PLEASE HELP ZAFI B

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:00 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/Land%20Desktop%203/AcDcToday.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/Land%20Desktop%203/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/Land%20Desktop%203/AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9037 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
TDSSserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found" <== DO NOT miss that step.
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer TWICE.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Then once the avenger is done, run this.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Click No for Optional Scan.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

thanks
thanks
thanks
thanks

for some reason i cnat get any of those links to work and my ie dies almost every time its a struggle to be able to type this any suggestions?

It even blocks the sendspace link?

Do you have another machine you can use and a memory stick?

i finally got avenger to work

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmhxt.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\svchost.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
Please post DDS log.
DDS links will work now the rootkit is gone.

DDS (Ver_09-01-07.01) - NTFSx86
Run by JnK at 17:28:35.78 on Fri 01/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1077 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\libusbd-nt.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JnK\Local Settings\Temporary Internet Files\Content.IE5\8MOYORK1\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: Web Test Recorder 9.0: {3c7adade-d1e8-45d2-bdcd-7f8d8b99b2a2} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Pinnacle Game Profiler] "c:\program files\kalinkosoft\pinnacle game profiler\pinnacle.exe" -atboottime
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPP Auto Loader] c:\windows\TPPALDR.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [wclock] "c:\documents and settings\jnk\application data\google\yfijv17721328.exe" 2
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-16 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-16 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-16 107272]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-7-30 33792]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2009-1-16 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2009-1-16 23296]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-16 298264]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R4 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2009-1-16 122880]
S3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [2007-6-14 9216]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2008-4-7 3869]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\jnk\locals~1\temp\jnv4_mib.sys --> c:\docume~1\jnk\locals~1\temp\jnv4_mib.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2009-1-16 249856]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-8-24 42512]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S3 XDva025;XDva025;\??\c:\windows\system32\xdva025.sys --> c:\windows\system32\XDva025.sys [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-16 903960]
S4 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [2007-6-14 10752]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S4 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe --> c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [?]

=============== Created Last 30 ================

2009-01-16 16:27 23,296 a------- c:\windows\system32\drivers\NaiFiltr.sys
2009-01-16 16:27 --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-01-16 16:27 341,064 a----r-- c:\windows\system32\mcinsctl.dll
2009-01-16 16:27 279,624 a----r-- c:\windows\system32\mcgdmgr.dll
2009-01-16 16:27 --d----- c:\program files\McAfee.com
2009-01-16 16:24 --d-h--- c:\windows\system32\GroupPolicy
2009-01-16 15:09 0 a------- c:\windows\system32\commonpriv.log.lock
2009-01-16 14:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-16 14:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-16 14:58 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-16 14:58 324,872 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-16 14:58 --d----- c:\windows\system32\drivers\Avg
2009-01-16 14:58 --d----- c:\program files\AVG
2009-01-16 14:58 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-16 08:19 54,477 a------- c:\windows\Sysvxd.exe
2009-01-14 20:07 2,204 a------- c:\windows\system32\TDSSfxwp.dll
2009-01-14 20:07 61,440 a------- c:\windows\system32\TDSScfum.dll
2009-01-14 20:07 31,232 a------- c:\windows\system32\TDSSriqp.dll
2009-01-14 20:07 29,696 a------- c:\windows\system32\TDSSnrsr.dll
2009-01-14 20:07 441 a------- c:\windows\system32\TDSSosvd.dat
2009-01-14 20:07 60,416 a------- c:\windows\system32\drivers\TDSSmhxt.sys
2009-01-14 20:07 35,840 a------- c:\windows\system32\TDSSofxh.dll
2009-01-14 17:20 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-14 17:20 1,409 a------- c:\windows\QTFont.for
2009-01-12 18:15 19,456 a------- c:\windows\system32\libusbd-9x.exe
2009-01-12 18:15 18,944 a------- c:\windows\system32\libusbd-nt.exe
2009-01-12 18:15 --d----- c:\program files\LibUSB-Win32-0.1.10.1
2009-01-12 17:26 --d----- c:\program files\KALiNKOsoft

==================== Find3M ====================

2009-01-12 17:59 119,296 a------- c:\windows\system32\zlib.dll
2008-12-01 14:35 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-12-01 14:13 3,452,928 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 12:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 12:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 12:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 12:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 12:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 12:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 12:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 12:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 12:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 12:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 12:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 12:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 12:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 11:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 11:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 11:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 11:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 11:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 11:51 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2008-12-01 11:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 11:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-12-01 11:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-10-30 06:45 180,720 a------- c:\windows\system32\atiicdxx.dat
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-21 10:51 118,784 a------- c:\windows\system32\atibrtmon.exe
2007-11-29 20:24 87,608 a------- c:\docume~1\jnk\applic~1\inst.exe
2007-11-29 20:24 47,360 a------- c:\docume~1\jnk\applic~1\pcouffin.sys
2001-10-05 08:53 21,866 a------- c:\program files\common files\tppupd2k.dll

============= FINISH: 17:29:31.67 ===============

dds worked thanks for the help ie is running way better now

thanks again for your help ....i hate the people that make these virus's

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :processes
  explorer.exe
  
  :services
  jnv4_mib
  
  :files
  c:\windows\Sysvxd.exe
  c:\windows\system32\TDSSfxwp.dll
  c:\windows\system32\TDSScfum.dll
  c:\windows\system32\TDSSriqp.dll
  c:\windows\system32\TDSSnrsr.dll
  c:\windows\system32\TDSSosvd.dat
  c:\windows\system32\drivers\TDSSmhxt.sys
  c:\windows\system32\TDSSofxh.dll
  c:\documents and settings\jnk\application data\google\*.*
  C:\avenger
  C:\avenger.txt
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "wclock"=-
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

sorry it worked

Last edited by jessehaysfl on 17th January 2009, 2:00 am; edited 1 time in total

Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service jnv4_mib stopped successfully.
Service jnv4_mib deleted successfully.
========== FILES ==========
c:\windows\Sysvxd.exe moved successfully.
LoadLibrary failed for c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSfxwp.dll NOT unregistered.
c:\windows\system32\TDSSfxwp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSScfum.dll NOT unregistered.
c:\windows\system32\TDSScfum.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSriqp.dll NOT unregistered.
c:\windows\system32\TDSSriqp.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSnrsr.dll NOT unregistered.
c:\windows\system32\TDSSnrsr.dll moved successfully.
c:\windows\system32\TDSSosvd.dat moved successfully.
c:\windows\system32\drivers\TDSSmhxt.sys moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSofxh.dll NOT unregistered.
c:\windows\system32\TDSSofxh.dll moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\jnk\application data\google\mjkspc.dll
c:\documents and settings\jnk\application data\google\mjkspc.dll NOT unregistered.
c:\documents and settings\jnk\application data\google\mjkspc.dll moved successfully.
c:\documents and settings\jnk\application data\google\yfijv17721328.exe moved successfully.
C:\Avenger moved successfully.
C:\avenger.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wclock deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_175050

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

am i ok now?

I think so.
What problems remain?

it seems like its all fixed THANK YOU VERY MUCH

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.