Jump to content


Photo

tvmupdater


  • Please log in to reply
4 replies to this topic

#1 waterrrrat

waterrrrat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 25 June 2004 - 10:29 PM

i've run ad-aware, spybot, hijackthis and am using firefox, but tvmupdater keeps kicking in and slowing down my computer. what is it? where did it come from? i had it before i started using firefox.

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 26 June 2004 - 05:12 AM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 waterrrrat

waterrrrat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 26 June 2004 - 08:46 AM

Logfile of HijackThis v1.97.7
Scan saved at 8:32:37 AM, on 6/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.001\SYSTEM\KERNEL32.DLL
C:\WINDOWS.001\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.001\SYSTEM\SPOOL32.EXE
C:\WINDOWS.001\SYSTEM\MPREXE.EXE
C:\WINDOWS.001\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\WINDOWS.001\SYSTEM\HIDSERV.EXE
C:\WINDOWS.001\SYSTEM\PSTORES.EXE
C:\WINDOWS.001\SYSTEM\mmtask.tsk
C:\WINDOWS.001\EXPLORER.EXE
C:\WINDOWS.001\TASKMON.EXE
C:\WINDOWS.001\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.001\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS.001\SYSTEM\TFPFVAL.EXE
C:\WINDOWS.001\SYSTEM\CTFMON.EXE
C:\WINDOWS.001\SYSTEM\WMIEXE.EXE
C:\WINDOWS.001\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\WINWORD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\OUTLOOK.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS.001\PROFILES\SUSAIL\DESKTOP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://google.com/
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS.001\SRCHFST.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.001\SYSTEM\MSDXM.OCX
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS.001\SRCHFST.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.001\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.001\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS.001\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS.001\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS.001\SYSTEM\tfpfval.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunOnce: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - User Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: -
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Point Alert (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#4 waterrrrat

waterrrrat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 28 June 2004 - 02:39 PM

i know you specified hijackthis scans.... but i have several other mystery processes kicking in bogging down my computer that i did not see any reference to in the hijack this scan.

i haven't had a chance to search the forum to see if these others are mentioned already.... so i wiill do that later this week.

this is a trojan hunter scan the picked pu on the processes that start running and can not be "end task" ed by windows.


Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
Port 5180/TCP is open (matches Peeper.120) (Tell me more about port alerts...)
Memory scan
No trojans found in memory
File scan
Found possible trojan file: C:\WINDOWS.001\SYSTEM\tfpfval.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-sah-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\aud-acx1.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\ds1im.exe (SDBot) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-kw-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\augnew2.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-dmk-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-ikw-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-ez-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-ai-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\jgactfrm.exe (SDBot) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-tvm-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-ibis-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-bi-ss.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS.001\SYSTEM\mamma-dummy.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found trojan file: C:\WINDOWS.001\TEMP\THI4E1A.TMP\twaintec.dll (Bispy.100)
Found trojan file: C:\WINDOWS.001\TEMP\THI4E1A.TMP\polall1t.exe/CPm.exe (Adware.CallingHome.100)
Found trojan file: C:\WINDOWS.001\TEMP\IExploreSkins.exe (Rootkit.Morphine)
Found trojan file: C:\WINDOWS.001\Downloaded Program Files\CONFLICT.1\ISTactivex.dll (TrojanDownloader.IstBar.101)
Found trojan file: C:\WINDOWS.001\Downloaded Program Files\CONFLICT.1\ISTactivex.dll (TrojanDownloader.IstBar)
Found trojan file: C:\WINDOWS.001\TWAINTEC.DLL (Bispy.100)
Found trojan file: C:\Program Files\Common Files\SYSTEM\Mapi\1033\li-freeh00002.exe/yF9T44.exe (Dialer.DDial)
Found trojan file: C:\Program Files\Common Files\SYSTEM\Mapi\1033\li-freeh00002.exe (Dialer.DDial)
Found trojan file: C:\win98\tools\reskit\netadmin\pwledit\pwledit.exe (Password-stealing trojan)
Error: Directory not found: D:\
7 trojan files found
16 possible trojan files found

#5 waterrrrat

waterrrrat

    Member

  • New Member
  • Pip
  • 4 posts

Posted 28 June 2004 - 02:58 PM

i forgot mention that i sent an email to trojan hunter and it kept coming back as unsendable. it finally was sent so maybe the trojan hunter people will figure it out for me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button