|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-11-2009, 08:05 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 28
OS: xp
|
Cannot delete file AUTORUN.INF
DDS (Ver_09-09-29.01) - NTFSx86
Run by Herman Nehru at 19:56:05.95 on Sun 10/11/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1180 [GMT -7:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\fsproflt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\My Lockbox\flockbox.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Herman Nehru\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.id/ mURLSearchHooks: H - No File BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll BHO: Ask Toolbar BHO: {f4d76f01-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a StartupFolder: c:\docume~1\herman~1\startm~1\programs\startup\stardock objectdock.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-explorer: <NO NAME> = mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0) mPolicies-explorer: NoSMMyPictures = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-system: <NO NAME> = mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/V6/V5Controls/en/x86/client/wuweb_site.cab?1247595412296 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248583003125 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: klogon - c:\windows\system32\klogon.dll Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 2010\mzvkbd.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2010\mzvkbd3.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2010\kloehk.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\herman~1\applic~1\mozilla\firefox\profiles\nk4rik1i.default\ FF - prefs.js: keyword.URL - hxxp://ide.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ide&p= FF - component: c:\documents and settings\herman nehru\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\herman nehru\application data\mozilla\firefox\profiles\nk4rik1i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\np_gp.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\NPOFF12.DLL FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nppl3260.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npyaxmpb.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-8-19 43792] R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-10-4 17264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-30 296976] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-8-19 73392] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-10 603904] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-11 154624] S2 PCMAVRTPService;PCMAV RealTime Protector Service;c:\windows\system32\rtpsvc.exe --> c:\windows\system32\RTPSvc.exe [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-13 36608] S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336] S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\temp\drv1.tmp --> c:\windows\temp\drv1.tmp [?] S3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\plkusbser.sys [2009-7-11 99456] =============== Created Last 30 ================ 2009-10-10 15:19 <DIR> --d----- c:\docume~1\herman~1\applic~1\The Labyrinth Plus! Edition 2009-10-10 15:19 0 a------- c:\windows\RussSqr.INI 2009-10-10 09:49 <DIR> --d----- c:\program files\Microsoft Plus! 2009-10-07 19:55 68 a------- c:\windows\MyProg.ini 2009-10-06 16:53 <DIR> --d----- c:\program files\AskPBar 2009-10-06 16:00 <DIR> --d----- c:\program files\Raxco 2009-10-04 22:14 <DIR> --d----- c:\program files\FreeCommander 2009-10-04 21:50 17,264 a------- c:\windows\system32\drivers\mprifl.sys 2009-10-04 21:50 <DIR> --d----- c:\program files\My Lockbox 2009-10-04 19:03 41,984 a------- c:\windows\system32\dwlGina3.dll 2009-10-04 19:03 3,712 a------- c:\windows\system32\dwlkbf.sys 2009-10-04 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Deskman9 2009-10-03 23:51 <DIR> --d----- c:\docume~1\herman~1\applic~1\Thinstall 2009-10-03 20:26 387,104 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-03 20:26 5,612 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-10-03 20:23 148,496 a------- c:\windows\system32\drivers\86909831.sys 2009-10-03 20:06 <DIR> --d----- c:\program files\Vista Start Menu 2009-09-30 23:53 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat 2009-09-30 23:44 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-30 23:44 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-09-30 23:42 <DIR> --d----- c:\program files\Kaspersky Lab 2009-09-30 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-09-27 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\The Skins Factory 2009-09-26 23:54 <DIR> --d----- c:\docume~1\herman~1\applic~1\Skinux 2009-09-20 21:53 152 a------- C:\streetflyter.sav 2009-09-19 17:42 <DIR> --d----- c:\program files\Avatar - Path of Zuko 2009-09-19 13:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zbshareware Lab 2009-09-19 13:01 <DIR> --d----- c:\program files\USB Disk Security 2009-09-19 12:38 <DIR> --d----- c:\docume~1\herman~1\applic~1\Merscom 2009-09-19 12:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia 2009-09-19 12:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Merscom 2009-09-16 05:26 210,352 a------- c:\windows\system32\idmmbc.dll 2009-09-15 15:55 <DIR> --d----- c:\docume~1\herman~1\applic~1\IDM 2009-09-15 15:54 <DIR> --d----- c:\program files\Internet Download Manager 2009-09-14 21:05 <DIR> --d----- c:\docume~1\herman~1\applic~1\360desktop 2009-09-13 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2009-09-12 21:44 <DIR> --d----- c:\program files\Appwalk.com Technologies Canada 2009-09-11 23:35 <DIR> --d----- c:\program files\Youda Camper ==================== Find3M ==================== 2009-10-01 02:03 128,016 a------- c:\windows\system32\drivers\kl1.sys 2009-09-30 23:27 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-09-13 20:41 1,580,544 a------- c:\windows\system32\SfcFiles.dll 2009-09-13 20:40 219,648 a------- c:\windows\system32\uxtheme.dll 2009-09-07 23:28 288,256 a------- c:\windows\system32\fmodex.dll 2009-09-03 00:47 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-08-31 10:07 81,984 a------- c:\windows\system32\bdod.bin 2009-08-30 01:44 152,904 a------- c:\windows\system32\vghd.scr 2009-08-29 22:22 132 a------- C:\httpdwl.dat 2009-08-21 15:51 126,464 a------- c:\windows\system32\RTPScan.dll 2009-08-16 20:35 272,868 a------- c:\windows\system32\Windows XP Media Center Edition Screen Saver.scr 2009-08-14 19:23 25,600 a------- c:\windows\twunk_32.exe 2009-08-10 18:57 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-08-10 18:57 362,240 a------- c:\windows\system32\TuneUpDefragService.exe 2009-08-06 12:38 13,537,280 a------- c:\windows\system32\nvcpl.dll 2009-08-06 11:29 69,120 a------- c:\windows\NOTEPAD.EXE 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-27 21:01 7,852 a------- c:\windows\system32\mcdmsg7.dll 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-03-16 14:35 525,128 a------- c:\program files\DXSETUP.exe 2009-03-16 14:35 94,024 a------- c:\program files\DSETUP.dll ============= FINISH: 19:56:58.46 =============== I tried to delete file AUTORUN.INF containing a strange subfolder named zhengbo which is unknown to me. After trying deleting it, a message pops up saying: Cannot delete zhengbo: Cannot find the specified file. Make sure you specify the correct path and file name. Actually I have 2 folders that I cannot delete. The other one has the same case when I delete it. I don't know whether it is a virus or trojan behaviour since my computer seems working fine. The folders are all located in drive d. I am using Windows XP SP2 AMD Turion X2. What should I do to this case? Need help. Thanks. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-12-2009, 04:45 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 553
OS: N/A
|
Re: Cannot delete file AUTORUN.INF
Hello and welcome to TSF.
I Apologize for the late response. If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed. With Regards, Extremeboy |
|
|
|
|
10-12-2009, 08:14 PM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 28
OS: xp
|
Cannot delete file AUTORUN.INF
Hello Extremeboy,
Thank you for your reply. Herewith I post a fresh DDS log and GMER log that I scan today at about 09.00 AM (Indonesia time). As you already noticed that I cannot delete the AUTORUN.INF folder and also other folder named 'zzzzz' (such annoying name). I have no idea whether it is a virus or trojan behaviour since my computer seems working fine. I have scanned it with my Kaspersky Internet Security 2010 with latest update and resulted in no infection. For your information, I've ever reinstalled my OS Windows XP SP2 due to failure to boot and the folders have already appeared in the previous installed OS. Once again, my computer is working well (to my knowledge, hope I am right), except the above matter (Folder AUTORUN.INF and zzzzz cannot be deleted) Best Regards, DDS (Ver_09-09-29.01) - NTFSx86 Run by Herman Nehru at 8:56:12.50 on Tue 10/13/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1089 [GMT -7:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\fsproflt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\My Lockbox\flockbox.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\DOCUME~1\HERMAN~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Herman Nehru\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.id/ mURLSearchHooks: H - No File BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll BHO: Ask Toolbar BHO: {f4d76f01-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot StartupFolder: c:\docume~1\herman~1\startm~1\programs\startup\stardock objectdock.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe mPolicies-explorer: <NO NAME> = mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0) mPolicies-explorer: NoSMMyPictures = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-system: <NO NAME> = mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/V6/V5Controls/en/x86/client/wuweb_site.cab?1247595412296 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248583003125 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: klogon - c:\windows\system32\klogon.dll Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 2010\mzvkbd.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2010\mzvkbd3.dll,c:\progra~1\kaspersky lab\kaspersky internet security 2010\kloehk.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\herman~1\applic~1\mozilla\firefox\profiles\nk4rik1i.default\ FF - prefs.js: keyword.URL - hxxp://ide.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ide&p= FF - component: c:\documents and settings\herman nehru\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\herman nehru\application data\mozilla\firefox\profiles\nk4rik1i.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\np_gp.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\NPOFF12.DLL FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nppl3260.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npyaxmpb.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-8-19 43792] R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-10-4 17264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-30 296976] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-8-19 73392] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-10 603904] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-11 154624] S2 PCMAVRTPService;PCMAV RealTime Protector Service;c:\windows\system32\rtpsvc.exe --> c:\windows\system32\RTPSvc.exe [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-13 36608] S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-3 14336] S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\temp\drv1.tmp --> c:\windows\temp\drv1.tmp [?] S3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\plkusbser.sys [2009-7-11 99456] =============== Created Last 30 ================ 2009-10-13 08:28 <DIR> --d----- c:\docume~1\herman~1\applic~1\WinPatrol 2009-10-13 08:28 <DIR> --d----- c:\program files\BillP Studios 2009-10-12 00:06 <DIR> --d----- c:\program files\PowerISO 2009-10-11 23:18 <DIR> --dsh--- C:\[Smad-Cage] 2009-10-10 15:19 <DIR> --d----- c:\docume~1\herman~1\applic~1\The Labyrinth Plus! Edition 2009-10-10 15:19 0 a------- c:\windows\RussSqr.INI 2009-10-10 09:49 <DIR> --d----- c:\program files\Microsoft Plus! 2009-10-07 19:55 68 a------- c:\windows\MyProg.ini 2009-10-06 16:53 <DIR> --d----- c:\program files\AskPBar 2009-10-06 16:00 <DIR> --d----- c:\program files\Raxco 2009-10-04 22:14 <DIR> --d----- c:\program files\FreeCommander 2009-10-04 21:50 17,264 a------- c:\windows\system32\drivers\mprifl.sys 2009-10-04 21:50 <DIR> --d----- c:\program files\My Lockbox 2009-10-04 19:03 41,984 a------- c:\windows\system32\dwlGina3.dll 2009-10-04 19:03 3,712 a------- c:\windows\system32\dwlkbf.sys 2009-10-04 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Deskman9 2009-10-03 23:51 <DIR> --d----- c:\docume~1\herman~1\applic~1\Thinstall 2009-10-03 20:26 387,104 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-10-03 20:26 5,612 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-10-03 20:23 148,496 a------- c:\windows\system32\drivers\86909831.sys 2009-10-03 20:06 <DIR> --d----- c:\program files\Vista Start Menu 2009-09-30 23:53 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat 2009-09-30 23:44 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-30 23:44 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-09-30 23:42 <DIR> --d----- c:\program files\Kaspersky Lab 2009-09-30 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-09-27 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\The Skins Factory 2009-09-26 23:54 <DIR> --d----- c:\docume~1\herman~1\applic~1\Skinux 2009-09-20 21:53 152 a------- C:\streetflyter.sav 2009-09-19 17:42 <DIR> --d----- c:\program files\Avatar - Path of Zuko 2009-09-19 13:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zbshareware Lab 2009-09-19 13:01 <DIR> --d----- c:\program files\USB Disk Security 2009-09-19 12:38 <DIR> --d----- c:\docume~1\herman~1\applic~1\Merscom 2009-09-19 12:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia 2009-09-19 12:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Merscom 2009-09-16 05:26 210,352 a------- c:\windows\system32\idmmbc.dll 2009-09-15 15:55 <DIR> --d----- c:\docume~1\herman~1\applic~1\IDM 2009-09-15 15:54 <DIR> --d----- c:\program files\Internet Download Manager 2009-09-14 21:05 <DIR> --d----- c:\docume~1\herman~1\applic~1\360desktop 2009-09-13 17:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan ==================== Find3M ==================== 2009-10-01 02:03 128,016 a------- c:\windows\system32\drivers\kl1.sys 2009-09-30 23:27 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-09-13 20:41 1,580,544 a------- c:\windows\system32\SfcFiles.dll 2009-09-13 20:40 219,648 a------- c:\windows\system32\uxtheme.dll 2009-09-07 23:28 288,256 a------- c:\windows\system32\fmodex.dll 2009-09-03 00:47 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-08-31 10:07 81,984 a------- c:\windows\system32\bdod.bin 2009-08-30 01:44 152,904 a------- c:\windows\system32\vghd.scr 2009-08-29 22:22 132 a------- C:\httpdwl.dat 2009-08-21 15:51 126,464 a------- c:\windows\system32\RTPScan.dll 2009-08-16 20:35 272,868 a------- c:\windows\system32\Windows XP Media Center Edition Screen Saver.scr 2009-08-14 19:23 25,600 a------- c:\windows\twunk_32.exe 2009-08-10 18:57 603,904 a------- c:\windows\system32\TUProgSt.exe 2009-08-10 18:57 362,240 a------- c:\windows\system32\TuneUpDefragService.exe 2009-08-06 12:38 13,537,280 a------- c:\windows\system32\nvcpl.dll 2009-08-06 11:29 69,120 a------- c:\windows\NOTEPAD.EXE 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-27 21:01 7,852 a------- c:\windows\system32\mcdmsg7.dll 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-03-16 14:35 525,128 a------- c:\program files\DXSETUP.exe 2009-03-16 14:35 94,024 a------- c:\program files\DSETUP.dll ============= FINISH: 8:57:10.21 =============== |
|
|
|
|
10-13-2009, 07:39 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,802
OS: 2000 Pro; XP Pro; XP Home
|
Re: Cannot delete file AUTORUN.INF
Hello, rappokalling -
I believe these logs belong in this topic. I've merged it into this thread. I'm replying only so Extremeboy receives a notification, so he can begin to assist. Please be patient, as there are of course time zones to consider. Please bookmark this topic, and reply here to all requests from Extremeboy. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Back to you, EB!
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-14-2009, 02:51 PM
|
#5 (permalink) | |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 553
OS: N/A
|
Re: Cannot delete file AUTORUN.INF
Thank you TetonBob. I didn't realize this post was posted elsewhere or moved back. Thanks for giving me a bump. :)
-- Sorry for the delay. Let's continue. Thanks for the explanation of the current condition of your system. Quote:
-- We'll start with Combofix followed by flash-drive disinfector. Note, that Flash-drive disinfector will create a hidden autorun.inf folder to prevent future autorun.inf worms or infections related to that. We'll see if that autorun folder is still there afterwards and deal with that. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so. Please include the C:\ComboFix.txt in your next reply for further review. Download and Run FlashDisinfector
Thanks. ~Extremeboy |
|
|
|
|
|
10-15-2009, 01:26 AM
|
#6 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 28
OS: xp
|
Re: Cannot delete file AUTORUN.INF
Hello Extremeboy and thank you Totenbob for helping me as well,
Extremeboy, the folder zzzzz is located in drive D along with folder AUTORUN.INF, and yes I ever created a folder named zzzzz, but I don,t remember if it is a 'rename' or 'create new' folder and what was inside the folder I stored. As far as I remember it was made last year (previous installed OS (Windows XP SP2)). Now this hidden folder appeared (after using command prompt) containing sub folder named 'zzzzzz.zzz' which contains an icon ( a picture of Paint tool). All of them cannot be deleted. Best Regards, Here is the result of scan by combofix: ComboFix 09-10-14.08 - Herman Nehru 10/15/2009 14:36.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1790.1354 [GMT -7:00] Running from: c:\documents and settings\Herman Nehru\Desktop\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Herman Nehru\Application Data\.# c:\documents and settings\Herman Nehru\Application Data\.#\MBX@594@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@594@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@594@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@81C@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@81C@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@81C@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@BC4@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@BC4@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@BC4@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C14@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C14@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C14@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C78@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C78@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@C78@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D30@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D30@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D30@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D90@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D90@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@D90@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E04@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E04@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E04@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E30@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E30@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@E30@3737E8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@EC8@3737C8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@EC8@3737D8.### c:\documents and settings\Herman Nehru\Application Data\.#\MBX@EC8@3737E8.### c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-2052111302-1425521274-725345543-1003 c:\windows\Installer\13996d4.msp c:\windows\system32\Desktop_.ini c:\windows\system32\logs Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected Restored copy from - Kitty ate it :^) . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-14 18:15 . 2009-10-14 19:42 -------- d-----w- c:\program files\Real Desktop 2009-10-13 20:52 . 2009-10-13 20:52 -------- d-----w- c:\documents and settings\Herman Nehru\1st Security Agent 2009-10-13 20:52 . 2009-10-13 20:52 -------- d-----w- c:\documents and settings\Guest\1st Security Agent 2009-10-13 20:52 . 2009-10-13 20:52 -------- d-----w- c:\documents and settings\Administrator\1st Security Agent 2009-10-13 20:52 . 2009-10-13 20:52 -------- d-----w- C:\1st Security Agent 2009-10-13 20:52 . 2009-10-13 20:52 -------- d-----w- c:\program files\1st Security Agent 2009-10-13 19:05 . 2009-10-13 20:04 -------- d-----w- c:\program files\HÑÑ 2009-10-13 15:28 . 2009-10-13 15:28 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\WinPatrol 2009-10-13 15:28 . 2009-10-13 15:28 -------- d-----w- c:\program files\BillP Studios 2009-10-12 07:06 . 2009-10-12 07:06 -------- d-----w- c:\program files\PowerISO 2009-10-12 06:18 . 2009-10-12 06:18 -------- d-----w- C:\[Smad-Cage] 2009-10-11 18:02 . 2009-10-11 18:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-10 22:48 . 2009-10-10 22:48 -------- d-----w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\WMTools Downloaded Files 2009-10-10 22:19 . 2009-10-10 22:19 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\The Labyrinth Plus! Edition 2009-10-10 16:49 . 2009-10-10 16:49 -------- d-----w- c:\program files\Microsoft Plus! 2009-10-07 02:18 . 2009-10-07 02:18 -------- d-----w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\Google 2009-10-06 23:53 . 2009-10-06 23:53 -------- d-----w- c:\program files\AskPBar 2009-10-06 23:01 . 2009-10-06 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco 2009-10-06 23:00 . 2009-10-06 23:01 -------- d-----w- c:\program files\Raxco 2009-10-05 05:14 . 2009-10-05 05:14 -------- d-----w- c:\program files\FreeCommander 2009-10-05 04:50 . 2007-12-14 03:13 17264 ----a-w- c:\windows\system32\drivers\mprifl.sys 2009-10-05 04:50 . 2009-10-05 04:50 -------- d-----w- c:\program files\My Lockbox 2009-10-05 02:03 . 2008-06-20 03:28 41984 ----a-w- c:\windows\system32\dwlGina3.dll 2009-10-05 02:03 . 2007-08-20 17:46 3712 ----a-w- c:\windows\system32\dwlkbf.sys 2009-10-05 02:03 . 2009-10-05 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskman9 2009-10-04 06:51 . 2009-10-04 06:51 -------- d-----w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\Thinstall 2009-10-04 06:51 . 2009-10-04 06:51 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Thinstall 2009-10-04 03:26 . 2009-10-04 03:31 387104 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-04 03:23 . 2008-07-08 21:54 148496 ----a-w- c:\windows\system32\drivers\86909831.sys 2009-10-04 03:06 . 2009-10-15 16:03 -------- d-----w- c:\program files\Vista Start Menu 2009-10-03 07:20 . 2009-10-03 07:20 -------- d-----w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\Opera 2009-10-03 07:19 . 2009-10-03 07:19 -------- d-----w- c:\program files\Opera 2009-10-01 06:53 . 2009-10-01 06:53 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-10-01 06:44 . 2009-10-15 16:02 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-10-01 06:44 . 2009-10-15 16:02 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-10-01 06:42 . 2009-10-15 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-10-01 06:42 . 2009-10-01 06:42 -------- d-----w- c:\program files\Kaspersky Lab 2009-09-27 07:39 . 2009-09-27 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory 2009-09-27 06:54 . 2009-09-27 06:54 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Skinux 2009-09-27 06:45 . 2009-09-27 06:45 -------- d-----w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\Downloaded Installations 2009-09-20 00:42 . 2009-09-20 00:42 -------- d-----w- c:\program files\Avatar - Path of Zuko 2009-09-19 20:01 . 2009-09-19 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab 2009-09-19 20:01 . 2009-09-19 20:04 -------- d-----w- c:\program files\USB Disk Security 2009-09-19 19:38 . 2009-09-19 19:38 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Merscom 2009-09-19 19:38 . 2009-09-19 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2009-09-19 19:38 . 2009-09-19 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom 2009-09-16 12:26 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll 2009-09-15 22:55 . 2009-10-15 20:52 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\IDM 2009-09-15 22:54 . 2009-10-06 04:45 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 20:52 . 2009-07-13 19:31 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\DMCache 2009-10-15 20:47 . 2009-07-11 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-13 23:42 . 2009-08-16 18:02 862136 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-13 19:14 . 2009-07-17 18:13 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Delicious IE Extension 2009-10-10 20:24 . 2009-07-12 03:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-10 17:23 . 2009-07-20 04:25 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\SoftMaker 2009-10-10 17:22 . 2009-07-19 19:21 -------- d-----w- c:\program files\Flock 2009-10-10 17:22 . 2009-07-19 19:21 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Flock 2009-10-08 02:52 . 2009-08-24 23:49 -------- d-----w- c:\program files\Styler 2009-10-08 02:51 . 2009-08-23 10:29 -------- d-----w- c:\program files\Gish 2009-10-08 02:50 . 2009-07-14 16:29 -------- d-----w- c:\program files\Mobile Partner 2009-10-04 03:31 . 2009-10-04 03:26 5612 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-04 01:10 . 2009-07-20 05:06 -------- d-----w- c:\program files\Windows Sidebar 2009-10-01 09:03 . 2009-05-24 22:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-10-01 06:38 . 2009-09-09 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-10-01 06:27 . 2009-08-18 22:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-10-01 06:26 . 2009-09-03 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-28 06:44 . 2009-09-12 06:35 -------- d-----w- c:\program files\Youda Camper 2009-09-18 23:24 . 2009-08-08 20:38 -------- d-----w- c:\program files\Altysoft Free Video Converter 2009-09-15 04:51 . 2009-08-17 19:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 04:05 . 2009-09-15 04:05 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\360desktop 2009-09-14 03:41 . 2004-08-03 22:56 1580544 ----a-w- c:\windows\system32\SfcFiles.dll 2009-09-14 03:40 . 2004-08-03 22:56 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-09-14 01:17 . 2009-09-14 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-14 00:56 . 2009-09-14 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-14 00:56 . 2009-09-14 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-09-14 00:52 . 2009-09-14 00:52 -------- d-----w- c:\program files\NOS 2009-09-13 23:25 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\PlayFirst 2009-09-13 23:25 . 2009-08-02 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-09-13 04:44 . 2009-09-13 04:44 -------- d-----w- c:\program files\Appwalk.com Technologies Canada 2009-09-12 15:44 . 2009-08-03 17:12 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 14:33 . 2004-08-03 22:56 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-08 06:28 . 2009-09-08 06:28 288256 ----a-w- c:\windows\system32\fmodex.dll 2009-09-08 01:23 . 2009-09-08 01:21 -------- d-----w- c:\program files\Cheatbook Database 2009 2009-09-05 18:39 . 2009-09-05 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-09-05 18:39 . 2009-07-12 00:49 -------- d-----w- c:\program files\PopCap Games 2009-09-05 03:04 . 2009-09-04 18:15 -------- d-----w- c:\program files\Training Manager 2008 Enterprise 2009-09-05 02:55 . 2009-09-05 02:55 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search 2009-09-04 22:13 . 2009-08-30 09:03 7 ----a-w- c:\windows\sbacknt.bin 2009-09-04 20:45 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 18:15 . 2009-09-04 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TrainingManager 2009-09-03 21:59 . 2009-07-12 00:40 -------- d-----w- c:\program files\Tumblebugs 2 2009-09-03 07:47 . 2009-09-03 05:54 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-02 16:47 . 2009-09-02 16:24 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\CheckPoint 2009-09-01 23:25 . 2009-07-12 01:36 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4 2009-09-01 06:21 . 2009-09-01 06:21 -------- d-----w- c:\program files\Alwil Software 2009-08-31 19:13 . 2009-07-12 00:22 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Ahead 2009-08-31 17:21 . 2009-08-31 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-08-31 17:09 . 2009-08-29 22:30 -------- d-----w- c:\program files\Common Files\BitDefender 2009-08-31 17:07 . 2009-08-30 05:21 81984 ----a-w- c:\windows\system32\bdod.bin 2009-08-31 01:19 . 2009-08-31 01:19 -------- d-----w- c:\program files\MSXML 4.0 2009-08-31 00:05 . 2009-08-30 08:44 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\vghd 2009-08-30 08:44 . 2009-08-30 08:34 152904 ----a-w- c:\windows\system32\vghd.scr 2009-08-30 05:22 . 2009-08-30 05:22 132 ----a-w- C:\httpdwl.dat 2009-08-30 05:07 . 2009-07-17 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-08-26 08:16 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 00:08 . 2009-08-11 18:46 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-08-25 00:08 . 2009-08-11 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-08-24 23:54 . 2009-08-24 23:54 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Styler 2009-08-24 19:15 . 2009-08-24 16:25 -------- d-----w- c:\program files\LockHunter 2009-08-24 18:33 . 2009-08-24 18:33 -------- d-----w- c:\program files\Stardock 2009-08-24 16:25 . 2009-08-24 16:25 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\LockHunter 2009-08-22 16:03 . 2009-08-20 05:23 -------- d-----w- c:\program files\Hide Folders 2009 2009-08-21 22:51 . 2009-07-11 20:49 126464 ----a-w- c:\windows\system32\RTPScan.dll 2009-08-21 07:11 . 2009-08-08 22:57 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-08-21 07:10 . 2009-07-27 02:28 -------- d-----w- c:\program files\DesktopCoral 2009-08-21 07:10 . 2009-07-20 01:22 -------- d-----w- c:\program files\Sidebar 2009-08-21 05:35 . 2009-07-11 22:59 76528 ----a-w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 22:13 . 2009-08-19 22:13 -------- d-----w- c:\documents and settings\Herman Nehru\Application Data\Systweak 2009-08-19 22:13 . 2009-08-19 22:12 -------- d-----w- c:\program files\Advanced System Optimizer 2009-08-19 05:59 . 2009-08-19 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-08-19 04:46 . 2009-08-14 16:50 2119680 ----a-w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\cooliris-win-ie-release-1.11.2.27471.en-US.msi 2009-08-19 02:38 . 2009-08-17 06:06 10 ----a-w- c:\windows\popcinfo.dat 2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-18 06:27 . 2009-08-18 06:27 -------- d-----w- c:\program files\Foxit Software 2009-08-18 05:57 . 2009-07-12 00:09 -------- d-----w- c:\program files\All Office Converter Platinum 2009-08-17 19:49 . 2009-08-17 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2009-08-17 19:48 . 2009-08-17 19:48 -------- d-----w- c:\program files\TechSmith 2009-08-17 03:35 . 2009-08-17 03:35 272868 ----a-w- c:\windows\system32\Windows XP Media Center Edition Screen Saver.scr 2009-08-15 02:23 . 2001-08-23 11:00 25600 ----a-w- c:\windows\twunk_32.exe 2009-08-11 01:57 . 2009-08-11 01:57 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-11 01:57 . 2009-08-11 01:57 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-06 19:38 . 2008-05-29 11:41 13537280 ----a-w- c:\windows\system32\nvcpl.dll 2009-08-06 18:29 . 2009-07-11 14:58 69120 ----a-w- c:\windows\NOTEPAD.EXE 2009-08-05 09:11 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 04:01 . 2009-07-28 04:01 7852 ----a-w- c:\windows\system32\mcdmsg7.dll 2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-07-27 02:32 . 2009-07-27 02:32 46 ----a-w- c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat 2009-07-27 02:32 . 2009-07-27 02:32 46 ----a-w- c:\documents and settings\Herman Nehru\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat 2009-07-25 21:27 . 2009-07-12 01:36 335 ----a-w- c:\windows\nsreg.dat 2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe 2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll . ------- Sigcheck ------- [-] 2009-09-14 . 1186FB2F052E4890C6C23F420F4BE1BC . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\SfcFiles.dll [-] 2009-09-14 . 1186FB2F052E4890C6C23F420F4BE1BC . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-06 3118512] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-07-28 1230848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13537280] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 86016] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-05 821768] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-12 1028096] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-09-12 811008] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376] "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832] "00saskda"="c:\program files\1st Security Agent\newlock.exe" [2009-06-18 1457344] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-29 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-05-13 16862720] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-9-27 1273856] c:\documents and settings\Guest\Start Menu\Programs\Startup\ Hyperdesk_uninst0.lnk - c:\documents and settings\All Users\Application Data\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2009-9-27 1273856] c:\documents and settings\Herman Nehru\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-24 3581680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-11 576104] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuMyMusic"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 1 (0x1) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 22:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Herman Nehru^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK] backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup [HKLM\~\startupfolder\C:^Documents and Settings^Herman Nehru^Start Menu^Programs^Startup^Styler.lnk] backup=c:\windows\pss\Styler.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [8/19/2009 22:23 43792] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 20:41 33808] R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [10/4/2009 21:50 17264] R2 DeskSaverService;DeskSaverService;c:\program files\1st Security Agent\newlock.exe [10/13/2009 13:52 1457344] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [8/19/2009 22:23 73392] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/10/2009 18:57 603904] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 20:59 19472] R3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\plkusbser.sys [7/11/2009 15:56 99456] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/11/2009 15:28 154624] S2 PCMAVRTPService;PCMAV RealTime Protector Service;c:\windows\system32\RTPSvc.exe --> c:\windows\system32\RTPSvc.exe [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7/13/2009 18:21 36608] S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 15:56 14336] S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] "c:\program files\Windows Sidebar\sidebar.exe" /RegServer . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28] 2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{E3CD1275-2939-4B63-B05D-BE902B8818D5}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.id/ IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\documents and settings\Herman Nehru\Application Data\Mozilla\Firefox\Profiles\nk4rik1i.default\ FF - prefs.js: keyword.URL - hxxp://ide.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ide&p= FF - component: c:\documents and settings\Herman Nehru\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Herman Nehru\Application Data\Mozilla\Firefox\Profiles\nk4rik1i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np_gp.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\NPOFF12.DLL FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\nppl3260.dll FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: content.notify.interval - 750000 FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-15 14:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv] "ImagePath"="\??\c:\windows\TEMP\drv1.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):87,2d,c3,ce,b9,a4,9b,4f,ee,59,ba,03,35,42,2d,61,ea,34,96,06,2c, 65,99,e3,86,40,49,42,37,54,ca,4e,6c,0e,a2,93,7a,c4,10,02,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fc28d12f-953c-4768-98c7-cebe59a1a05e}] @Denied: (Full) (Everyone) "Model"=dword:00000106 "Therad"=dword:0000000e "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d6,31,95,fc,65,93,df,8b,66,88,7c,1a,78,15,\ . Completion time: 2009-10-15 14:51 ComboFix-quarantined-files.txt 2009-10-15 21:51 Pre-Run: 33,649,029,120 bytes free Post-Run: 33,602,981,888 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 411 --- E O F --- 2009-10-15 20:50 |
|
|
|
|
10-15-2009, 04:08 PM
|
#7 (permalink) |
|
Analyst, Security Team
Join Date: Jan 2009
Posts: 553
OS: N/A
|
Re: Cannot delete file AUTORUN.INF
Hello.
We'll see what that folder is. Download and run RootRepeal CR Please download RootRepeal from the following location and save it to your desktop.
Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Thanks. With Regards, Extremeboy |
|
|
|
tab at the bottom.
button.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
19.78 on Sun 10/18/2009
