GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

PLEASE HELP ZAFI B

View previous topic View next topic Go down

Solved PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 7:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:00 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - [You must be registered and logged in to see this link.]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - [You must be registered and logged in to see this link.] - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9037 bytes

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Fri Jan 16, 2009 7:55 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
TDSSserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found" <== DO NOT miss that step.
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer TWICE.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.

Then once the avenger is done, run this.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 7:59 pm

thanks
thanks
thanks
thanks

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:14 pm

for some reason i cnat get any of those links to work and my ie dies almost every time its a struggle to be able to type this any suggestions?

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Fri Jan 16, 2009 8:19 pm

It even blocks the sendspace link?

Do you have another machine you can use and a memory stick?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:26 pm

i finally got avenger to work

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:27 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmhxt.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Fri Jan 16, 2009 8:30 pm

Hello.
Please post DDS log.
DDS links will work now the rootkit is gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:31 pm

DDS (Ver_09-01-07.01) - NTFSx86
Run by JnK at 17:28:35.78 on Fri 01/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1077 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\libusbd-nt.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JnK\Local Settings\Temporary Internet Files\Content.IE5\8MOYORK1\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Pinnacle Game Profiler] "c:\program files\kalinkosoft\pinnacle game profiler\pinnacle.exe" -atboottime
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPP Auto Loader] c:\windows\TPPALDR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [wclock] "c:\documents and settings\jnk\application data\google\yfijv17721328.exe" 2
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-16 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-16 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-16 107272]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-7-30 33792]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2009-1-16 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-1-16 23296]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-16 298264]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2009-1-16 122880]
S3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [2007-6-14 9216]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2008-4-7 3869]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\jnk\locals~1\temp\jnv4_mib.sys --> c:\docume~1\jnk\locals~1\temp\jnv4_mib.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-1-16 249856]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-8-24 42512]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S3 XDva025;XDva025;\??\c:\windows\system32\xdva025.sys --> c:\windows\system32\XDva025.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-16 903960]
S4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [2007-6-14 10752]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S4 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe --> c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [?]

=============== Created Last 30 ================

2009-01-16 16:27 23,296 a------- c:\windows\system32\drivers\NaiFiltr.sys
2009-01-16 16:27 --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-01-16 16:27 341,064 a----r-- c:\windows\system32\mcinsctl.dll
2009-01-16 16:27 279,624 a----r-- c:\windows\system32\mcgdmgr.dll
2009-01-16 16:27 --d----- c:\program files\McAfee.com
2009-01-16 16:24 --d-h--- c:\windows\system32\GroupPolicy
2009-01-16 15:09 0 a------- c:\windows\system32\commonpriv.log.lock
2009-01-16 14:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-16 14:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-16 14:58 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-16 14:58 324,872 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-16 14:58 --d----- c:\windows\system32\drivers\Avg
2009-01-16 14:58 --d----- c:\program files\AVG
2009-01-16 14:58 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-16 08:19 54,477 a------- c:\windows\Sysvxd.exe
2009-01-14 20:07 2,204 a------- c:\windows\system32\TDSSfxwp.dll
2009-01-14 20:07 61,440 a------- c:\windows\system32\TDSScfum.dll
2009-01-14 20:07 31,232 a------- c:\windows\system32\TDSSriqp.dll
2009-01-14 20:07 29,696 a------- c:\windows\system32\TDSSnrsr.dll
2009-01-14 20:07 441 a------- c:\windows\system32\TDSSosvd.dat
2009-01-14 20:07 60,416 a------- c:\windows\system32\drivers\TDSSmhxt.sys
2009-01-14 20:07 35,840 a------- c:\windows\system32\TDSSofxh.dll
2009-01-14 17:20 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-14 17:20 1,409 a------- c:\windows\QTFont.for
2009-01-12 18:15 19,456 a------- c:\windows\system32\libusbd-9x.exe
2009-01-12 18:15 18,944 a------- c:\windows\system32\libusbd-nt.exe
2009-01-12 18:15 --d----- c:\program files\LibUSB-Win32-0.1.10.1
2009-01-12 17:26 --d----- c:\program files\KALiNKOsoft

==================== Find3M ====================

2009-01-12 17:59 119,296 a------- c:\windows\system32\zlib.dll
2008-12-01 14:35 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-12-01 14:13 3,452,928 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 12:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 12:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 12:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 12:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 12:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 12:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 12:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 12:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 12:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 12:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 12:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 12:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 12:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 11:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 11:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 11:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 11:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 11:51 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2008-12-01 11:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 11:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-12-01 11:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-10-30 06:45 180,720 a------- c:\windows\system32\atiicdxx.dat
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-21 10:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2007-11-29 20:24 87,608 a------- c:\docume~1\jnk\applic~1\inst.exe
2007-11-29 20:24 47,360 a------- c:\docume~1\jnk\applic~1\pcouffin.sys
2001-10-05 08:53 21,866 a------- c:\program files\common files\tppupd2k.dll

============= FINISH: 17:29:31.67 ===============

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:31 pm

dds worked thanks for the help ie is running way better now

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:35 pm

thanks again for your help ....i hate the people that make these virus's

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Fri Jan 16, 2009 8:43 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :services
    jnv4_mib

    :files
    c:\windows\Sysvxd.exe
    c:\windows\system32\TDSSfxwp.dll
    c:\windows\system32\TDSScfum.dll
    c:\windows\system32\TDSSriqp.dll
    c:\windows\system32\TDSSnrsr.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\drivers\TDSSmhxt.sys
    c:\windows\system32\TDSSofxh.dll
    c:\documents and settings\jnk\application data\google\*.*
    C:\avenger
    C:\avenger.txt

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wclock"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:52 pm

sorry it worked


Last edited by jessehaysfl on Fri Jan 16, 2009 9:00 pm; edited 1 time in total

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 8:59 pm

Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service jnv4_mib stopped successfully.
Service jnv4_mib deleted successfully.
========== FILES ==========
c:\windows\Sysvxd.exe moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSfxwp.dll NOT unregistered.
c:\windows\system32\TDSSfxwp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSScfum.dll NOT unregistered.
c:\windows\system32\TDSScfum.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSriqp.dll NOT unregistered.
c:\windows\system32\TDSSriqp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSnrsr.dll NOT unregistered.
c:\windows\system32\TDSSnrsr.dll moved successfully.
c:\windows\system32\TDSSosvd.dat moved successfully.
c:\windows\system32\drivers\TDSSmhxt.sys moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSofxh.dll NOT unregistered.
c:\windows\system32\TDSSofxh.dll moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\jnk\application data\google\mjkspc.dll
c:\documents and settings\jnk\application data\google\mjkspc.dll NOT unregistered.
c:\documents and settings\jnk\application data\google\mjkspc.dll moved successfully.
c:\documents and settings\jnk\application data\google\yfijv17721328.exe moved successfully.
C:\Avenger moved successfully.
C:\avenger.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_175050

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 9:37 pm

am i ok now?

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Fri Jan 16, 2009 10:04 pm

I think so.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by jessehaysfl on Fri Jan 16, 2009 10:46 pm

it seems like its all fixed THANK YOU VERY MUCH

jessehaysfl
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-01-16
OS : win xp
Points : 28780
# Likes : 0

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Belahzur on Sat Jan 17, 2009 6:36 am

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Solved Re: PLEASE HELP ZAFI B

Post by Doctor Inferno on Sat Apr 18, 2009 6:55 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64
Points : 104574
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum