Here are the two log files you asked for:
Thankyou
ComboFix 08-05-28.4 - Nasir 2008-05-29 0:22:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.91 [GMT -4:00]
Running from: C:\Documents and Settings\Nasir\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dfhmvyrn.ini
C:\WINDOWS\system32\ehknqtwa.ini
C:\WINDOWS\system32\ehknqtwa.ini2
C:\WINDOWS\system32\fccaAtSj.dll
C:\WINDOWS\system32\ikdeutbv.dll
C:\WINDOWS\system32\QAIiknpo.ini
C:\WINDOWS\system32\QAIiknpo.ini2
C:\WINDOWS\system32\vbtuedki.ini
C:\WINDOWS\system32\wcavegoa.ini
C:\WINDOWS\system32\wENXyyay.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-28 22:44 . 2008-05-28 23:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-28 22:42 . 2008-05-28 22:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 22:42 . 2008-05-28 22:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 22:42 . 2008-05-28 22:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-28 22:42 . 2008-05-28 22:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 22:41 . 2008-05-28 22:41 <DIR> d-------- C:\Program Files\AVG
2008-05-28 22:41 . 2008-05-28 23:20 <DIR> d-------- C:\Documents and Settings\Nasir\Application Data\AVGTOOLBAR
2008-05-28 22:41 . 2008-05-28 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 22:22 . 2008-05-28 22:36 47,787,248 --a------ C:\Program Files\avg_free_stf_en_8_100a1295.exe
2008-05-28 21:24 . 2008-05-28 21:24 <DIR> d-------- C:\Program Files\CCleaner
2008-05-28 16:53 . 2008-05-28 16:54 322,816 --a------ C:\WINDOWS\system32\yayyXNEw.dll.vir
2008-05-28 16:44 . 2008-05-28 16:44 322,944 --a------ C:\WINDOWS\system32\urqQklKa.dll.vir
2008-05-28 02:04 . 2008-05-28 02:04 322,944 --a------ C:\WINDOWS\system32\awtqnkhe.dll.vir
2008-05-28 02:01 . 2008-05-29 00:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 02:00 . 2008-05-28 02:01 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-28 02:00 . 2008-05-28 02:00 <DIR> d-------- C:\Documents and Settings\Nasir\Application Data\Simply Super Software
2008-05-28 02:00 . 2008-05-28 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-28 02:00 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-28 02:00 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-28 02:00 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-28 02:00 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-28 02:00 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-28 01:57 . 2008-05-28 01:58 7,098,592 --a------ C:\Program Files\trsetup.exe
2008-05-28 01:50 . 2008-05-28 01:51 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-28 01:50 . 2008-05-28 01:50 339,257 --a------ C:\Program Files\CleanUp452.exe
2008-05-28 01:15 . 2008-05-28 20:55 1,262 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-28 01:14 . 2008-05-28 20:58 <DIR> d-------- C:\Program Files\SmitfraudFix
2008-05-28 01:13 . 2008-05-28 01:14 1,392,442 --a------ C:\Program Files\SmitfraudFix.exe
2008-05-28 00:51 . 2008-05-28 00:51 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-05-28 00:25 . 2008-05-28 00:25 214,528 --a------ C:\Program Files\VundoFix.exe
2008-05-27 23:38 . 2008-05-27 23:38 <DIR> d-------- C:\VundoFix Backups
2008-05-27 21:37 . 2008-05-27 21:37 96,256 --a------ C:\WINDOWS\system32\joeupgqi.dll.vir
2008-05-27 21:36 . 2008-05-28 22:43 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-27 20:54 . 2008-05-27 23:05 <DIR> d-------- C:\Documents and Settings\Nasir\Application Data\TmpRecentIcons
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-29 03:56 --------- d-----w C:\Program Files\Real
2008-05-28 06:00 784 ----a-w C:\Program Files\Trojan Remover.lnk
2008-05-28 04:24 --------- d-----w C:\Program Files\Java
2008-05-28 04:21 --------- d-----w C:\Documents and Settings\Nasir\Application Data\Viewpoint
2008-05-28 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-15 16:33 --------- d-----w C:\Program Files\SopCast
2008-04-11 00:04 --------- d-----w C:\Program Files\Morpheus
2008-04-07 20:21 7,548,688 ----a-w C:\Program Files\Firefox Setup 3.0 Beta 5.exe
2008-03-20 20:05 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-03-20 20:05 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-03-20 20:05 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-03-20 20:05 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-03-20 20:05 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-03-20 20:05 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-03-08 01:25 13,413,048 ----a-w C:\Program Files\Google_Earth_BZXV.exe
2008-03-06 03:35 11,724,688 ----a-w C:\Program Files\winamp552_full_emusic-7plus_all.exe
2008-03-06 03:32 938,252 ----a-w C:\Program Files\srwa5-1.61.21.exe
2008-03-06 03:13 23,454,528 ----a-w C:\Program Files\AdbeRdr812_en_US.exe
2008-03-02 06:30 3,330,963 ----a-w C:\Program Files\SopCast.zip
2007-10-14 19:17 190,064 ----a-w C:\Program Files\Morpheus.exe
2007-10-06 19:19 123,368,360 ----a-w C:\Program Files\Office2003SP3-KB923618-FullFile-ENU.exe
2007-09-30 02:08 10,731,520 ----a-w C:\Program Files\UCVPNClientWin.exe
2007-09-30 01:20 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe
2007-09-30 01:17 19,755,376 ----a-w C:\Program Files\Adaware 07.exe
2007-09-30 01:03 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-09-29 21:22 6,016,952 ----a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2006-11-17 19:48 3,092,282 ----a-w C:\Program Files\TVUPlayer2.3.0.exe
2006-03-05 21:47 2,417,824 ----a-w C:\Program Files\winzip90sr1.exe
2003-09-30 21:27 28,556,584 ----a-w C:\Program Files\avg75free_488a1138.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
C:\Program Files\ColorUtility\ColorUtility.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-28 22:41 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9CBB131-D109-4A00-8C3A-ADDBE5EDD016}]
C:\WINDOWS\system32\opnkiIAQ.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-28 22:41 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-28 22:41 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 23:07 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 22:41 1177368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5884e9f8]
C:\WINDOWS\system32\ikdeutbv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmitfraudFix\\SmiUpdate.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 22:42]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-28 22:41]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 22:41]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-28 22:42]
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-29 00:34:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
.
************************************************** ************************
.
Completion time: 2008-05-29 0:41:59 - machine was rebooted [Nasir]
ComboFix-quarantined-files.txt 2008-05-29 04:41:23
Pre-Run: 17,521,168,384 bytes free
Post-Run: 17,454,333,952 bytes free
166 --- E O F --- 2008-05-17 02:04:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:41, on 5/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5508)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ColorUtility module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\ColorUtility\ColorUtility.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {E9CBB131-D109-4A00-8C3A-ADDBE5EDD016} - C:\WINDOWS\system32\opnkiIAQ.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1064900768820
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 4900 bytes
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Fixed] Spyware Removal Help
[Fixed] Spyware Removal Help
Linear Mode
