EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Need help removing Win32:Trojan-Gen{Other} and maybe other virus's if present

Posted 7/17/2008 10:31 PM
#63746
User avatar

xPreatorianx Member

Date Joined Nov 2016
Total Posts: 3
Hello I am infected with this Trojan and maybe a few others. It was reported by AVAST. I would like to completely remove all virus's and Trojans from my computer if more then this one. Here is my HijackThisLog.
Iam also infected with HackTool on these 2 files

E:\Program Files\TC UP\PLUGINS\Tools\Revelation\Revelation.exe
E:\Program Files\TC UP\PLUGINS\Tools\Revelation\RevelationHelper.dll

How do I delete without coruppting the program?



HijackThisLog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:32 PM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\Rundll32.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Tyler\My Documents\My Completed Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\RunOnce: [MISPInst] "C:\Documents and Settings\Tyler\Local Settings\Temp\McAfeeInstall\Install.exe" /RemoveSetupFiles /Resume /Restart /Resume /Restart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Posted 7/18/2008 5:02 AM
#63751
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:




Click here - ->> [color=#0000ff>https://www.bullguard.com/forum/14/Before-posting-a-log_43561.html[/b]





After You have run the scan tools -



Reboot normally



Post Hijackthis log along with SuperAntiSpyware log, C: combofix TXT in this topic



Please copy and paste your log. DO NOT add it as an attachment

Kindly do not annotate or format the log with color or font changes.



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

[/color]




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/18/2008 3:49 PM
#63771
User avatar

xPreatorianx Member

Date Joined Nov 2016
Total Posts: 3
Ok Here are all the logs. I noticed the single Trojan infection that superantispyware found might have been a false positive but I still removed it anyway. Here are all the logs.


==========HiJackThisLog============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:36 AM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\nHancer\nHancer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Documents and Settings\Tyler\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 8082 bytes


========Combo Fix log===========

ComboFix 08-07-17.4 - Tyler 2008-07-18 11:39:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1578 [GMT -4:00]
Running from: C:\Documents and Settings\Tyler\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\Packet.dll
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\tmp66.tmp
C:\Windows\system32\tmp67.tmp
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-18 10:50 . 2008-07-18 10:50 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-18 10:49 . 2008-07-18 10:49 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-18 10:49 . 2008-07-18 10:49 d-------- C:\Documents and Settings\Tyler\Application Data\SUPERAntiSpyware.com
2008-07-17 16:40 . 2008-07-17 16:40 d-------- C:\Documents and Settings\Tyler\.housecall6.6
2008-07-17 15:41 . 2008-07-17 15:41 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-17 14:28 . 2008-07-17 14:28 0 --a------ C:\WINDOWS\Irremote.ini
2008-07-16 22:47 . 2008-07-16 22:47 d-------- C:\kav
2008-07-16 22:10 . 2008-07-16 23:10 344,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-16 22:10 . 2008-07-16 23:10 7,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-16 22:10 . 2008-07-16 23:10 4,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-16 22:10 . 2008-07-16 23:10 2,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-16 22:09 . 2008-07-16 22:09 d-------- C:\Documents and Settings\Tyler\Application Data\Thinstall
2008-07-16 21:14 . 2008-07-16 21:14 d-------- C:\Documents and Settings\Tyler\Application Data\Apple Computer
2008-07-16 20:53 . 2008-07-16 20:54 d-------- C:\Program Files\QuickTime
2008-07-16 20:53 . 2008-07-16 20:53 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 20:52 . 2008-07-16 20:52 d-------- C:\Program Files\Apple Software Update
2008-07-16 20:52 . 2008-07-16 20:52 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-16 20:30 . 2008-07-16 20:30 36 --a------ C:\WINDOWS\system32\m4p.dat
2008-07-16 17:39 . 2008-07-16 17:39 d-------- C:\Program Files\Alwil Software
2008-07-16 15:27 . 2008-07-16 16:20 d-------- C:\Program Files\mIRC
2008-07-16 15:27 . 2008-07-16 17:15 d-------- C:\Documents and Settings\Tyler\Application Data\mIRC
2008-07-16 13:08 . 2008-07-16 13:08 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-16 13:08 . 2008-06-18 16:37 2,045,459 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-07-16 13:08 . 2008-07-04 02:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-16 13:08 . 2004-01-25 12:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-16 13:08 . 2008-06-12 14:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-16 13:08 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-16 13:08 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-16 11:35 . 2008-07-16 20:34 d-------- C:\Program Files\DivX
2008-07-15 22:32 . 2008-07-16 17:49 d-------- C:\Program Files\SubMagic
2008-07-15 22:25 . 2008-07-15 22:25 d-------- C:\Program Files\SubtitleCreator
2008-07-15 22:22 . 2008-07-16 13:02 d-------- C:\Program Files\AviSynth 2.5
2008-07-15 22:22 . 2008-07-15 22:24 d-------- C:\Program Files\Aegisub
2008-07-15 22:20 . 2008-07-15 22:20 d-------- C:\Program Files\TimeAdjuster
2008-07-15 22:12 . 2008-07-15 22:12 303 --a------ C:\WINDOWS\ST6UNST.006
2008-07-15 22:11 . 2008-07-15 22:11 303 --a------ C:\WINDOWS\ST6UNST.005
2008-07-15 22:11 . 2008-07-15 22:11 303 --a------ C:\WINDOWS\ST6UNST.004
2008-07-15 20:03 . 2002-09-16 02:50 233,632 -rah----- C:\NTLDR
2008-07-15 17:50 . 2008-07-15 17:50 d--h----- C:\WINDOWS\PIF
2008-07-10 17:05 . 2008-07-10 17:05 303 --a------ C:\WINDOWS\ST6UNST.003
2008-07-10 17:05 . 2008-07-10 17:05 303 --a------ C:\WINDOWS\ST6UNST.002
2008-07-10 16:35 . 2008-07-13 17:26 d-------- C:\Documents and Settings\Tyler\Application Data\XnView
2008-07-09 18:10 . 2008-07-09 18:10 d-------- C:\Documents and Settings\Tyler\Application Data\HEXelon
2008-07-07 18:44 . 2008-07-07 18:44 303 --a------ C:\WINDOWS\ST6UNST.001
2008-07-07 18:44 . 2008-07-07 18:44 303 --a------ C:\WINDOWS\ST6UNST.000
2008-06-27 16:53 . 2008-06-27 16:53 d-------- C:\Program Files\DVDInfoPro
2008-06-27 15:43 . 2008-06-27 15:43 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-27 15:42 . 2008-06-27 15:42 d-------- C:\Program Files\SlySoft
2008-06-27 15:42 . 2008-06-27 15:42 0 ---hs---- C:\WINDOWS\SB2DAFF17.tmp
2008-06-25 13:20 . 2008-06-26 16:40 d-------- C:\Program Files\Hide Folders XP 2
2008-06-25 13:20 . 2007-01-23 01:26 17,264 --a------ C:\WINDOWS\system32\drivers\hfxp2.sys
2008-06-24 20:36 . 2008-06-24 20:37 d-------- C:\Program Files\Free Hide Folder
2008-06-24 20:36 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-24 20:36 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 16:06 . 2008-06-24 16:06 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-06-18 13:52 . 2008-06-18 13:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 14:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 14:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 18:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-17 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-17 17:02 --------- d-----w C:\Documents and Settings\Tyler\Application Data\uTorrent
2008-07-17 16:03 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-07-17 00:35 --------- d-----w C:\Documents and Settings\Tyler\Application Data\DivX
2008-07-16 17:06 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2008-07-16 02:12 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-07-16 02:12 249,856 ------w C:\Windows\Setup1.exe
2008-07-10 18:16 --------- d-----w C:\Program Files\Lx_cats
2008-07-07 22:45 --------- d-----w C:\Program Files\SubSync
2008-06-27 19:44 --------- d-----w C:\Program Files\FlashGet
2008-06-25 16:27 --------- d-----w C:\Program Files\DAP
2008-06-25 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:01 --------- d-----w C:\Program Files\Paint.NET
2008-06-17 17:26 --------- d-----w C:\Documents and Settings\Tyler\Application Data\InstallShield Installation Information
2008-06-17 17:11 --------- d-----w C:\Program Files\DIFX
2008-06-17 17:11 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-16 23:49 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Skype
2008-06-16 23:02 --------- d-----w C:\Documents and Settings\Tyler\Application Data\skypePM
2008-06-12 22:31 --------- d-----w C:\Program Files\Marvell
2008-06-11 00:07 9,464 ------w C:\Windows\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\Windows\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\Windows\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\Windows\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\Windows\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\Windows\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\Windows\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\Windows\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\system32\libdivx.dll
2008-06-09 18:58 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Media Player Classic
2008-06-09 01:13 587,776 ----a-w C:\Windows\system32\advert.dll
2008-06-08 19:44 --------- d-----w C:\Program Files\Blaze Media Pro
2008-06-08 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\{737AEA7B-5AB3-4A1C-BC5A-EAAB803F2D97}
2008-06-08 13:37 132,904 ----a-w C:\Windows\system32\drivers\imagesrv.sys
2008-06-08 13:37 11,304 ----a-w C:\Windows\system32\drivers\imagedrv.sys
2008-06-06 22:42 --------- d-----w C:\Program Files\Net2Phone CommCenter
2008-06-06 22:40 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-06-06 22:40 --------- d-----w C:\Program Files\MediaRing
2008-06-06 22:24 --------- d-----w C:\Documents and Settings\Tyler\Application Data\MRTalk
2008-06-06 22:10 --------- d-----w C:\Program Files\buddyPhone
2008-06-06 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-06 21:42 413,696 ----a-w C:\Windows\system32\wrap_oal.dll
2008-06-06 21:42 102,400 ----a-w C:\Windows\system32\OpenAL32.dll
2008-06-06 21:42 --------- d-----w C:\Program Files\Creative
2008-06-06 18:54 972,072 ----a-w C:\Windows\UNRecode.exe
2008-06-06 18:54 95,600 ----a-w C:\Windows\system32\NeroCo.dll
2008-06-04 20:23 --------- d-----w C:\Documents and Settings\Tyler\Application Data\EVEMon
2008-06-03 17:33 --------- d-----w C:\Program Files\ImageSkill
2008-05-31 20:40 22,768 ----a-w C:\Windows\system32\drivers\usbsermpt.sys
2008-05-31 19:50 --------- d-----w C:\Program Files\Motorola Tools
2008-05-31 19:25 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-05-31 19:25 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-05-31 18:56 0 ---ha-w C:\Windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-31 18:56 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-05-31 18:46 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 02:21 --------- d-----w C:\Documents and Settings\Tyler\Application Data\vlc
2008-05-28 02:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-27 23:16 61,440 ----a-w C:\Windows\system32\NormalizeDSP.dll
2008-05-27 22:58 --------- d-----w C:\Documents and Settings\Tyler\Application Data\SmartFTP
2008-05-27 22:56 --------- d-----w C:\Documents and Settings\Tyler\Application Data\FileZilla
2008-05-27 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-24 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 13:12 323,584 ----a-w C:\Windows\system32\AudioGenie2.dll
2008-05-23 03:13 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 22:18 12,288 ----a-w C:\Windows\system32\DivXWMPExtType.dll
2008-05-21 18:20 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Autodesk
2008-05-21 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-21 18:13 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-21 18:12 --------- d-----w C:\Program Files\Autodesk
2008-05-21 18:11 --------- d-----w C:\Program Files\MSBuild
2008-05-21 18:10 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-20 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-20 18:15 --------- d-----w C:\Program Files\Bonjour
2008-05-20 18:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-20 15:19 --------- d-----w C:\Program Files\Steam
2008-05-20 15:19 --------- d-----w C:\Program Files\Notepad++
2008-05-20 15:19 --------- d-----w C:\Program Files\AVSMedia
2008-05-20 15:19 --------- d-----w C:\Program Files\AVS Media
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Notepad++
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\Tyler\Application Data\AVSMedia
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-20 15:13 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-20 15:12 --------- d-----w C:\Program Files\GameShadow
2008-05-19 15:20 --------- d-----w C:\Program Files\IDM Computer Solutions
2008-05-19 15:20 --------- d-----w C:\Documents and Settings\Tyler\Application Data\IDMComp
2008-05-14 17:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-07 05:18 1,287,680 ----a-w C:\Windows\system32\quartz.dll
2008-05-07 01:30 691,545 ----a-w C:\Windows\unins000.exe
2008-04-26 20:14 42,672 ----a-w C:\Windows\system32\wbsys.dll
2008-04-23 04:16 826,368 ----a-w C:\Windows\system32\wininet.dll
2008-02-11 22:33 81,920 ----a-w C:\Documents and Settings\Tyler\Application Data\ezpinst.exe
2008-02-11 22:33 47,360 ----a-w C:\Documents and Settings\Tyler\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"nHancer"="C:\Program Files\nHancer\nHancer.exe" [2007-10-31 10:43 1519616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"LXCCCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 05:21 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19 79224]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-03 12:43 10752 C:\WINDOWS\system32\SPIRUN.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-06 20:58 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"msacm.l3codec"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tyler^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-06-25 12:24 3057152 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
--a------ 2005-02-21 07:21 192512 C:\Program Files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-18 20:55 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-10 21:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 19:05 734264 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"E:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\kav\\kav7\\setup.exe"=

R0 HFXP2;HFXP2;C:\Windows\system32\DRIVERS\HFXP2.SYS [2007-01-23 01:26]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 09:00]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 00:53:05 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-18 15:39:30 C:\Windows\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-07-18 11:42:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
LXCCCATS = rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-18 11:44:06
ComboFix-quarantined-files.txt 2008-07-18 15:43:53

Pre-Run: 73,404,989,440 bytes free
Post-Run: 74,143,260,672 bytes free

302 --- E O F --- 2008-07-17 00:31:58

============Super Antispyware log==============

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 07/18/2008 at 11:25 AM

Application Version : 4.15.1000

Core Rules Database Version : 3507
Trace Rules Database Version: 1498

Scan type : Complete Scan
Total Scan Time : 00:32:21

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 6486
Registry threats detected : 0
File items scanned : 30957
File threats detected : 1

Adware.Tracking Cookie
.ad.us-ec.adtechus.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\lpegfop4.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\lpegfop4.default\cookies.txt ]

Trojan.Unclassified-Packed/Suspicious
E:\PROGRAM FILES\TC UP\PLUGINS\LIBRARY\TCUPSHELLEXT.DLL


Hope this helps.
Posted 7/21/2008 1:05 PM
#63840
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Malwarebytes' Anti-Malware:

https://www.besttechie.net/tools/mbam-setup.exe



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch



Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.





Copy and Paste that log into your next reply, and tell how things are running now ?





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 9:43 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
38 Guest(s), 0 Registered Member(s) are currently online.