Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hello there I may have acouple of virus's [RESOLVED]


  • This topic is locked This topic is locked

#1
Preatorian

Preatorian

    Member

  • Member
  • PipPip
  • 31 posts
Hello, I have been helped alittle so far in another forum. But im going back in 2 days to where I live and I dont have internet there. I need an update on my system and get it fixed if anything else is present before I go back. Plus the person I had helping me has a very weird schedule and I wanted to come to a more popular and well known forum. I was infected with the Trojan-gen{other} and I have no idea if I have removed it. Here is a log of super Antispyware combofix and Hijack this.



HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:32 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\nHancer\nHancer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Tyler\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comca..... Controls.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 8155 bytes



ComboFix log



ComboFix 08-07-17.4 - Tyler 2008-07-18 11:39:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1578 [GMT -4:00]
Running from: C:\Documents and Settings\Tyler\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\Packet.dll
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\tmp66.tmp
C:\Windows\system32\tmp67.tmp
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-18 10:50 . 2008-07-18 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-18 10:49 . 2008-07-18 10:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-18 10:49 . 2008-07-18 10:49 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\SUPERAntiSpyware.com
2008-07-17 16:40 . 2008-07-17 16:40 <DIR> d-------- C:\Documents and Settings\Tyler\.housecall6.6
2008-07-17 15:41 . 2008-07-17 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-17 14:28 . 2008-07-17 14:28 0 --a------ C:\WINDOWS\Irremote.ini
2008-07-16 22:47 . 2008-07-16 22:47 <DIR> d-------- C:\kav
2008-07-16 22:10 . 2008-07-16 23:10 344,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-16 22:10 . 2008-07-16 23:10 7,196 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-16 22:10 . 2008-07-16 23:10 4,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-16 22:10 . 2008-07-16 23:10 2,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-16 22:09 . 2008-07-16 22:09 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\Thinstall
2008-07-16 21:14 . 2008-07-16 21:14 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\Apple Computer
2008-07-16 20:53 . 2008-07-16 20:54 <DIR> d-------- C:\Program Files\QuickTime
2008-07-16 20:53 . 2008-07-16 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 20:52 . 2008-07-16 20:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-16 20:52 . 2008-07-16 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-16 20:30 . 2008-07-16 20:30 36 --a------ C:\WINDOWS\system32\m4p.dat
2008-07-16 17:39 . 2008-07-16 17:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-16 15:27 . 2008-07-16 16:20 <DIR> d-------- C:\Program Files\mIRC
2008-07-16 15:27 . 2008-07-16 17:15 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\mIRC
2008-07-16 13:08 . 2008-07-16 13:08 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-16 13:08 . 2008-06-18 16:37 2,045,459 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-07-16 13:08 . 2008-07-04 02:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-07-16 13:08 . 2004-01-25 12:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-07-16 13:08 . 2008-06-12 14:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-16 13:08 . 2007-07-10 12:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-16 13:08 . 2007-10-03 11:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-07-16 11:35 . 2008-07-16 20:34 <DIR> d-------- C:\Program Files\DivX
2008-07-15 22:32 . 2008-07-16 17:49 <DIR> d-------- C:\Program Files\SubMagic
2008-07-15 22:25 . 2008-07-15 22:25 <DIR> d-------- C:\Program Files\SubtitleCreator
2008-07-15 22:22 . 2008-07-16 13:02 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-07-15 22:22 . 2008-07-15 22:24 <DIR> d-------- C:\Program Files\Aegisub
2008-07-15 22:20 . 2008-07-15 22:20 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-07-15 22:12 . 2008-07-15 22:12 303 --a------ C:\WINDOWS\ST6UNST.006
2008-07-15 22:11 . 2008-07-15 22:11 303 --a------ C:\WINDOWS\ST6UNST.005
2008-07-15 22:11 . 2008-07-15 22:11 303 --a------ C:\WINDOWS\ST6UNST.004
2008-07-15 20:03 . 2002-09-16 02:50 233,632 -rah----- C:\NTLDR
2008-07-15 17:50 . 2008-07-15 17:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-10 17:05 . 2008-07-10 17:05 303 --a------ C:\WINDOWS\ST6UNST.003
2008-07-10 17:05 . 2008-07-10 17:05 303 --a------ C:\WINDOWS\ST6UNST.002
2008-07-10 16:35 . 2008-07-13 17:26 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\XnView
2008-07-09 18:10 . 2008-07-09 18:10 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\HEXelon
2008-07-07 18:44 . 2008-07-07 18:44 303 --a------ C:\WINDOWS\ST6UNST.001
2008-07-07 18:44 . 2008-07-07 18:44 303 --a------ C:\WINDOWS\ST6UNST.000
2008-06-27 16:53 . 2008-06-27 16:53 <DIR> d-------- C:\Program Files\DVDInfoPro
2008-06-27 15:43 . 2008-06-27 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-27 15:42 . 2008-06-27 15:42 <DIR> d-------- C:\Program Files\SlySoft
2008-06-27 15:42 . 2008-06-27 15:42 0 ---hs---- C:\WINDOWS\SB2DAFF17.tmp
2008-06-25 13:20 . 2008-06-26 16:40 <DIR> d-------- C:\Program Files\Hide Folders XP 2
2008-06-25 13:20 . 2007-01-23 01:26 17,264 --a------ C:\WINDOWS\system32\drivers\hfxp2.sys
2008-06-24 20:36 . 2008-06-24 20:37 <DIR> d-------- C:\Program Files\Free Hide Folder
2008-06-24 20:36 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-24 20:36 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-24 16:06 . 2008-06-24 16:06 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2008-06-18 13:52 . 2008-06-18 13:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 14:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 14:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 18:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-17 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-17 17:02 --------- d-----w C:\Documents and Settings\Tyler\Application Data\uTorrent
2008-07-17 16:03 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-07-17 00:35 --------- d-----w C:\Documents and Settings\Tyler\Application Data\DivX
2008-07-16 17:06 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2008-07-16 02:12 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-07-16 02:12 249,856 ------w C:\Windows\Setup1.exe
2008-07-10 18:16 --------- d-----w C:\Program Files\Lx_cats
2008-07-07 22:45 --------- d-----w C:\Program Files\SubSync
2008-06-27 19:44 --------- d-----w C:\Program Files\FlashGet
2008-06-25 16:27 --------- d-----w C:\Program Files\DAP
2008-06-25 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:01 --------- d-----w C:\Program Files\Paint.NET
2008-06-17 17:26 --------- d-----w C:\Documents and Settings\Tyler\Application Data\InstallShield Installation Information
2008-06-17 17:11 --------- d-----w C:\Program Files\DIFX
2008-06-17 17:11 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-16 23:49 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Skype
2008-06-16 23:02 --------- d-----w C:\Documents and Settings\Tyler\Application Data\skypePM
2008-06-12 22:31 --------- d-----w C:\Program Files\Marvell
2008-06-11 00:07 9,464 ------w C:\Windows\system32\drivers\cdralw2k.sys
2008-06-11 00:07 9,336 ------w C:\Windows\system32\drivers\cdr4_xp.sys
2008-06-11 00:07 524,288 ----a-w C:\Windows\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\Windows\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ------w C:\Windows\system32\pxafs.dll
2008-06-11 00:07 120,056 ------w C:\Windows\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ------w C:\Windows\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\Windows\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\system32\libdivx.dll
2008-06-09 18:58 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Media Player Classic
2008-06-09 01:13 587,776 ----a-w C:\Windows\system32\advert.dll
2008-06-08 19:44 --------- d-----w C:\Program Files\Blaze Media Pro
2008-06-08 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\{737AEA7B-5AB3-4A1C-BC5A-EAAB803F2D97}
2008-06-08 13:37 132,904 ----a-w C:\Windows\system32\drivers\imagesrv.sys
2008-06-08 13:37 11,304 ----a-w C:\Windows\system32\drivers\imagedrv.sys
2008-06-06 22:42 --------- d-----w C:\Program Files\Net2Phone CommCenter
2008-06-06 22:40 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-06-06 22:40 --------- d-----w C:\Program Files\MediaRing
2008-06-06 22:24 --------- d-----w C:\Documents and Settings\Tyler\Application Data\MRTalk
2008-06-06 22:10 --------- d-----w C:\Program Files\buddyPhone
2008-06-06 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-06 21:42 413,696 ----a-w C:\Windows\system32\wrap_oal.dll
2008-06-06 21:42 102,400 ----a-w C:\Windows\system32\OpenAL32.dll
2008-06-06 21:42 --------- d-----w C:\Program Files\Creative
2008-06-06 18:54 972,072 ----a-w C:\Windows\UNRecode.exe
2008-06-06 18:54 95,600 ----a-w C:\Windows\system32\NeroCo.dll
2008-06-04 20:23 --------- d-----w C:\Documents and Settings\Tyler\Application Data\EVEMon
2008-06-03 17:33 --------- d-----w C:\Program Files\ImageSkill
2008-05-31 20:40 22,768 ----a-w C:\Windows\system32\drivers\usbsermpt.sys
2008-05-31 19:50 --------- d-----w C:\Program Files\Motorola Tools
2008-05-31 19:25 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-05-31 19:25 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-05-31 18:56 0 ---ha-w C:\Windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-31 18:56 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-05-31 18:46 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-30 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 02:21 --------- d-----w C:\Documents and Settings\Tyler\Application Data\vlc
2008-05-28 02:19 --------- d-----w C:\Program Files\VideoLAN
2008-05-27 23:16 61,440 ----a-w C:\Windows\system32\NormalizeDSP.dll
2008-05-27 22:58 --------- d-----w C:\Documents and Settings\Tyler\Application Data\SmartFTP
2008-05-27 22:56 --------- d-----w C:\Documents and Settings\Tyler\Application Data\FileZilla
2008-05-27 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-24 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 13:12 323,584 ----a-w C:\Windows\system32\AudioGenie2.dll
2008-05-23 03:13 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-22 22:18 12,288 ----a-w C:\Windows\system32\DivXWMPExtType.dll
2008-05-21 18:20 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Autodesk
2008-05-21 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-21 18:13 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-21 18:12 --------- d-----w C:\Program Files\Autodesk
2008-05-21 18:11 --------- d-----w C:\Program Files\MSBuild
2008-05-21 18:10 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-20 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-20 18:15 --------- d-----w C:\Program Files\Bonjour
2008-05-20 18:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-20 15:19 --------- d-----w C:\Program Files\Steam
2008-05-20 15:19 --------- d-----w C:\Program Files\Notepad++
2008-05-20 15:19 --------- d-----w C:\Program Files\AVSMedia
2008-05-20 15:19 --------- d-----w C:\Program Files\AVS Media
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\Tyler\Application Data\Notepad++
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\Tyler\Application Data\AVSMedia
2008-05-20 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-20 15:13 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-20 15:12 --------- d-----w C:\Program Files\GameShadow
2008-05-19 15:20 --------- d-----w C:\Program Files\IDM Computer Solutions
2008-05-19 15:20 --------- d-----w C:\Documents and Settings\Tyler\Application Data\IDMComp
2008-05-14 17:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-07 05:18 1,287,680 ----a-w C:\Windows\system32\quartz.dll
2008-05-07 01:30 691,545 ----a-w C:\Windows\unins000.exe
2008-04-26 20:14 42,672 ----a-w C:\Windows\system32\wbsys.dll
2008-04-23 04:16 826,368 ----a-w C:\Windows\system32\wininet.dll
2008-02-11 22:33 81,920 ----a-w C:\Documents and Settings\Tyler\Application Data\ezpinst.exe
2008-02-11 22:33 47,360 ----a-w C:\Documents and Settings\Tyler\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"nHancer"="C:\Program Files\nHancer\nHancer.exe" [2007-10-31 10:43 1519616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"LXCCCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 05:21 69632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19 79224]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-03 12:43 10752 C:\WINDOWS\system32\SPIRUN.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-06 20:58 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"msacm.l3codec"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=C:\WINDOWS\pss\SATARAID5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tyler^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 15:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-06-25 12:24 3057152 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
--a------ 2005-02-21 07:21 192512 C:\Program Files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 09:31 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-18 20:55 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-10 21:00 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 19:05 734264 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"E:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\kav\\kav7\\setup.exe"=

R0 HFXP2;HFXP2;C:\Windows\system32\DRIVERS\HFXP2.SYS [2007-01-23 01:26]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-15 19:20]
R1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 09:00]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 00:53:05 C:\Windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-18 15:39:30 C:\Windows\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 11:42:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?
LXCCCATS = rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-18 11:44:06
ComboFix-quarantined-files.txt 2008-07-18 15:43:53

Pre-Run: 73,404,989,440 bytes free
Post-Run: 74,143,260,672 bytes free

302 --- E O F --- 2008-07-17 00:31:58


Super Anti Spyware


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/18/2008 at 11:25 AM

Application Version : 4.15.1000

Core Rules Database Version : 3507
Trace Rules Database Version: 1498

Scan type : Complete Scan
Total Scan Time : 00:32:21

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 6486
Registry threats detected : 0
File items scanned : 30957
File threats detected : 1

Adware.Tracking Cookie
.ad.us-ec.adtechus.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Heather and Doug\Application Data\Mozilla\Firefox\Profiles\ill74y2l.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\lpegfop4.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\lpegfop4.default\cookies.txt ]

Trojan.Unclassified-Packed/Suspicious
E:\PROGRAM FILES\TC UP\PLUGINS\LIBRARY\TCUPSHELLEXT.DLL



I have used super Antispyware to remove that Unclassified-oacked/suspicious Trojan and I dont know if it was a false positive and/or if I still have that infection or any other. All help would be appreciated.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Looks good so far. Any problems you are still having now?

If you want to run another virus scan, you can use Panda:

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
  • 0

#3
Preatorian

Preatorian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-07-18 19:34:52
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.3704.0 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00003788 adware/aureate-radiate Adware No 0 Yes No c:\windows\system32\advert.dll
00029434 spyware/virtumonde Spyware No 1 Yes No c:\windows\system32\appsetup.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.fastclick.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.com.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.bs.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[server.iad.liveperson.net/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[statse.webtrendslive.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No D:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\uifvfgma.default\cookies.txt[.did-it.com/]
02055696 Trj/Downloader.MDW Virus/Trojan No 1 Yes No E:\Program Files\TC UP\PLUGINS\Tools\FtpPasswordRipper\Windows_Commander_FTP_Password_RIPPER.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location [
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description [
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

Also here is a HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:35 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\nHancer\nHancer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Tyler\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [WindowBlinds] C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\WBInstall32.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comca..... Controls.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 8330 bytes

Edited by Preatorian, 18 July 2008 - 06:32 PM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete the following:

c:\windows\system32\advert.dll
c:\windows\system32\appsetup.exe
E:\Program Files\TC UP\PLUGINS\Tools\FtpPasswordRipper\Windows_Commander_FTP_Password_RIPPER.exe


Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#5
Preatorian

Preatorian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I Deleted everything you have told me to do so. I ran a scan with Malwarebytes' Anti-Malware 1.21 and Im going to post that log as well as another HijackThisLog after I open TC UP. That was one of the programs that were infected, I wanna see if it still is infected. But besides checking this one program everything seems to be running great.


EDIT: NVM Everything seems clean thanks to you. Thanks for the help I will come back to this forum if I need any help in the future and thanks for the article ill read and follow it to the key.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP