The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Need help with Trojan Horse Generic2_c.begg

Posted 1/3/2011 2:25 PM
#90650
User avatar

Vipul Kacker Member

Date Joined Nov 2016
Total Posts: 5
Hi,
i need help with the removal of this trojan horse, i was earlier using avira antivirus which detected this virus and removed it but i could again see some alien programs running in the task manager. I uninstalled it and am now using avg antivirus which has detected the infections twice and removed the files but this creepy thing keeps on popping up again and again.
Help would be much appreciated!
Posted 1/4/2011 6:14 AM
#90661
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:






We need to get a comprehensive report of what is present in your system.
Therefore, please follow this guide:

Before-posting-a-log


Follow the instructions and copy the logs here, in this Topic.



If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/5/2011 1:53 PM
#90693
User avatar

Vipul Kacker Member

Date Joined Nov 2016
Total Posts: 5
Hi Touch,

Thanks a lot for the initial guidance and my apologies for the delay in replying with the logs, using quite an outdated system.
I'm updating them in the order described in the other thread.

1. Hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:46 PM, on 1/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG10\AVGRSX.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
D:\Program Files\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TYWHvBYzBXR] C:\DOCUME~1\vipul\LOCALS~1\Temp\BZ8YL.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibibo Messenger] "C:\Program Files\ibibo\ibibo messenger\Bin\ibibomsgr.exe" /background
O4 - HKCU\..\Run: [QYSRQ] C:\DOCUME~1\vipul\LOCALS~1\Temp\BZ8YL.exe
O4 - Global Startup: (Empty).LNK = C:\KHATRA.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\bin\jqs.exe

--
End of file - 5196 bytes

2. Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5462

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2011 6:02:27 PM
mbam-log-2011-01-05 (18-02-27).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 200520
Time elapsed: 1 hour(s), 54 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\KHATRA (Worm.AutoIT) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Worm.AutoIT) -> Value: Window Title -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\unzipped\cyberlink_powerdvd_xp_deluxe_v4[1].0_by_core\CR-PXP40.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\program files\filesubmit\atlantis revisited\bonzi.exe (Adware.BonziBuddy) -> Quarantined and deleted successfully.
e:\dddddhare3ddfjkh\Shared\cyberlink powerdvd 8 ultra keygen + crack\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
e:\dddddhare3ddfjkh\Shared\cyberlink powerdvd 8 ultra keygen + crack\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
g:\my documents\cyberlink\PowerDVD\pack winamp5.0 pro-=toxygen=-\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\WINDOWS\mario675.cab (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\new-screamsaver.com.cab (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\supermodels.cab (Trojan.Agent) -> Quarantined and deleted successfully.

3. DDS LOGS.
Posted 1/5/2011 1:55 PM
#90695
User avatar

Vipul Kacker Member

Date Joined Nov 2016
Total Posts: 5
3. DDS LOGS-DDS

DDS (Ver_10-12-12.02) - FAT32x86
Run by vipul at 19:09:18.41 on Wed 01/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.254 [GMT 5.5:30]


============== Running Processes ===============

C:\Program Files\AVG\AVG10\AVGCHSVX.EXE
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\AVG\AVG10\AVGRSX.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
D:\Program Files\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\vipul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ibibo Messenger] "c:\program files\ibibo\ibibo messenger\bin\ibibomsgr.exe" /background
uRun: [QYSRQ] c:\docume~1\vipul\locals~1\temp\BZ8YL.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [TYWHvBYzBXR] c:\docume~1\vipul\locals~1\temp\BZ8YL.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\(empty).lnk - c:\KHATRA.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-3 517448]

=============== Created Last 30 ================

2011-01-05 13:24:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-05 13:24:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-05 07:47:07 -------- d-----w- c:\docume~1\vipul\applic~1\Malwarebytes
2011-01-05 07:46:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 07:46:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-05 07:46:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-05 07:46:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-03 13:38:07 -------- d--h--w- C:\$AVG
2011-01-03 12:58:46 -------- d-----w- c:\docume~1\vipul\applic~1\AVG10
2011-01-03 12:56:34 -------- d-sh--w- C:\FOUND.003
2011-01-03 12:50:14 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-03 12:49:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-01-03 12:43:25 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-03 12:43:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-03 12:42:11 -------- d-----w- c:\program files\AVG
2011-01-03 11:57:56 -------- d-----w- c:\windows\system32\NtmsData
2011-01-03 06:03:24 306688 ----a-w- c:\windows\IsUninst.exe
2011-01-03 05:59:41 -------- d-----w- c:\windows\K.Backup
2011-01-03 05:55:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-23 13:47:02 -------- d-sh--w- C:\FOUND.002
2010-12-22 05:11:38 -------- d-----w- c:\docume~1\vipul\locals~1\applic~1\Adobe
2010-12-21 06:34:06 -------- d-sh--w- c:\documents and settings\vipul\IECompatCache
2010-12-17 10:45:10 -------- d-----w- c:\docume~1\vipul\applic~1\PriceGong
2010-12-16 18:12:16 -------- d--h--w- c:\windows\PIF
2010-12-16 12:46:16 -------- d-----w- c:\docume~1\vipul\locals~1\applic~1\Conduit
2010-12-16 12:45:56 -------- d-----w- C:\extensions
2010-12-16 12:37:59 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-16 12:37:58 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-12-16 12:36:24 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-12-16 12:35:27 -------- d-----w- c:\program files\CCleaner
2010-12-16 12:32:41 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 12:12:50 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-15 17:46:14 -------- d-----w- c:\docume~1\vipul\applic~1\Tencent
2010-12-15 17:45:54 -------- d-----w- c:\program files\common files\ibibo
2010-12-15 17:34:59 -------- d-----w- c:\docume~1\vipul\applic~1\ibibo
2010-12-09 11:09:57 -------- d-----w- c:\windows\system32\scripting
2010-12-09 11:09:56 -------- d-----w- c:\windows\l2schemas
2010-12-09 11:09:55 -------- d-----w- c:\windows\system32\en
2010-12-09 11:09:55 -------- d-----w- c:\windows\system32\bits
2010-12-09 11:03:50 -------- d-----w- c:\windows\network diagnostic
2010-12-09 11:00:30 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-12-09 10:34:57 -------- d-sh--w- c:\documents and settings\vipul\PrivacIE
2010-12-09 09:58:56 -------- d-sh--w- c:\documents and settings\vipul\IETldCache
2010-12-09 08:15:03 -------- d-----w- c:\windows\ie8updates
2010-12-09 08:14:44 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-09 08:14:44 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-09 08:14:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-12-09 08:14:42 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-09 08:14:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-09 08:14:41 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-12-09 08:14:34 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-09 08:12:42 -------- d--h--w- c:\windows\ie8
2010-12-09 07:50:01 -------- d-----w- c:\windows\ServicePackFiles
2010-12-09 06:56:14 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-12-09 06:55:28 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-12-09 06:55:27 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-12-09 06:55:27 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-12-09 06:55:26 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-12-09 06:55:26 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-12-09 06:55:25 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-12-09 06:55:24 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-12-09 06:55:24 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-12-09 06:55:22 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-12-09 06:55:20 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-09 06:55:17 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-12-09 06:41:06 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-12-09 06:41:06 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-12-09 06:39:35 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-12-09 06:39:33 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-09 06:39:30 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-09 06:32:20 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-12-09 06:32:20 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-12-09 06:27:51 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-12-09 06:26:56 -------- d-----w- c:\program files\DivX
2010-12-09 06:22:02 -------- d-sh--w- C:\FOUND.001
2010-12-07 22:42:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-07 19:33:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-12-07 19:33:46 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-12-07 19:22:49 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-07 19:22:08 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-07 19:18:38 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2010-12-07 19:18:38 47616 ----a-w- c:\program files\windows media player\msoobci.dll
2010-12-07 19:17:19 -------- d-----w- c:\windows\RegisteredPackages
2010-12-07 18:30:54 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-12-07 18:28:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-12-07 18:28:18 279552 ----a-w- c:\program files\windows nt\accessories\SET2D2.tmp
2010-12-07 18:28:17 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-12-07 18:28:17 215552 ----a-w- c:\program files\windows nt\accessories\SET2D1.tmp
2010-12-07 16:58:59 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-12-07 16:52:09 -------- d-----w- c:\windows\system32\PreInstall
2010-12-07 16:52:08 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-12-07 16:52:06 -------- d--h--w- c:\windows\$hf_mig$
2010-12-07 16:16:27 -------- d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-12-05 11:39:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-05 11:39:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-23 17:51:00 1195760 ------w- c:\windows\wweb32.dll

============= FINISH: 19:12:00.26 ===============

4. DDS LOGS-ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/13/2010 9:34:15 PM
System Uptime: 1/5/2011 6:41:40 PM (1 hours ago)

Motherboard: Compaq | | 06C0h
Processor: Intel Pentium III processor | J1 | 664/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 7 GiB total, 1.156 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 0.117 GiB free.
E: is FIXED (FAT32) - 9 GiB total, 0.284 GiB free.
F: is FIXED (FAT32) - 9 GiB total, 0.179 GiB free.
G: is FIXED (FAT32) - 12 GiB total, 0.711 GiB free.
H: is FIXED (FAT32) - 0 GiB total, 0.006 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader X
ADSL USB Driver 2.0.1
AVG 2011
CCleaner
DivX Setup
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Opera 11.00
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WordWeb

==== Event Viewer Messages From Past Week ========

1/5/2011 6:43:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/3/2011 6:27:06 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00085C88154A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/1/2011 5:38:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/1/2011 5:38:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\vipul\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/1/2011 5:38:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/1/2011 5:32:26 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
1/1/2011 5:32:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
1/1/2011 5:32:26 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/1/2011 5:22:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/1/2011 5:01:59 PM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
1/1/2011 5:01:59 PM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

==== End Of File ===========================

Once again, thanks a lot for the help !!
Posted 1/5/2011 2:23 PM
#90701
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/6/2011 1:40 PM
#90720
User avatar

Vipul Kacker Member

Date Joined Nov 2016
Total Posts: 5
Hi Touch,

I uninstalled avg and downloaded avast after that. after following the processes, here's the log.

ComboFix 11-01-05.05 - vipul 01/06/2011 18:44:37.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.351 [GMT 5.5:30]
Running from: c:\documents and settings\vipul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vipul\Application Data\PriceGong
c:\documents and settings\vipul\Application Data\PriceGong\Data\1.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\a.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\b.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\c.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\d.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\e.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\f.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\g.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\h.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\i.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\J.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\k.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\l.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\m.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\n.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\o.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\p.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\q.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\r.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\s.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\t.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\u.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\v.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\w.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\x.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\y.xml
c:\documents and settings\vipul\Application Data\PriceGong\Data\z.xml
c:\windows\K.Backup
c:\windows\K.Backup\C_Drive_Documents and Settings_All Users_Start Menu_Programs_Startup_Adobe Gamma Loader.lnk.FUCKED
c:\windows\K.Backup\C_Drive_Documents and Settings_All Users_Start Menu_Programs_Startup_desktop.ini.FUCKED
c:\windows\K.Backup\C_Drive_Documents and Settings_vipul_Start Menu_Programs_Startup_desktop.ini.FUCKED
D:\autorun.inf
E:\autorun.inf
F:\autorun.inf
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 08:31 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-06 08:31 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-06 08:31 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-06 08:31 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-06 08:31 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-06 08:31 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-06 08:31 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-06 08:30 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2011-01-06 08:30 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-06 08:30 . 2011-01-06 08:30 -------- d-----w- c:\program files\Alwil Software
2011-01-06 08:30 . 2011-01-06 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-05 13:44 . 2011-01-05 13:44 -------- d-----w- c:\program files\Trend Micro
2011-01-05 13:38 . 2011-01-05 13:38 -------- d-----w- c:\program files\Common Files\Java
2011-01-05 13:24 . 2011-01-05 13:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-05 13:24 . 2011-01-05 13:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-05 07:47 . 2011-01-05 07:47 -------- d-----w- c:\documents and settings\vipul\Application Data\Malwarebytes
2011-01-05 07:46 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-05 07:46 . 2011-01-05 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-05 07:46 . 2011-01-05 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-05 07:46 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-03 12:58 . 2011-01-03 12:58 -------- d-----w- c:\documents and settings\vipul\Application Data\AVG10
2011-01-03 12:56 . 2011-01-03 12:56 -------- d-----w- C:\FOUND.003
2011-01-03 12:50 . 2011-01-03 12:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-03 12:43 . 2011-01-03 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-03 11:58 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-01-03 11:57 . 2011-01-03 11:57 -------- d-----w- c:\windows\system32\NtmsData
2011-01-03 06:03 . 1998-10-29 11:15 306688 ----a-w- c:\windows\IsUninst.exe
2011-01-03 05:55 . 2011-01-03 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-23 13:47 . 2010-12-23 13:47 -------- d-----w- C:\FOUND.002
2010-12-23 08:49 . 2010-12-23 08:49 -------- d-----w- c:\documents and settings\vipul\Application Data\vlc
2010-12-22 05:11 . 2010-12-22 05:11 -------- d-----w- c:\documents and settings\vipul\Local Settings\Application Data\Adobe
2010-12-21 06:34 . 2010-12-21 06:34 -------- d-sh--w- c:\documents and settings\vipul\IECompatCache
2010-12-16 18:28 . 2010-12-16 18:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-16 18:12 . 2010-12-16 18:12 -------- d--h--w- c:\windows\PIF
2010-12-16 12:46 . 2010-12-16 12:46 -------- d-----w- c:\documents and settings\vipul\Local Settings\Application Data\Conduit
2010-12-16 12:45 . 2010-12-16 12:45 -------- d-----w- C:\extensions
2010-12-16 12:37 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-16 12:37 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-12-16 12:36 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-12-16 12:35 . 2010-12-16 12:35 -------- d-----w- c:\program files\CCleaner
2010-12-16 12:32 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 12:12 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-15 17:46 . 2010-12-15 17:46 -------- d-----w- c:\documents and settings\vipul\Application Data\Tencent
2010-12-15 17:45 . 2010-12-15 17:45 -------- d-----w- c:\program files\Common Files\ibibo
2010-12-15 17:34 . 2010-12-15 17:35 -------- d-----w- c:\documents and settings\vipul\Application Data\ibibo
2010-12-15 15:37 . 2010-12-15 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-09 11:35 . 2010-12-09 11:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----w- c:\windows\system32\scripting
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----w- c:\windows\l2schemas
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----w- c:\windows\system32\en
2010-12-09 11:09 . 2010-12-09 11:09 -------- d-----w- c:\windows\system32\bits
2010-12-09 10:34 . 2010-12-09 10:34 -------- d-sh--w- c:\documents and settings\vipul\PrivacIE
2010-12-09 09:58 . 2010-12-09 09:58 -------- d-sh--w- c:\documents and settings\vipul\IETldCache
2010-12-09 08:14 . 2010-11-06 00:26 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-09 08:14 . 2010-11-06 00:26 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-09 08:14 . 2010-11-06 00:26 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-12-09 08:14 . 2010-11-06 00:26 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-09 08:14 . 2010-11-06 00:26 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-09 08:14 . 2010-11-06 00:26 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-12-09 08:14 . 2010-11-06 00:26 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-12-09 08:12 . 2010-12-09 08:12 -------- d--h--w- c:\windows\ie8
2010-12-09 07:50 . 2010-12-09 07:50 -------- d-----w- c:\windows\ServicePackFiles
2010-12-09 06:56 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-12-09 06:55 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-12-09 06:55 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-12-09 06:55 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-12-09 06:55 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-12-09 06:55 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-12-09 06:55 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-12-09 06:55 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-12-09 06:55 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-12-09 06:55 . 2010-04-27 13:59 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-12-09 06:55 . 2010-04-28 02:25 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-12-09 06:55 . 2010-04-27 13:05 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-12-09 06:41 . 2010-12-09 06:41 -------- d-----w- c:\documents and settings\vipul\Application Data\DivX
2010-12-09 06:41 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-12-09 06:41 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-12-09 06:39 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-12-09 06:39 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-12-09 06:39 . 2010-12-09 06:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-09 06:32 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-12-09 06:32 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-12-09 06:27 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-12-09 06:26 . 2010-12-09 06:26 -------- d-----w- c:\program files\DivX
2010-12-09 06:22 . 2010-12-09 06:22 -------- d-----w- C:\FOUND.001
2010-12-07 19:33 . 2010-12-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-07 19:33 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-12-07 19:22 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-12-07 19:22 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-07 19:18 . 2005-01-28 08:14 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2010-12-07 19:18 . 2005-01-28 08:14 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2010-12-07 18:30 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-12-07 18:28 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-12-07 18:28 . 2008-04-21 09:56 279552 ----a-w- c:\program files\Windows NT\Accessories\SET2D2.tmp
2010-12-07 18:28 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-12-07 18:28 . 2008-04-21 10:02 215552 ----a-w- c:\program files\Windows NT\Accessories\SET2D1.tmp
2010-12-07 16:58 . 2007-10-21 22:09 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-12-07 16:52 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-12-07 16:52 . 2010-12-07 16:52 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 11:39 . 2010-12-05 11:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-05 11:39 . 2010-12-05 11:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:12 . 2010-11-13 15:43 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-03 13:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-08-03 13:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-03 13:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-03 11:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 09:30 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-03 13:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-03 12:17 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-23 17:51 . 2010-11-28 09:39 1195760 ------w- c:\windows\wweb32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-05 274608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
(Empty).LNK - C:\KHATRA.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/6/2011 2:01 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/6/2011 2:01 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2011 2:02 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-113007714-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-113007714-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 06:03]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 08:32]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-06 08:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-ibibo Messenger - c:\program files\ibibo\ibibo messenger\Bin\ibibomsgr.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2011-01-06 18:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-06 18:59:53
ComboFix-quarantined-files.txt 2011-01-06 13:29

Pre-Run: 1,461,841,920 bytes free
Post-Run: 1,445,298,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 89015B626E4AF914F2AF17DF99CA11E3
Posted 1/8/2011 7:25 AM
#90744
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Good. Please post new hijackthis log, and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/8/2011 1:58 PM
#90754
User avatar

Vipul Kacker Member

Date Joined Nov 2016
Total Posts: 5
Hello... :-)
Things are good now, but just one thing, a pop up appears stating that there are file waiting to be written to the cd, which did appear when the virus was there...now nothing happens when i click it,otherwise there's no instance of any processes running in the task mgr as well.
here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:24 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\bin\jqs.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\bin\jqs.exe

--
End of file - 3692 bytes
Posted 1/10/2011 6:30 AM
#90770
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Sorry, but I don´t quite understand what you mean with - "now nothing happens when i click it,otherwise there's no instance of any processes running in the task mgr as well."

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, July 4, 2022, 1:21 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
42 Guest(s), 0 Registered Member(s) are currently online.