 |  |  |  |  |  |  |  |
Cannot log in several scanner.
 |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
That code is for Generic Potentially Unwanted Pgm, an as-yet unidentifed malicious software..
Can you connect to one of these sites now, with TDSSServ disabled?
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
If you can not connect and dl that file, then try this instead:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Can you connect to one of these sites now, with TDSSServ disabled?
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebyt...are_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
If you can not connect and dl that file, then try this instead:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Last edited by gerbil; Dec 4th, 2008 at 10:37 am.
Deep, deep in the woods, but walking about.
Hi gerbil.Seems that I can log in to Major Geeks,but couldn't download Malwarebytes.For besttechie,it returns 404 not found.So,I'm now trying to d/load bleepingcomputer.com,but it takes a while.I don't know why,but the d/load speed is very slow.I'll get back to you soon as I finish accomplish all the instruction you gave me.Thanks.
Hello gerbil,I've just finish scanning using Combofix.It takes quite a while,but I manage to complete it as you asked me to do.Here's the log - ComboFix 08-12-03.04 - sam08 2008-12-04 23:56:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1614 [GMT 8:00]
Running from: c:\documents and settings\sam08\Desktop\comfix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Drivers\TDSSmxoe.sys
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\TDSScixx.dll
c:\windows\system32\TDSSmhxw.dll
c:\windows\system32\TDSSmtpe.dat
c:\windows\system32\TDSSncur.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSqxtx.dll
c:\windows\system32\TDSSwgod.log
c:\windows\system32\TDSSyavu.dll
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-02 22:46 . 2008-12-02 22:46 <DIR> d-------- C:\Deckard
2008-12-02 18:20 . 2008-04-14 08:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-02 18:20 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-12-02 18:20 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-12-02 18:20 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-02 18:20 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-02 18:20 . 2008-04-14 02:46 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-12-02 18:20 . 2008-04-14 08:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-02 18:20 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2008-12-02 18:20 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-02 18:20 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-12-02 18:18 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2008-12-02 18:17 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-02 18:16 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-02 18:15 . 2008-04-14 08:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-02 18:14 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-02 18:13 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-02 18:12 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-02 18:11 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2008-11-30 12:36 . 2008-12-04 21:36 2,259 --a------ c:\windows\system32\TDSSnrsr.dll
2008-11-30 12:28 . 2008-11-30 12:28 104,448 --a------ c:\windows\system32\winhlp.exe
2008-11-30 12:24 . 2008-11-30 12:25 2 --a------ C:\1151076018
2008-11-29 20:37 . 2008-11-29 22:45 <DIR> d-------- c:\documents and settings\sam08\Application Data\vlc
2008-11-28 17:42 . 2008-11-28 17:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-28 17:25 . 2008-11-28 17:25 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-28 16:10 . 2008-11-28 17:44 <DIR> d-------- c:\program files\Java
2008-11-28 16:10 . 2008-11-28 17:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 20:43 . 2008-11-25 20:43 <DIR> d-------- c:\program files\CCleaner
2008-11-23 10:43 . 2008-11-23 10:43 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-23 10:43 . 2005-03-25 13:10 139,776 --a------ c:\windows\system32\CNMLM76.DLL
2008-11-23 10:43 . 2005-03-09 02:17 90,112 -ra------ c:\windows\system32\CNMCP76.exe
2008-11-23 10:43 . 2005-03-25 13:00 8,704 --a------ c:\windows\system32\CNMVS76.DLL
2008-11-23 10:37 . 2008-04-14 02:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-23 10:37 . 2008-04-14 02:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-22 14:14 . 2008-11-30 18:15 <DIR> d-------- c:\documents and settings\sam08\Application Data\dvdcss
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\scripting
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\en
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\bits
2008-11-17 00:17 . 2008-11-17 00:17 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-16 01:18 . 2008-11-16 01:18 <DIR> d--h----- c:\windows\PIF
2008-11-15 22:33 . 2008-12-04 09:57 <DIR> d-------- c:\documents and settings\sam08\.tfo3
2008-11-15 22:32 . 2008-12-04 09:57 <DIR> d-------- c:\program files\ThinkFree Office
2008-11-15 17:39 . 2008-11-15 17:39 <DIR> d-------- c:\documents and settings\sam08\Application Data\Media Player Classic
2008-11-15 07:25 . 2008-04-14 08:12 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-15 07:24 . 2008-04-14 08:11 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-13 18:41 . 2008-11-13 18:41 <DIR> d-------- c:\program files\ConvertHelper
2008-11-13 15:58 . 2008-11-13 15:58 <DIR> d-------- c:\program files\IObit
2008-11-13 14:04 . 2008-11-13 14:19 <DIR> d-------- c:\program files\BitComet
2008-11-13 12:54 . 2008-11-13 13:23 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-13 03:02 . 2008-11-13 03:02 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-13 03:01 . 2008-12-02 20:40 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-13 03:01 . 2008-11-13 03:01 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 03:00 . 2004-08-04 07:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 03:00 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-12 19:34 . 2008-11-12 19:34 <DIR> d-------- c:\documents and settings\sam08\dwhelper
2008-11-12 19:34 . 2008-11-12 19:34 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-12 18:35 . 2008-11-12 18:35 <DIR> d-------- c:\documents and settings\sam08\Application Data\Malwarebytes
2008-11-12 18:28 . 2008-11-12 18:28 <DIR> d-------- c:\documents and settings\sam08\WINDOWS
2008-11-12 17:19 . 2008-11-12 17:19 <DIR> d-------- c:\documents and settings\sam08\Application Data\TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 05:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-02 05:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-02 05:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 14:19 --------- d-----w c:\program files\McAfee
2008-11-12 14:15 --------- d-----w c:\program files\Google
2008-11-12 13:45 --------- d-----w c:\program files\Trend Micro
2008-11-12 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-12 11:02 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-12 11:00 --------- d-----w c:\program files\Common Files\McAfee
2008-11-12 10:59 --------- d-----w c:\program files\McAfee.com
2008-11-12 10:41 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-12 10:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 10:39 --------- d-----w c:\program files\VideoLAN
2008-11-12 10:38 --------- d-----w c:\program files\DivX
2008-11-12 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 10:29 --------- d-----w c:\program files\TM Net
2008-11-12 10:29 --------- d-----w c:\program files\Common Files\FTL Shared
2008-11-12 10:25 11 ----a-w C:\SelfTests.dat
2008-11-12 10:23 --------- d-----w c:\program files\WinPcap
2008-11-12 09:19 --------- d-----w c:\program files\Marvell
2008-11-12 08:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-12 08:26 --------- d-----w c:\program files\microsoft frontpage
2008-11-12 08:22 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"%FP%TM Net fts.exe"="c:\program files\TM Net\tmnet streamyx dialer\fts.exe" [2004-01-07 77312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"nwiz"="nwiz.exe" [2008-01-09 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7-11"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17182:TCP"= 17182:TCP:BitComet 17182 TCP
"17182:UDP"= 17182:UDP:BitComet 17182 UDP
"10920:TCP"= 10920:TCP:BitComet 10920 TCP
"10920:UDP"= 10920:UDP:BitComet 10920 UDP
"14531:TCP"= 14531:TCP:BitComet 14531 TCP
"14531:UDP"= 14531:UDP:BitComet 14531 UDP
"21508:TCP"= 21508:TCP:BitComet 21508 TCP
"21508:UDP"= 21508:UDP:BitComet 21508 UDP
"27182:TCP"= 27182:TCP:BitComet 27182 TCP
"27182:UDP"= 27182:UDP:BitComet 27182 UDP
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-12 203280]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FireFox -: Profile - c:\documents and settings\sam08\Application Data\Mozilla\Firefox\Profiles\sppmb9tg.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 23:59:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(580)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-05 0:01:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 16:01:31
Pre-Run: 9,544,310,784 bytes free
Post-Run: 9,515,438,080 bytes free
237 --- E O F --- 2008-12-02 12:40:57
Hope we'll get all this over soon.Is there anything else,just tell me. I really appreciate your helpful efforts.Thank you.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1614 [GMT 8:00]
Running from: c:\documents and settings\sam08\Desktop\comfix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\crypts.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Drivers\TDSSmxoe.sys
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\TDSScixx.dll
c:\windows\system32\TDSSmhxw.dll
c:\windows\system32\TDSSmtpe.dat
c:\windows\system32\TDSSncur.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSqxtx.dll
c:\windows\system32\TDSSwgod.log
c:\windows\system32\TDSSyavu.dll
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_NPF
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-02 22:46 . 2008-12-02 22:46 <DIR> d-------- C:\Deckard
2008-12-02 18:20 . 2008-04-14 08:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-02 18:20 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-12-02 18:20 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-12-02 18:20 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-02 18:20 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-02 18:20 . 2008-04-14 02:46 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-12-02 18:20 . 2008-04-14 08:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-02 18:20 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2008-12-02 18:20 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-02 18:20 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-12-02 18:18 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2008-12-02 18:17 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-02 18:16 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-12-02 18:15 . 2008-04-14 08:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-02 18:14 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-12-02 18:13 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-12-02 18:12 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-12-02 18:11 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2008-11-30 12:36 . 2008-12-04 21:36 2,259 --a------ c:\windows\system32\TDSSnrsr.dll
2008-11-30 12:28 . 2008-11-30 12:28 104,448 --a------ c:\windows\system32\winhlp.exe
2008-11-30 12:24 . 2008-11-30 12:25 2 --a------ C:\1151076018
2008-11-29 20:37 . 2008-11-29 22:45 <DIR> d-------- c:\documents and settings\sam08\Application Data\vlc
2008-11-28 17:42 . 2008-11-28 17:41 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-28 17:25 . 2008-11-28 17:25 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-28 16:10 . 2008-11-28 17:44 <DIR> d-------- c:\program files\Java
2008-11-28 16:10 . 2008-11-28 17:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-25 20:43 . 2008-11-25 20:43 <DIR> d-------- c:\program files\CCleaner
2008-11-23 10:43 . 2008-11-23 10:43 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-23 10:43 . 2005-03-25 13:10 139,776 --a------ c:\windows\system32\CNMLM76.DLL
2008-11-23 10:43 . 2005-03-09 02:17 90,112 -ra------ c:\windows\system32\CNMCP76.exe
2008-11-23 10:43 . 2005-03-25 13:00 8,704 --a------ c:\windows\system32\CNMVS76.DLL
2008-11-23 10:37 . 2008-04-14 02:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-23 10:37 . 2008-04-14 02:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-22 14:14 . 2008-11-30 18:15 <DIR> d-------- c:\documents and settings\sam08\Application Data\dvdcss
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\scripting
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\en
2008-11-17 00:19 . 2008-11-17 00:19 <DIR> d-------- c:\windows\system32\bits
2008-11-17 00:17 . 2008-11-17 00:17 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-16 01:18 . 2008-11-16 01:18 <DIR> d--h----- c:\windows\PIF
2008-11-15 22:33 . 2008-12-04 09:57 <DIR> d-------- c:\documents and settings\sam08\.tfo3
2008-11-15 22:32 . 2008-12-04 09:57 <DIR> d-------- c:\program files\ThinkFree Office
2008-11-15 17:39 . 2008-11-15 17:39 <DIR> d-------- c:\documents and settings\sam08\Application Data\Media Player Classic
2008-11-15 07:25 . 2008-04-14 08:12 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-15 07:24 . 2008-04-14 08:11 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-13 18:41 . 2008-11-13 18:41 <DIR> d-------- c:\program files\ConvertHelper
2008-11-13 15:58 . 2008-11-13 15:58 <DIR> d-------- c:\program files\IObit
2008-11-13 14:04 . 2008-11-13 14:19 <DIR> d-------- c:\program files\BitComet
2008-11-13 12:54 . 2008-11-13 13:23 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-13 03:02 . 2008-11-13 03:02 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-13 03:01 . 2008-12-02 20:40 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-13 03:01 . 2008-11-13 03:01 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 03:00 . 2004-08-04 07:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-13 03:00 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-12 19:34 . 2008-11-12 19:34 <DIR> d-------- c:\documents and settings\sam08\dwhelper
2008-11-12 19:34 . 2008-11-12 19:34 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-12 18:35 . 2008-11-12 18:35 <DIR> d-------- c:\documents and settings\sam08\Application Data\Malwarebytes
2008-11-12 18:28 . 2008-11-12 18:28 <DIR> d-------- c:\documents and settings\sam08\WINDOWS
2008-11-12 17:19 . 2008-11-12 17:19 <DIR> d-------- c:\documents and settings\sam08\Application Data\TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 05:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-02 05:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-02 05:09 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 14:19 --------- d-----w c:\program files\McAfee
2008-11-12 14:15 --------- d-----w c:\program files\Google
2008-11-12 13:45 --------- d-----w c:\program files\Trend Micro
2008-11-12 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-12 11:02 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-12 11:00 --------- d-----w c:\program files\Common Files\McAfee
2008-11-12 10:59 --------- d-----w c:\program files\McAfee.com
2008-11-12 10:41 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-12 10:40 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 10:39 --------- d-----w c:\program files\VideoLAN
2008-11-12 10:38 --------- d-----w c:\program files\DivX
2008-11-12 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 10:29 --------- d-----w c:\program files\TM Net
2008-11-12 10:29 --------- d-----w c:\program files\Common Files\FTL Shared
2008-11-12 10:25 11 ----a-w C:\SelfTests.dat
2008-11-12 10:23 --------- d-----w c:\program files\WinPcap
2008-11-12 09:19 --------- d-----w c:\program files\Marvell
2008-11-12 08:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-12 08:26 --------- d-----w c:\program files\microsoft frontpage
2008-11-12 08:22 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"%FP%TM Net fts.exe"="c:\program files\TM Net\tmnet streamyx dialer\fts.exe" [2004-01-07 77312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"nwiz"="nwiz.exe" [2008-01-09 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7-11"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17182:TCP"= 17182:TCP:BitComet 17182 TCP
"17182:UDP"= 17182:UDP:BitComet 17182 UDP
"10920:TCP"= 10920:TCP:BitComet 10920 TCP
"10920:UDP"= 10920:UDP:BitComet 10920 UDP
"14531:TCP"= 14531:TCP:BitComet 14531 TCP
"14531:UDP"= 14531:UDP:BitComet 14531 UDP
"21508:TCP"= 21508:TCP:BitComet 21508 TCP
"21508:UDP"= 21508:UDP:BitComet 21508 UDP
"27182:TCP"= 27182:TCP:BitComet 27182 TCP
"27182:UDP"= 27182:UDP:BitComet 27182 UDP
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-12 203280]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2008-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FireFox -: Profile - c:\documents and settings\sam08\Application Data\Mozilla\Firefox\Profiles\sppmb9tg.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 23:59:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(580)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-05 0:01:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 16:01:31
Pre-Run: 9,544,310,784 bytes free
Post-Run: 9,515,438,080 bytes free
237 --- E O F --- 2008-12-02 12:40:57
Hope we'll get all this over soon.Is there anything else,just tell me. I really appreciate your helpful efforts.Thank you.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Sham, please delete these files:
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\winhlp.exe
c:\documents and settings\sam08\.tfo3
This is a good delete tool if you require it:
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
But they should delete in Safe Mode, if not normal mode. Tell me if you cannot find any of them.
Now try to folow the MBAM instructions. Do a quick scan, then follow with a hijackthis log, please.
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\winhlp.exe
c:\documents and settings\sam08\.tfo3
This is a good delete tool if you require it:
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
But they should delete in Safe Mode, if not normal mode. Tell me if you cannot find any of them.
Now try to folow the MBAM instructions. Do a quick scan, then follow with a hijackthis log, please.
Last edited by gerbil; Dec 4th, 2008 at 8:38 pm.
Deep, deep in the woods, but walking about.
Hi gerbil,I can't find the 3 files: c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\winhlp.exe
c:\documents and settings\sam08\.tfo3
As for MBAM,as I told you,I only can enter the website Master Geek, but I can't download the application.What should I do now?
c:\windows\system32\winhlp.exe
c:\documents and settings\sam08\.tfo3
As for MBAM,as I told you,I only can enter the website Master Geek, but I can't download the application.What should I do now?
Sorry gerbil.I have deleted all the files that you ask me to.And here is HJT log- Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:59 AM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841AAABE-BD17-4865-A202-0C7938A8C935}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8045 bytes
Scan saved at 10:21:59 AM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{841AAABE-BD17-4865-A202-0C7938A8C935}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8045 bytes
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Sham... sorry.. this c:\documents and settings\sam08\.tfo3 is actually a folder .tfo3. Delete that folder.
So how is web access now?
So how is web access now?
Deep, deep in the woods, but walking about.
Hello gerbil.Sorry for not replying to your last message.I was away to my brothers,and unfortunately there was no Internet connection at his place.About my problem,I am going to reformat my PC.It's the best way that I should do,because there still problems after problems arise.Seems there's no solution.By the way,for all this time,I would like to thank you for your endless efforts.I really appreciate it.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Okay, sham, you are at the sharp end, experience what I cannot see. Sorry I could not help further.
Deep, deep in the woods, but walking about.
Hi gerbil,thanks for your reply.I think it will be the right move to make. Since the last time I deleted the files and folders,there were mess in the registry system (several program stopped working).I don't know what has happened and I began frustrated and tired of all these.But you were a great help during the period and maybe it have to be end like these.One thing that obvious to me is there will always help from Daniweb.com.You guys really rock.Thanks.
|
Similar Threads
- hijackthis log... what to delete?? (Viruses, Spyware and other Nasties)
- Online hijackthis log scanner (Viruses, Spyware and other Nasties)
- another bridgedll. error and also hijackthis log (Viruses, Spyware and other Nasties)
- Hijack Log... Tryed everything I can think of. (Viruses, Spyware and other Nasties)
- Any bad lines in my log? (Viruses, Spyware and other Nasties)
- HijackThis log - need to know what to do next (Viruses, Spyware and other Nasties)
- Hijack this log (Viruses, Spyware and other Nasties)
- Hijackthis log (Viruses, Spyware and other Nasties)
- hijackthis log (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Antivirus 2009 downloader + pop ups
- Next Thread: Search Engine Virus on my Comp
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday