d.dll
2008-06-16 20:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-16 20:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-16 20:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-16 00:59 . 2008-06-16 00:59 38 --a------ C:\WINDOWS\cdplayer.ini
2008-06-12 22:52 . 2008-06-17 04:16 <DIR> d-------- C:\Documents and Settings\JASON
2008-06-11 15:31 . 2008-06-15 01:32 269,568 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 15:31 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 08:04 . 2008-06-11 08:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 08:04 . 2008-06-11 08:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-08 21:46 . 2008-07-06 19:52 1,294 --a------ C:\WINDOWS\mozver.dat
2008-06-08 00:08 . 2008-06-08 00:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 13:10 . 2008-06-07 13:10 <DIR> d-------- C:\Documents and Settings\iason8\「開始」

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:54 --------- d-----w C:\Documents and Settings\iason8\Application Data\DNA
2008-07-06 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-06 15:13 --------- d-----w C:\Documents and Settings\iason8\Application Data\LimeWire
2008-06-24 18:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-15 07:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 17:32 269,568 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:52 --------- d-----w C:\Program Files\IBM RecordNow!
2008-06-12 14:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-30 11:35 0 ----a-w C:\IACTemp.dat
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IACiFlow
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IAC
2008-05-30 11:19 --------- d-----w C:\Program Files\QuickTime
2008-05-30 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-18 12:44 --------- d-----w C:\Program Files\DNA
2008-05-17 13:05 --------- d-----w C:\Program Files\Java
2008-05-17 12:55 --------- d-----w C:\Program Files\Sun
2008-05-17 12:52 --------- d-----w C:\Program Files\Common Files\Java
2008-05-17 12:49 --------- d-----w C:\Documents and Settings\iason8\Application Data\IBM
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 07:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 16:31 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 16:31 271,360 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 16:30 978,432 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 16:30 66,560 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 16:30 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 16:30 132,096 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 16:30 10,752 ----a-w C:\WINDOWS\hh.exe
2008-02-10 21:33 1,026 --sha-r C:\Program Files\Common Files\fqb.dat
2004-10-26 21:27 773 ----a-w C:\Program Files\pconfig.dcf
2004-10-11 13:59 8,417 ----a-w C:\Program Files\readme.txt
2004-09-01 17:05 41,018 ----a-w C:\Program Files\dlaunin.exe
2004-06-14 17:03 241 ----a-w C:\Program Files\setupopt.ini
2004-06-08 17:01 8 ----a-w C:\Program Files\is5unin.isu
2004-05-10 17:01 7,355 ----a-w C:\Program Files\tech_tip.htm
2004-05-10 17:01 44,717 ----a-w C:\Program Files\vxdla.chm
.

(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:30 15360]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 17:10 442368]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 18:42 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-18 20:44 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:31 208952]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-09 02:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-09 02:17 512000]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 17:10 442368]
"ISS_Certtool"="C:\Program Files\IBM\Security\certtool.exe" [2004-11-10 17:06 86016]
"IBM_PWMGR"="C:\Program Files\IBM\Password Manager\pwmgr.exe" [2004-11-10 17:09 327680]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 17:10 212992]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 15:48 94208]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 16:00 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 21:00 344064]
"QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 03:53 81920]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 19:17 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 19:17 98656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-27 22:00 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-30 19:19 98304]
"SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 19:41 479232]
"TpShocks"="TpShocks.exe" [2004-10-27 15:58 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe]
"TrackPointSrv"="tp4serv.exe" [2004-10-28 18:50 94208 C:\WINDOWS\system32\tp4serv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:30 15360]

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-10 14:35:39 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_abwl]
2006-08-24 17:53 23552 C:\WINDOWS\system32\fsp_abwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 03:53 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 11:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"11737:TCP"= 11737:TCP:BitCometLite 11737 TCP
"11737:UDP"= 11737:UDP:BitCometLite 11737 UDP

R0 GENERICSMB;IBM - Generic SMB Device Controller;C:\WINDOWS\system32\DRIVERS\smbgen.sys [2008-02-10 14:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 14:08]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-11-09 03:53]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 07:20]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-11-09 03:53]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2004-12-21 16:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 07:16]
R2 smi2;smi2;C:\WINDOWS\system32\drivers\smi2.sys [2008-02-10 13:59]
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-06-22 10:12]
R3 SMBusDH;IBM - SMB Hub Controller;C:\WINDOWS\system32\DRIVERS\smbusdh.sys [2008-02-10 14:00]
R3 SMBusHC;SMBus Host Controller;C:\WINDOWS\system32\DRIVERS\smbushc.sys [2008-02-10 14:00]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54]
S3 MXIC9010;MXIC Generic USB Device Driver;C:\WINDOWS\system32\drivers\mxic9010.sys [2005-10-02 13:57]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-11-09 03:53]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 XDva052;XDva052;C:\WINDOWS\system32\XDva052.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

.
排程工作資料夾的內容
"2008-07-06 10:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-06 16:58:52 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-06-10 07:50:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-01 07:50:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-jvsoft - C:\WINDOWS\system32\jvvo.exe
HKCU-Run-tasoft - C:\WINDOWS\system32\kxvo.exe
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-SMrhctm5j0eede - C:\Program Files\rhctm5j0eede\rhctm5j0eede.exe
HKLM-Run-SNM - C:\Program Files\SpyNoMore\SNM.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 00:59:03
Windows 5.1.2600 Service Pack 3 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\system32\ibmsmbus.exe
C:\Program Files\IBM\Security\TssCore.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
完成時間?: 2008-07-07 1:02:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 17:02:46

9 個目錄 19,858,898,944 位元組可用
13 個目錄 20,347,678,720 位元組可用

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

282 --- E O F --- 2008-07-06 16:49:41



HijackThis Log :

Translation :

1. 使用 Mega 管理器下載連接 ( Mega Download Manager connection used )
2. 匯出至 ( Output )
3. 主控台 ( Control panel )
4. 參考資料 ( Reference Data )



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:04:01 AM, on 2008/7/7
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10596 bytes


Thanks again,
Jason



*Edited :
PS After getting the combofix log, is it ok if I delete the ComboFix program on my desktop ?
Also I removed Bittorrent folder through C Drive since its not in the Add/Remove list.
One more thing, does DNA file belong to Bittorrent ? It have an icon that looks like Bittorrent just that its grey in colour, should I delete it ?

Thanks again,
Jason
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 7th, 2008, 7:50 am

After getting the combofix log, is it ok if I delete the ComboFix program on my desktop ?


NO, we will need it for future fixes.

Also I removed Bittorrent folder through C Drive since its not in the Add/Remove list.
One more thing, does DNA file belong to Bittorrent ? It have an icon that looks like Bittorrent just that its grey in colour, should I delete it ?


Yes you can delete it.

Oh ya , may I ask if it's okay to have program like DivX online media player installed on computer ?


It is ok to have one.

Also does online games directs malware into computer too ?


They can but as long as you have basic security in place like antivirus and firewall you should be okay.


I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\slrundll.exe
C:\WINDOWS\IFinst26.

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and Paste results in your next reply.
  • Repeat for all files on the list, and post me the details please


RegQuery by Noviciate

Please download RegQuery by Noviciate to your desktop
  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  • Double click RegQuery.exe to run the program
  • Paste the text you have copied using CRTL and V, into the textbox
  • Click the Query button
  • A Notepad file will open. Please paste the contents in your next reply
  • You may now close the RegQuery program



Run CFScript

  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Quote box into Notepad:

Code: Select all
Folder::
C:\Documents and Settings\iason8\Application Data\rhctm5j0eede
C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\iason8\Application Data\DNA
C:\Documents and Settings\iason8\Application Data\LimeWire
C:\Program Files\DNA
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-


Save it to your desktop as CFScript.txt

Refering to the picture above drag CFScript.txt into ComboFix.exe Image This will let ComboFix runagain. Restart if you have to. Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Combofix log
  • Virustotal or Jotti results
  • RegQuery results
  • A fresh HijackThis Log ( after all the above has been done)
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 7th, 2008, 10:49 am

... Thanks for the effort !

Here is the scan result of the two file you told me to scan :

C:\WINDOWS\slrundll.exe :

Antivirus Version Last Update-Result
AhnLab-V3 2008.7.4.1 2008.07.07 -
AntiVir 7.8.0.64 2008.07.07 -
Authentium 5.1.0.4 2008.07.06 -
Avast 4.8.1195.0 2008.07.07 -
AVG 7.5.0.516 2008.07.07 -
BitDefender 7.2 2008.07.07 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.07 -
DrWeb 4.44.0.09170 2008.07.07 -
eSafe 7.0.17.0 2008.07.07 -
eTrust-Vet 31.6.5934 2008.07.07 -
Ewido 4.0 2008.07.07 -
F-Prot 4.4.4.56 2008.07.06 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.07 -
GData 2.0.7306.1023 2008.07.07 -
Ikarus T3.1.1.26.0 2008.07.07 -
Kaspersky 7.0.0.125 2008.07.07 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.07 -
NOD32v2 3247 2008.07.07 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.06 -
Prevx1 V2 2008.07.07 -
Rising 20.51.60.00 2008.07.06 -
Sophos 4.31.0 2008.07.07 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.07 -
TheHacker 6.2.96.374 2008.07.07 -
TrendMicro 8.700.0.1004 2008.07.07 -
VBA32 3.12.6.8 2008.07.06 -
VirusBuster 4.5.11.0 2008.07.07 -
Webwasher-Gateway 6.6.2 2008.07.07 -
Additional information
File size: 32866 bytes
MD5...: 740fb2c61e9a92ca1201a86742be51f2
SHA1..: 7b53f44015e5370762fb90979334c175caf9f9a8
SHA256: 127aadedc91fb7c7ccee2e738980c7f6e51b0df35adf55fc3a28ac27d0747704
SHA512: 14cdcabbffaafb552ba73b94d5fa4bf86e4320c80200585aba2fa21723dd78c6
9124a2b50b0fdacf8149f8973a6e12a2da48f47f0d6a46627e0d2c899fca10ba
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40132c
timedatestamp.....: 0x4069704c (Tue Mar 30 13:04:12 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x345a 0x4000 5.80 58f5c9738ae7b9f83c246c411083d821
.rdata 0x5000 0x784 0x1000 3.30 b8613f550488e8cb371639a45dd52f3f
.data 0x6000 0x99c 0x1000 0.87 8986d0756ca0cfb6f7e3ced3d916be94
.rsrc 0x7000 0x318 0x1000 3.52 782b22da29c09f173b564a18436f5217

( 1 imports )
> KERNEL32.dll: GetStdHandle, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, FreeLibrary, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, IsBadWritePtr, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

( 0 exports )


C:\WINDOWS\IFinst26.exe :

Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.07 -
AntiVir 7.8.0.64 2008.07.07 -
Authentium 5.1.0.4 2008.07.06 -
Avast 4.8.1195.0 2008.07.07 -
AVG 7.5.0.516 2008.07.07 -
BitDefender 7.2 2008.07.07 -
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.07 -
DrWeb 4.44.0.09170 2008.07.07 -
eSafe 7.0.17.0 2008.07.07 Suspicious File
eTrust-Vet 31.6.5934 2008.07.07 -
Ewido 4.0 2008.07.07 -
F-Prot 4.4.4.56 2008.07.06 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.07 -
GData 2.0.7306.1023 2008.07.07 -
Ikarus T3.1.1.26.0 2008.07.07 -
Kaspersky 7.0.0.125 2008.07.07 -
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.07 -
NOD32v2 3247 2008.07.07 -
Norman 5.80.02 2008.07.04 -
Panda 9.0.0.4 2008.07.06 -
Prevx1 V2 2008.07.07 -
Rising 20.51.60.00 2008.07.06 -
Sophos 4.31.0 2008.07.07 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.07 -
TheHacker 6.2.96.374 2008.07.07 -
TrendMicro 8.700.0.1004 2008.07.07 -
VBA32 3.12.6.8 2008.07.06 -
VirusBuster 4.5.11.0 2008.07.07 -
Webwasher-Gateway 6.6.2 2008.07.07 -
Additional information
File size: 65024 bytes
MD5...: fdc9d4de50a845137580698494b19f13
SHA1..: 0982241e310fd7d79ce544d1c78ee4c6ce704091
SHA256: 45de2065972a812b7671676c0e53fdd5ddeae742d2d4fb27b19d0df8f3c0c1d8
SHA512: 06e8e897888122e375eceef6e12e3b292141a5d5677fe19d53eea8785be82645
a3a58a0df4c876b8b7e410b8f498ad146e91e20f80850737a7d1d7b1adce3d37
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4297b0
timedatestamp.....: 0x39fccbac (Mon Oct 30 01:15:24 2000)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x1b000 0xf000 0xea00 7.92 98ce247aa2d782e5978b391a4be1792a
.rsrc 0x2a000 0x1000 0x1000 3.39 79f1a804b29384e18fb2b8c70a0e867d

( 8 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> ADVAPI32.dll: RegCloseKey
> GDI32.dll: BitBlt
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueA

( 0 exports )

packers (Kaspersky): UPX
packers (F-Prot): UPX


RegQuery :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"
"DisplayVersion"="2.0.2"
"Publisher"="TrendMicro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}]
"ModifyPath"="\"C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\setup.exe\" -runfromtemp -l0x0404"
"UninstallString"="\"C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\setup.exe\" -runfromtemp -l0x0404 -removeonly"
"DisplayName"="EmoDio"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\\Setup.ilg"
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0"
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"="C:\\Program Files\\Samsung\\Emodio\\"
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\{AB1EFADB-5AF0-4C47-AB53-C68FCA0A9097}\\"
"Publisher"="SAMSUNG"
"Readme"=""
"URLInfoAbout"="***IS_STRING_NOT_DEFINED***"
"URLUpdateInfo"=""
"HelpLink"=hex(2):00,00
"EstimatedSize"=dword:00001e54
"Language"=dword:00000000
"Version"=dword:01000000
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"NoModify"=dword:00000001
"DisplayIcon"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,00,7b,00,\
43,00,32,00,30,00,43,00,45,00,35,00,39,00,32,00,2d,00,42,00,30,00,46,00,38,\
00,2d,00,34,00,44,00,32,00,30,00,2d,00,42,00,46,00,33,00,31,00,2d,00,30,00,\
31,00,35,00,31,00,43,00,41,00,36,00,33,00,33,00,31,00,41,00,36,00,7d,00,5c,\
00,41,00,52,00,50,00,50,00,52,00,4f,00,44,00,55,00,43,00,54,00,49,00,43,00,\
4f,00,4e,00,2e,00,65,00,78,00,65,00,00,00
"RegOwner"="JJ"
"RegCompany"="ZAOFAMILY"
"NoRepair"=dword:00000001
"DefaultLanguage"="LangCHT"
"PatchVersion"="1.00"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lame MP3 Codec (for the ACM)]
"DisplayName"="Lame ACM MP3 Codec"
"UninstallString"="\"C:\\WINDOWS\\IFinst26.exe\" -UD:\\Program Files\\Lame MP3 Codec\\IFU11.inf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobius Rakion_is1]
"Inno Setup: Setup Version"="5.1.5"
"Inno Setup: App Path"="C:\\Program Files\\Softnyx\\Rakion"
"InstallLocation"="C:\\Program Files\\Softnyx\\Rakion\\"
"Inno Setup: Icon Group"="(Default)"
"Inno Setup: User"="iason8"
"DisplayName"="Mobius Rakion"
"UninstallString"="\"C:\\Program Files\\Softnyx\\Rakion\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\Softnyx\\Rakion\\unins000.exe\" /SILENT"
"Publisher"="mobius.ph"
"URLInfoAbout"="http://www.mobius.ph"
"HelpLink"="http://rakion.mobiusgames.net"
"URLUpdateInfo"="http://rakion.mobiusgames.net"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.15)]
"Comments"="Mozilla Firefox"
"DisplayIcon"="C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"
"DisplayName"="Mozilla Firefox (2.0.0.15)"
"DisplayVersion"="2.0.0.15 (zh-TW)"
"InstallLocation"="C:\\Program Files\\Mozilla Firefox"
"Publisher"="Mozilla"
"UninstallString"="C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"
"URLInfoAbout"="http://zh-TW.www.mozilla.com/zh-TW/"
"URLUpdateInfo"="http://zh-TW.www.mozilla.com/zh-TW/firefox/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XviD_is1]
"Inno Setup: Setup Version"="4.2.7"
"Inno Setup: App Path"="D:\\Program Files\\XviD"
"InstallLocation"="D:\\Program Files\\XviD\\"
"Inno Setup: Icon Group"="XviD"
"Inno Setup: User"="iason8"
"Inno Setup: Selected Tasks"="DecodeAll"
"Inno Setup: Deselected Tasks"=""
"DisplayName"="XviD MPEG-4 Video Codec"
"UninstallString"="\"D:\\Program Files\\XviD\\unins000.exe\""
"QuietUninstallString"="\"D:\\Program Files\\XviD\\unins000.exe\" /SILENT"
"DisplayVersion"="XviD-1.0.3-20122004"
"Publisher"="XviD Team (Koepi)"
"URLInfoAbout"="http://www.xvid.org/"
"HelpLink"="http://forum.doom9.org/forumdisplay.php?s=&forumid=52"
"URLUpdateInfo"="http://www.koepi.org/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68e0d9e4-1474-48c9-a191-a32cc6a40027}]
"uninstall"="C:\\Program Files\\MarkAny\\ContentSafer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.0.56336"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\7zS8.tmp\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,37,00,32,00,39,00,39,00,30,00,35,00,32,00,\
62,00,2d,00,30,00,32,00,61,00,34,00,2d,00,34,00,36,00,32,00,37,00,2d,00,38,\
00,31,00,66,00,32,00,2d,00,31,00,38,00,31,00,38,00,64,00,61,00,35,00,64,00,\
35,00,35,00,30,00,64,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000014d2
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,37,00,32,00,39,00,39,00,30,00,35,00,32,\
00,62,00,2d,00,30,00,32,00,61,00,34,00,2d,00,34,00,36,00,32,00,37,00,2d,00,\
38,00,31,00,66,00,32,00,2d,00,31,00,38,00,31,00,38,00,64,00,61,00,35,00,64,\
00,35,00,35,00,30,00,64,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0800dc10
"Language"=dword:00000000
"DisplayName"="Microsoft Visual C++ 2005 Redistributable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}]
"DisplayName"="DivX Web Player"
"InstallLocation"="C:\\Program Files\\DivX\\DivX Web Player"
"DisplayIcon"="C:\\Program Files\\DivX\\DivX Web Player\\npdivx32.dll,0"
"Publisher"="DivX,Inc."
"UninstallString"="C:\\Program Files\\DivX\\DivXWebPlayerUninstall.exe /PLUGIN"
"DisplayVersion"="1.4.0"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Locale"="en"
"RebootFlag"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}]
"DisplayName"="MSXML 4.0 SP2 (KB936181)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C19BE821-89B1-4A96-AC7C-873810C0CB5F}]
"DisplayName"="ContentSAFER for Wizmax"
"LogFile"=""
"UninstallString"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20080706"
"InstallLocation"="C:\\Program Files\\Samsung\\Emodio\\"
"InstallSource"="C:\\DOCUME~1\\iason8\\LOCALS~1\\Temp\\{AB1EFADB-5AF0-4C47-AB53-C68FCA0A9097}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,43,00,32,00,30,00,43,00,45,00,35,00,39,00,\
32,00,2d,00,42,00,30,00,46,00,38,00,2d,00,34,00,44,00,32,00,30,00,2d,00,42,\
00,46,00,33,00,31,00,2d,00,30,00,31,00,35,00,31,00,43,00,41,00,36,00,33,00,\
33,00,31,00,41,00,36,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="SAMSUNG"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00001e54
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,43,00,32,00,30,00,43,00,45,00,35,00,39,\
00,32,00,2d,00,42,00,30,00,46,00,38,00,2d,00,34,00,44,00,32,00,30,00,2d,00,\
42,00,46,00,33,00,31,00,2d,00,30,00,31,00,35,00,31,00,43,00,41,00,36,00,33,\
00,33,00,31,00,41,00,36,00,7d,00,00,00
"URLInfoAbout"="***IS_STRING_NOT_DEFINED***"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01000000
"Language"=dword:00000000
"DisplayName"="EmoDio"



ComboFix Log :


ComboFix 08-07-05.1 - iason8 2008-07-07 22:21:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.1.1028.18.196 [GMT 8:00]
執行位置?: C:\Documents and Settings\iason8\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\iason8\桌面\CFScript.txt
* 已建立新的還原點
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\iason8\Application Data\LimeWire
C:\Documents and Settings\iason8\Application Data\LimeWire\.AppSpecialShare\Supreme.Commander.Forged.Alliance.Full-Rip.Skullptura.torrent.bak
C:\Documents and Settings\iason8\Application Data\LimeWire\active.mojito
C:\Documents and Settings\iason8\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\iason8\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\filters.props
C:\Documents and Settings\iason8\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\iason8\Application Data\LimeWire\installation.props
C:\Documents and Settings\iason8\Application Data\LimeWire\library.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\limewire.props
C:\Documents and Settings\iason8\Application Data\LimeWire\mojito.props
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.backup
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.data
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\iason8\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\iason8\Application Data\LimeWire\questions.props
C:\Documents and Settings\iason8\Application Data\LimeWire\responses.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\iason8\Application Data\LimeWire\spam.dat
C:\Documents and Settings\iason8\Application Data\LimeWire\tables.props
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\iason8\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\iason8\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\iason8\Application Data\LimeWire\version.xml
C:\Documents and Settings\iason8\Application Data\LimeWire\versions.props
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\audio.sxml2
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\image.sxml2
C:\Documents and Settings\iason8\Application Data\LimeWire\xml\data\video.sxml2
C:\Documents and Settings\iason8\Application Data\rhctm5j0eede

.
(((((((((((((((((((((((((((( 2008-06-07 - 2008-07-07 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-07-07 16:12 . 2008-07-07 16:17 <DIR> d-------- C:\Program Files\Cheat Engine
2008-07-07 02:36 . 2008-07-07 02:36 <DIR> d-------- C:\Program Files\Softnyx
2008-07-06 22:16 . 2008-07-06 22:16 <DIR> d-------- C:\Documents and Settings\iason8\Application Data\DataCast
2008-07-06 22:14 . 2008-07-06 22:14 <DIR> d-------- C:\Program Files\Samsung
2008-07-06 19:52 . 2008-07-06 19:52 <DIR> d-------- C:\Program Files\DivX
2008-07-06 16:32 . 2008-07-06 16:32 268 --ah----- C:\sqmdata12.sqm
2008-07-06 16:32 . 2008-07-06 16:32 244 --ah----- C:\sqmnoopt12.sqm
2008-07-06 15:12 . 2008-07-06 15:12 268 --ah----- C:\sqmdata11.sqm
2008-07-06 15:12 . 2008-07-06 15:12 244 --ah----- C:\sqmnoopt11.sqm
2008-07-05 23:45 . 2008-07-05 23:45 244 --ah----- C:\sqmnoopt10.sqm
2008-07-05 23:45 . 2008-07-05 23:45 232 --ah----- C:\sqmdata10.sqm
2008-07-05 15:15 . 2008-07-05 15:15 244 --ah----- C:\sqmnoopt09.sqm
2008-07-05 15:15 . 2008-07-05 15:15 232 --ah----- C:\sqmdata09.sqm
2008-07-05 15:07 . 2008-07-05 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 14:47 . 2008-07-05 14:47 244 --ah----- C:\sqmnoopt08.sqm
2008-07-05 14:47 . 2008-07-05 14:47 232 --ah----- C:\sqmdata08.sqm
2008-07-05 14:12 . 2008-07-05 14:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-05 14:06 . 2008-07-05 14:06 268 --ah----- C:\sqmdata07.sqm
2008-07-05 14:06 . 2008-07-05 14:06 244 --ah----- C:\sqmnoopt07.sqm
2008-07-04 20:31 . 2008-07-04 20:31 268 --ah----- C:\sqmdata06.sqm
2008-07-04 20:31 . 2008-07-04 20:31 244 --ah----- C:\sqmnoopt06.sqm
2008-07-03 21:28 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-03 21:28 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2008-07-03 21:28 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-03 21:27 . 2008-07-03 21:27 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-07-03 21:26 . 2008-07-03 21:26 <DIR> d-------- C:\Program Files\MarkAny
2008-07-01 16:55 . 2008-07-01 16:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 16:55 . 2008-07-01 16:55 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-30 23:17 . 2008-07-03 21:14 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 16:07 . 2008-06-29 16:07 <DIR> dr-h----- C:\Documents and Settings\iason8\Application Data\SecuROM
2008-06-29 16:07 . 2008-06-29 16:07 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 12:05 . 2008-06-29 12:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-29 12:05 . 2008-06-29 12:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 02:11 . 2008-06-25 02:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-25 02:10 . 2008-06-25 02:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-06-25 01:59 . 2008-06-25 02:00 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-25 01:59 . 2008-06-25 02:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-25 01:57 . 2008-06-25 01:57 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-25 01:51 . 2008-06-25 01:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-25 01:51 . 2008-06-25 01:51 <DIR> d-------- C:\Program Files\MSBuild
2008-06-25 01:50 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-25 01:40 . 2008-06-25 01:40 <DIR> d-------- C:\Documents and Settings\All Users\「開始」
2008-06-21 17:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-21 17:42 . 2002-12-12 00:14 1,294,336 --a--c--- C:\WINDOWS\system32\dllcache\dsound3d.dll
2008-06-16 20:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-16 20:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-16 20:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-16 20:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-16 00:59 . 2008-06-16 00:59 38 --a------ C:\WINDOWS\cdplayer.ini
2008-06-12 22:52 . 2008-06-17 04:16 <DIR> d-------- C:\Documents and Settings\JASON
2008-06-11 15:31 . 2008-06-15 01:32 269,568 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 15:31 . 2008-05-08 22:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 08:04 . 2008-06-11 08:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 08:04 . 2008-06-11 08:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-08 21:46 . 2008-07-06 19:52 1,294 --a------ C:\WINDOWS\mozver.dat
2008-06-08 00:08 . 2008-06-08 00:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-07 13:10 . 2008-06-07 13:10 <DIR> d-------- C:\Documents and Settings\iason8\「開始」

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 18:12 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-15 07:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 17:32 269,568 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:52 --------- d-----w C:\Program Files\IBM RecordNow!
2008-06-12 14:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-30 11:35 0 ----a-w C:\IACTemp.dat
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IACiFlow
2008-05-30 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\IAC
2008-05-30 11:19 --------- d-----w C:\Program Files\QuickTime
2008-05-30 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-17 13:05 --------- d-----w C:\Program Files\Java
2008-05-17 12:55 --------- d-----w C:\Program Files\Sun
2008-05-17 12:52 --------- d-----w C:\Program Files\Common Files\Java
2008-05-17 12:49 --------- d-----w C:\Documents and Settings\iason8\Application Data\IBM
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 07:08 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 16:31 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 16:31 271,360 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 16:30 978,432 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 16:30 769,024 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2008-04-14 16:30 744,448 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2008-04-14 16:30 66,560 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 16:30 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 16:30 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 16:30 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 16:30 18,432 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
2008-04-14 16:30 163,840 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-04-14 16:30 132,096 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 16:30 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 16:29 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 16:29 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 16:29 38,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
2008-04-14 16:29 366,080 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msinfo.dll
2008-04-14 16:29 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 16:29 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 16:29 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 16:29 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 16:29 102,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
2008-04-14 16:29 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-02-10 21:33 1,026 --sha-r C:\Program Files\Common Files\fqb.dat
2004-10-26 21:27 773 ----a-w C:\Program Files\pconfig.dcf
2004-10-11 13:59 8,417 ----a-w C:\Program Files\readme.txt
2004-09-01 17:05 41,018 ----a-w C:\Program Files\dlaunin.exe
2004-06-14 17:03 241 ----a-w C:\Program Files\setupopt.ini
2004-06-08 17:01 8 ----a-w C:\Program Files\is5unin.isu
2004-05-10 17:01 7,355 ----a-w C:\Program Files\tech_tip.htm
2004-05-10 17:01 44,717 ----a-w C:\Program Files\vxdla.chm
.

((((((((((((((((((((((((((((( snapshot@2008-07-07_ 1.02.32.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 16:58:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 13:44:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 13:44:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 00:30 15360]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 17:10 442368]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 18:42 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:31 208952]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-09 02:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-09 02:17 512000]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 17:10 442368]
"ISS_Certtool"="C:\Program Files\IBM\Security\certtool.exe" [2004-11-10 17:06 86016]
"IBM_PWMGR"="C:\Program Files\IBM\Password Manager\pwmgr.exe" [2004-11-10 17:09 327680]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 17:10 212992]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 15:48 94208]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 16:00 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-11 21:00 344064]
"QCWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 03:53 81920]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 19:17 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 19:17 98656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-27 22:00 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-30 19:19 98304]
"TpShocks"="TpShocks.exe" [2004-10-27 15:58 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 01:07 40960 C:\WINDOWS\system32\TP4EX.exe]
"TrackPointSrv"="tp4serv.exe" [2004-10-28 18:50 94208 C:\WINDOWS\system32\tp4serv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 00:30 15360]

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [2004-10-01 15:12:18 565309]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-10 14:35:39 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_abwl]
2006-08-24 17:53 23552 C:\WINDOWS\system32\fsp_abwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 03:53 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 11:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"11737:TCP"= 11737:TCP:BitCometLite 11737 TCP
"11737:UDP"= 11737:UDP:BitCometLite 11737 UDP

R0 GENERICSMB;IBM - Generic SMB Device Controller;C:\WINDOWS\system32\DRIVERS\smbgen.sys [2008-02-10 14:00]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-05-14 14:08]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2004-12-02 16:14]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-11-09 03:53]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 07:20]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-11-09 03:53]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 12:59]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2004-12-21 16:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 07:16]
R2 smi2;smi2;C:\WINDOWS\system32\drivers\smi2.sys [2008-02-10 13:59]
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-06-22 10:12]
R3 SMBusDH;IBM - SMB Hub Controller;C:\WINDOWS\system32\DRIVERS\smbusdh.sys [2008-02-10 14:00]
R3 SMBusHC;SMBus Host Controller;C:\WINDOWS\system32\DRIVERS\smbushc.sys [2008-02-10 14:00]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2004-12-02 15:54]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Softnyx\Rakion\Bin\GameGuard\dump_wmimmc.sys []
S3 MXIC9010;MXIC Generic USB Device Driver;C:\WINDOWS\system32\drivers\mxic9010.sys [2005-10-02 13:57]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-11-09 03:53]
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 XDva052;XDva052;C:\WINDOWS\system32\XDva052.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

*Newly Created Service* - CATCHME
.
排程工作資料夾的內容
"2008-07-06 10:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-07-07 13:44:18 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-06-10 07:50:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-01 07:50:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 22:24:47
Windows 5.1.2600 Service Pack 3 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
完成時間?: 2008-07-07 22:28:25
ComboFix-quarantined-files.txt 2008-07-07 14:28:20
ComboFix2.txt 2008-07-06 17:02:54

10 個目錄 19,901,947,904 位元組可用
13 個目錄 19,922,771,968 位元組可用

304 --- E O F --- 2008-07-07 14:19:08





Hijackthis Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:40:36, on 2008/7/7
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10332 bytes



By the way, recently I got a problem, after manually removed part of AntiVirXP08 files, not sure if I deleted away some important windows file...
When I click Windows Update, it keep on downloading and installing the same file over and over again. Even after several restart its still the same problem.
Is there something wrong ?...

Also is there any recommended free anti virus programme(not trail) ? Cause recently I found my Avast having some problem, so now only protected by windows fire wall..

Thanks Again,
Jason


PS from tomorrow onwards till Friday night, I might not be able to attend the next reply you post for some days as I will be busy over school stuff.

Thanks.
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 8th, 2008, 1:09 pm

Hello!

Looking at your results from your Uninstall key.I have few questions. Have you used any registry cleaners? or Have you removed any registry keys yourself from here HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall?.

When I click Windows Update, it keep on downloading and installing the same file over and over again. Even after several restart its still the same problem.Is there something wrong ?...


Could you tell me what files this is? This could be related o your uninstall registry key.

Also is there any recommended free anti virus programme(not trail) ? Cause recently I found my Avast having some problem, so now only protected by windows fire wall..


What are these problems that you are having with avast. Looking at your HijackThis log you are still running a avast? Avast is a excellent antivirus program. Also i advice you to have a antivirus programs installed for your protection.


PS from tomorrow onwards till Friday night, I might not be able to attend the next reply you post for some days as I will be busy over school stuff.


That is perfectly ok. Real life comes first.


Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.


Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  • Double click on mbam-setup.exe to install it.
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  • Select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items and click on Remove Selected.
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes' Anti-Malware
  • A fresh HijackThis Log ( after all the above has been done)
  • How are things running now ?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 10th, 2008, 8:24 am

Hey thanks, so far so good.

Quote:
When I click Windows Update, it keep on downloading and installing the same file over and over again. Even after several restart its still the same problem.Is there something wrong ?...


Could you tell me what files this is? This could be related o your uninstall registry key.


About the window updates that part, the file name is

: Microsoft XML Core Services 4.0 Service Pack 2

Er ya I did remove something from that once, as was infected by the AntiVirXP08, my desktop screen is just that virus's warning picture and desperately wanted to remove it.
Browsing google and found some tips, but not sure if remove wrongly...

What are these problems that you are having with avast. Looking at your HijackThis log you are still running a avast? Avast is a excellent antivirus program. Also i advice you to have a antivirus programs installed for your protection.


Er... Not sure when, but the Avast, I am not able to remove it from Add/Remove list, it's not listed there, also the uninstall icon is gone from the file itself in C Drive, hence I am suspecting something wrong about it... Also after going through so much, I agreed it's a good free Anti-virus but seem abit weak .. ( Maybe I am wrong ><). One more thing, I don't know click what and the auto protection is turned off, now it will not show in my icon tray, and something I need to click few times to activate Avast..

Malwarebytes' Anti-Malware

Select the Scanner tab.
Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


There is an error running the full system scan using the Malware Bytes..

This is the Error code: 731 (0,6)

Er recently, the my windows have been starting up slow... It took a while before it load finish and there is no desktop icons at all until Window Live Messenger pop out, when I close it then appear. Is there something wrong ?..

Also some icons in " My Favourite " had been change, not sure how and when but for example, this link : " Malware Remove "... should be a blue icon or something but it turn out to be gmail's icon. Then google.com become Msn's icon... I suppose there is some code interrupt or something...




Hijackthis Log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 08:19:20, on 2008/7/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/iason8/LOCALS~1/Temp/msohtml1/21/clip_image001.jpg

--
End of file - 11262 bytes


Er ya Thanks Again,
Jason
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 11th, 2008, 1:37 am

We need to use system restore to restore your system to earlier state. Before you tweaked your registry.

Use System Restore

You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or email) so you won't lose changes made to these files.

  • Click Start
  • Point to All Programs
  • Point to Accessories
  • Point to System Tools, and then click System Restore
  • On the Welcome screen, click Restore my computer to an earlier time, and then click Next
  • On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to. NOTE: This needs to be BEFORE you tweaked your registry.
  • Click Next
  • On the Confirm Restore Point Selection page, verify that the correct restore point is chosen, and then close any open programs
  • Click Next if you are ready to proceed or click Back to change the restore point
  • The computer will shut down automatically and reboot
  • On reboot, you'll see the Restoration Complete page, and then click OK

If System Restore doesn't work in Normal Mode, it might work in Safe Mode. To use System Restore in Safe Mode, press the F8 key during reboot and choose Safe Mode. When your computer starts in either Safe Mode or Normal Mode, System Restore can be used to capture a working previous state. System Restore can't be opened unless the system is bootable into one of these modes.


AFTER THE SYSTEM RESTORE HAS SUCCESFULL DO THESE STEPS

Install HijackThis if you dont already have it isntalled.

Download HijackThis

To get things going i need you to download HijackThis see the instructions below.

  • Click HERE to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Doubleclick on the HijackThis Installer icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.

DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • A fresh HijackThis Log ( after all the above has been done)
  • HijackThis Uninstall list
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 11th, 2008, 10:42 am

Hey there, thanks for the tip.

Er however my system restore only allow me to go back till 6 or 5th of July. If not wrong the action was done earlier than that...

Here is the Uninstall list :

Compatibility Pack for the 2007 Office system
DivX Web Player
EmoDio
EmoDio
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
GoToAssist 8.0.0.480
HijackThis 2.0.2
Java(TM) 6 Update 7
Lame ACM MP3 Codec
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft Visual C++ 2005 Redistributable
Mobius Rakion
Mozilla Firefox (2.0.0.15)
SingTel Wireless Connection Manager
SmartFix
Windows Defender
Windows XP 安全性更新 (KB951748) [ Saftey Renew ]
Windows XP 更新 (KB951978) [ Renew ]
XviD MPEG-4 Video Codec


HijackThis Log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:40:14, on 2008/7/11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Security\certtool.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ISS_Certtool] C:\Program Files\IBM\Security\certtool.exe
O4 - HKLM\..\Run: [IBM_PWMGR] C:\Program Files\IBM\Password Manager\pwmgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用 Mega 管理器下載連接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2627861491
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - Winlogon Notify: fsp_abwl - C:\WINDOWS\SYSTEM32\fsp_abwl.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/iason8/LOCALS~1/Temp/msohtml1/21/clip_image001.jpg

--
End of file - 11142 bytes



Thanks again,
Jason
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 12th, 2008, 11:47 am

Hello jasonst!

We are working on your problem but there might be a slight delay because i asking further advice.

Regards,

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Log File.. Need help

Unread postby jasonst » July 12th, 2008, 12:05 pm

Hi there,

Er ok I got the message, thanks for your effort that you have put in >.<

Best Regards,
Jason
jasonst
Regular Member
 
Posts: 17
Joined: July 5th, 2008, 2:43 am

Re: Log File.. Need help

Unread postby Bio-Hazard » July 12th, 2008, 1:11 pm

Hello Jason!

Have you made any backups before you edited your registry?

How is your computer running at the moment?

Could you please post a new HijackThis log?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 103 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware