1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan removal help

Discussion in 'Malware and Virus Removal Archive' started by shazalam, 2008/03/23.

  1. 2008/03/23
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    [Resolved] Trojan removal help

    hi there,

    new to the forum...I recently started getting the "your computer was infected by a trojan....." prompts everytime I open any folder...read a couple of posts and installed hijackthis... my log is as follows...any help will be much appreciated..cheers!




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:02:44, on 24/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    O1 - Hosts: 66.98.136.25 auto.search.msn.com
    O1 - Hosts: 66.98.136.25 auto.search.msn.es
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Media Player Classic - {5ADB5143-1CBD-4A52-A604-CCC8D76BA8D4} - C:\WINDOWS\ausctv32a.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe "
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EC29B08-1002-4C93-91EF-FD5F2274BC83}: NameServer = 192.168.1.254
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6726 bytes
     
    shazalam,
    #1
  2. 2008/03/23
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS shazalam :)

    Let's have a closer look at things. Download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/03/24
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    Hi there,

    Thanks for the reply. I jumped the gun last night (before getting your reply) and ran sdfix (after running loads of other trojan removers) in safe mode... it found the following trojans and deleted them

    Trojan Files Found:

    C:\WINDOWS\ausctv32a.dll - Deleted
    C:\WINDOWS\hosts - Deleted
    C:\WINDOWS\Temp\$_2341234.TMP - Deleted


    That seems to have worked and i'm not get the prompts anymore. I also ran Deckard's after that and here are the results. Do they look ok?
    Cheers!



    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    46: 2008-03-24 11:10:30 UTC - RP535 - Deckard's System Scanner Restore Point
    45: 2008-03-24 10:50:35 UTC - RP534 - Removed Ad-Aware 2007
    44: 2008-03-24 00:15:24 UTC - RP533 - Installed SUPERAntiSpyware Free Edition
    43: 2008-03-23 23:09:13 UTC - RP532 - Installed Ad-Aware 2007
    42: 2008-03-15 21:20:00 UTC - RP531 - System Checkpoint


    -- First Restore Point --
    1: 2007-11-26 20:25:13 UTC - RP490 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 495 MiB (512 MiB recommended).


    -- HijackThis (run as Shahzad.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:52, on 24/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Shahzad\Desktop\dss.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Shahzad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe "
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EC29B08-1002-4C93-91EF-FD5F2274BC83}: NameServer = 192.168.1.254
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 5793 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 pnpshark - c:\windows\system32\drivers\pnpshark.sys
    R0 st3shark - c:\windows\system32\drivers\st3shark.sys
    R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
    R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
    R3 catchme - c:\docume~1\shahzad\locals~1\temp\catchme.sys (file missing)
    R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
    R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>

    S3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF311179&REV_10\4&16793A72&0&10F0
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF311179&REV_10\4&16793A72&0&10F0
    Service: RTL8023xp


    -- Files created between 2008-02-24 and 2008-03-24 -----------------------------

    2008-03-24 01:24:19 0 d-------- C:\WINDOWS\ERUNT
    2008-03-24 01:02:22 0 d-------- C:\Program Files\Trend Micro
    2008-03-24 00:21:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15:27 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-24 00:15:27 0 d-------- C:\Documents and Settings\Shahzad\Application Data\SUPERAntiSpyware.com
    2008-03-23 23:09:30 0 d-------- C:\Program Files\Lavasoft
    2008-03-23 23:09:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-23 23:05:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-22 21:23:35 0 d-------- C:\Documents and Settings\Shahzad\Application Data\TrojanHunter
    2008-03-22 20:15:00 0 d-------- C:\Program Files\TrojanHunter 5.0
    2008-03-22 18:45:14 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-22 18:43:45 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2008-03-22 18:43:45 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2008-03-22 18:43:45 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-03-22 18:43:45 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2008-03-22 18:43:45 75264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-03-22 18:43:34 0 d-------- C:\Program Files\Trojan Remover
    2008-03-22 18:43:34 0 d-------- C:\Documents and Settings\Shahzad\Application Data\Simply Super Software
    2008-03-22 18:43:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2008-03-22 14:19:55 51 --a------ C:\xmp.bat


    -- Find3M Report ---------------------------------------------------------------

    2008-03-24 01:48:30 0 d-------- C:\Documents and Settings\Shahzad\Application Data\DMCache
    2008-03-23 23:05:13 0 d-------- C:\Program Files\Common Files
    2008-02-10 23:03:20 0 d-------- C:\Documents and Settings\Shahzad\Application Data\vlc
    2008-02-10 23:01:32 0 d-------- C:\Program Files\VideoLAN


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [08/10/2004 07:31]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [08/10/2004 07:27]
    "NDSTray.exe "= "NDSTray.exe" []
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [11/01/2005 08:55]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 21:48]
    "StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [24/06/2005 18:33]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00]
    "Athan "= "C:\Program Files\Athan\Athan.exe" [06/09/2007 18:25]
    "TrojanScanner "= "C:\Program Files\Trojan Remover\Trjscan.exe" [17/03/2008 16:38]
    "THGuard "= "C:\Program Files\TrojanHunter 5.0\THGuard.exe" [08/02/2008 11:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "aupd "= "C:\WINDOWS\system32\sywsvcs.exe" []
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
    "IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [26/04/2006 10:11]
    "SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxproxy]
    C:\WINDOWS\bxproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit]
    C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor]
    C:\Program Files\NewSoft\Presto! PVR\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
    "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    "C:\Program Files\Microsoft IntelliType Pro\type32.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URemote]
    C:\Program Files\NewSoft\Presto! PVR\URemote.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RpcxSs


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc204bfc-513e-11da-adfa-00c09fa72fa8}]
    AutoRun\command- RavMon.exe
    explore\Command- RavMon.exe -e
    open\Command- RavMon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da113330-be56-11db-ae90-00c09fa72fa8}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    Open(0)\command- F:\Recycled\ctfmon.exe




    -- End of Deckard's System Scanner: finished at 2008-03-24 11:12:34 ------------
     
    shazalam,
    #3
  5. 2008/03/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You have at the least, remnants of a number of infections. First, please post the entire SDFix log.

    Next, please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

    Now, download ComboFix by sUBs from here, saving the file to your desktop. If you do not have an XP SP2 cd (an Operating System disc, not a Recovery cd), I recommend you first install the Recovery Console as outlined below.


    Install the Recovery Console

    Download the installation package Setup Disks for Floppy Boot Install from Microsoft so that it can be used to install the Recovery Console on your computer. No validation required! Please select the download link below that's appropriate for your Operating System, then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!
    Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

    Please do not reboot your machine until we have reviewed the log.




    If you do have an XP SP2 cd (an Operating System disc, not a Recovery cd), you can proceed as follows:

    Please disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #4
  6. 2008/03/25
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    SDFix: Version 1.160

    Run by Shahzad on 24/03/2008 at 01:27

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\sdfix\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\ausctv32a.dll - Deleted
    C:\WINDOWS\hosts - Deleted
    C:\WINDOWS\Temp\$_2341234.TMP - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-24 01:35:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa5e7c8]
    "0012ee6e007e "=hex:fb,13,00,c8,fc,85,43,a0,e1,0f,26,12,d2,c9,c9,6a
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d3aa5e7c8]
    "0012ee6e007e "=hex:fb,13,00,c8,fc,85,43,a0,e1,0f,26,12,d2,c9,c9,6a

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed "=dword:0000003b
    "TracesSuccessful "=dword:00000008

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk "
    "C:\\Program Files\\DC++\\DCPlusPlus.exe "= "C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++ "
    "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "= "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager "
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "= "C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application "
    "C:\\Program Files\\DAP\\DAP.exe "= "C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus "
    "C:\\DOCUME~1\\Shahzad\\LOCALS~1\\Temp\\bot.exe "= "C:\\DOCUME~1\\Shahzad\\LOCALS~1\\Temp\\bot.exe:*:Enabled:Windows Update "
    "C:\\WINDOWS\\bxproxy.exe "= "C:\\WINDOWS\\bxproxy.exe:*:Enabled:Windows Update "
    "C:\\Program Files\\Valve\\hl.exe "= "C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher "
    "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe "= "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe:*:Enabled:peerweb DC++ "
    "C:\\Program Files\\mIRC\\mirc.exe "= "C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC "
    "C:\\Program Files\\MyWebCalls\\Dialer\\MyWebcalls.exe "= "C:\\Program Files\\MyWebCalls\\Dialer\\MyWebcalls.exe:*:Enabled:MyWebcalls Desktop Phone Application "
    "C:\\Program Files\\Gizmo Project\\mDNSResponder.exe "= "C:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\\Program Files\\Gizmo Project\\Gizmo.exe "= "C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project "
    "C:\\Program Files\\uTorrent\\uTorrent.exe "= "C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent "
    "C:\\Program Files\\NewsBin\\nbpro.exe "= "C:\\Program Files\\NewsBin\\nbpro.exe:*:Enabled:NewsBin "
    "C:\\Program Files\\Callserve\\Internet Telephone\\CS_Phone.exe "= "C:\\Program Files\\Callserve\\Internet Telephone\\CS_Phone.exe:*:Enabled:Internet Telephone "
    "C:\\Program Files\\DialpadChameleon\\dpcham.exe "= "C:\\Program Files\\DialpadChameleon\\dpcham.exe:*:Enabled:dpcham "
    "C:\\Program Files\\WebPhone Dialer\\WebPhoneDialer.exe "= "C:\\Program Files\\WebPhone Dialer\\WebPhoneDialer.exe:*:Enabled:WebPhone Dialer "
    "C:\\WINDOWS\\system32\\dpvsetup.exe "= "C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
    "C:\\WINDOWS\\system32\\rundll32.exe "= "C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App "
    "C:\\Program Files\\efonica softphone\\efonica.exe "= "C:\\Program Files\\efonica softphone\\efonica.exe:*:Enabled:efonica softphone "
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer "
    "C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe "= "C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox "
    "C:\\Documents and Settings\\Shahzad\\Desktop\\Shezi\\Counter Strike 1.6 version 3147\\cstrike.exe "= "C:\\Documents and Settings\\Shahzad\\Desktop\\Shezi\\Counter Strike 1.6 version 3147\\cstrike.exe:*:Enabled:Half-Life Launcher "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
    "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe "= "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe:*:Enabled:LowRateVoip "
    "D:\\Utils\\UpgradeWizard\\RecoveryTool\\upgradeBTHH.exe "= "D:\\Utils\\UpgradeWizard\\RecoveryTool\\upgradeBTHH.exe:*:Enabled:BT Home Hub Recovery Tool "
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater "
    "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
    "C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

    Remaining Files :


    File Backups: - C:\sdfix\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll "
    Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll "
    Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll "
    Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll "
    Sat 2 Jun 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe "
    Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe "
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll "
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll "
    Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll "
    Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll "
    Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll "
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll "
    Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll "
    Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll "
    Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll "
    Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll "
    Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll "
    Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll "
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll "
    Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll "
    Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll "
    Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll "
    Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll "
    Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll "
    Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll "
    Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll "
    Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll "
    Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll "
    Mon 19 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT5.tmp "
    Sun 16 Oct 2005 49,152 A..H. --- "C:\Documents and Settings\Shahzad\Application Data\Microsoft\Word\~WRL0296.tmp "
    Mon 23 Jan 2006 27,136 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\HDC\Poverty\Report\~WRL2601.tmp "
    Thu 9 Mar 2006 114,688 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Accounting project\~WRL3742.tmp "
    Sat 15 Oct 2005 46,080 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0001.tmp "
    Sun 16 Oct 2005 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0002.tmp "
    Sat 15 Oct 2005 46,080 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0004.tmp "
    Sun 16 Oct 2005 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0005.tmp "
    Tue 11 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0013.tmp "
    Sun 16 Oct 2005 54,272 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0019.tmp "
    Tue 11 Oct 2005 44,032 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0139.tmp "
    Sun 16 Oct 2005 55,808 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0147.tmp "
    Tue 11 Oct 2005 44,544 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0250.tmp "
    Sun 9 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0341.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0454.tmp "
    Sun 16 Oct 2005 53,248 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0566.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0593.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0595.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0838.tmp "
    Sun 16 Oct 2005 56,320 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0883.tmp "
    Tue 11 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0889.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0925.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0944.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0948.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0975.tmp "
    Sun 16 Oct 2005 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0980.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL0996.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1004.tmp "
    Sun 16 Oct 2005 55,808 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1017.tmp "
    Sun 16 Oct 2005 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1055.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1389.tmp "
    Sun 16 Oct 2005 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1469.tmp "
    Sun 16 Oct 2005 59,392 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1491.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1569.tmp "
    Sun 16 Oct 2005 53,760 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1576.tmp "
    Tue 11 Oct 2005 44,032 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1643.tmp "
    Sat 15 Oct 2005 46,592 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1648.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1717.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1760.tmp "
    Tue 11 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1787.tmp "
    Sun 16 Oct 2005 65,024 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1915.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1927.tmp "
    Sat 15 Oct 2005 45,568 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1968.tmp "
    Sun 16 Oct 2005 53,248 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL1972.tmp "
    Tue 11 Oct 2005 44,032 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2000.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2093.tmp "
    Sat 15 Oct 2005 46,592 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2131.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2148.tmp "
    Tue 11 Oct 2005 44,032 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2203.tmp "
    Sun 16 Oct 2005 67,072 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2538.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2561.tmp "
    Sun 16 Oct 2005 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2562.tmp "
    Sun 16 Oct 2005 48,640 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2744.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2755.tmp "
    Tue 11 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2766.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2802.tmp "
    Sun 16 Oct 2005 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2840.tmp "
    Sun 16 Oct 2005 52,224 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2877.tmp "
    Sun 16 Oct 2005 56,320 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL2884.tmp "
    Sun 16 Oct 2005 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3028.tmp "
    Sun 16 Oct 2005 48,640 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3040.tmp "
    Sat 15 Oct 2005 46,592 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3085.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3170.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3190.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3279.tmp "
    Tue 11 Oct 2005 43,008 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3403.tmp "
    Sun 16 Oct 2005 65,024 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3408.tmp "
    Sun 16 Oct 2005 56,320 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3479.tmp "
    Sun 16 Oct 2005 56,320 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3571.tmp "
    Sun 16 Oct 2005 66,048 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3852.tmp "
    Sun 16 Oct 2005 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3883.tmp "
    Sun 16 Oct 2005 61,952 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL3974.tmp "
    Sun 16 Oct 2005 65,536 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\MArketing assign\~WRL4073.tmp "
    Thu 1 Dec 2005 26,624 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\marketing exam\~WRL0001.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL0149.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL0548.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL0579.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL0945.tmp "
    Tue 28 Mar 2006 48,640 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL0989.tmp "
    Tue 28 Mar 2006 50,176 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1023.tmp "
    Mon 27 Mar 2006 48,640 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1054.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1118.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1311.tmp "
    Tue 28 Mar 2006 48,640 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1474.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1610.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1634.tmp "
    Tue 28 Mar 2006 50,176 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1686.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1729.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1831.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1910.tmp "
    Tue 28 Mar 2006 49,152 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL1929.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2011.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2128.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2142.tmp "
    Tue 28 Mar 2006 51,200 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2337.tmp "
    Tue 28 Mar 2006 50,176 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2338.tmp "
    Tue 28 Mar 2006 49,152 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL2629.tmp "
    Tue 28 Mar 2006 52,224 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3023.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3223.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3258.tmp "
    Tue 28 Mar 2006 50,688 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3423.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3440.tmp "
    Tue 28 Mar 2006 49,664 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3715.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3738.tmp "
    Tue 28 Mar 2006 51,712 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\operations management\~WRL3775.tmp "
    Thu 18 May 2006 58,880 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL0188.tmp "
    Thu 18 May 2006 58,368 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL0314.tmp "
    Thu 18 May 2006 59,392 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL1166.tmp "
    Thu 18 May 2006 60,416 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL2484.tmp "
    Thu 18 May 2006 56,832 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL2497.tmp "
    Thu 18 May 2006 58,368 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL2802.tmp "
    Thu 18 May 2006 59,392 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL3118.tmp "
    Thu 18 May 2006 57,344 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL3681.tmp "
    Thu 18 May 2006 57,856 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\Personal Development\~WRL4066.tmp "
    Sun 1 Jan 2006 4,348 A..H. --- "C:\Documents and Settings\Shahzad\My Documents\My Pictures\My Music\License Backup\drmv1key.bak "
    Sun 1 Jan 2006 20 A..H. --- "C:\Documents and Settings\Shahzad\My Documents\My Pictures\My Music\License Backup\drmv1lic.bak "
    Wed 9 Nov 2005 312 A.SH. --- "C:\Documents and Settings\Shahzad\My Documents\My Pictures\My Music\License Backup\drmv2key.bak "
    Sat 3 Jun 2006 24,064 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL0001.tmp "
    Fri 16 Jun 2006 26,624 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL0005.tmp "
    Fri 16 Jun 2006 44,544 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL0889.tmp "
    Fri 16 Jun 2006 41,472 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL1632.tmp "
    Fri 16 Jun 2006 37,376 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL1900.tmp "
    Fri 16 Jun 2006 33,280 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL2103.tmp "
    Fri 16 Jun 2006 45,568 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL2339.tmp "
    Fri 16 Jun 2006 44,544 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL2817.tmp "
    Fri 16 Jun 2006 35,328 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL2884.tmp "
    Fri 16 Jun 2006 36,864 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL3402.tmp "
    Fri 16 Jun 2006 38,400 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\KPMG\~WRL3916.tmp "
    Thu 7 Dec 2006 25,600 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\Deloitte\assessment center\~WRL1348.tmp "
    Thu 7 Dec 2006 26,624 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\Deloitte\assessment center\~WRL1819.tmp "
    Thu 7 Dec 2006 26,624 A..H. --- "C:\Documents and Settings\Shahzad\Desktop\Surrey Dissertation\Surrey work\job\Deloitte\assessment center\~WRL3162.tmp "

    Finished!
     
    shazalam,
    #5
  7. 2008/03/25
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    Here is the log from combo fix... Please let me know if I can reboot the laptop



    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
     
    shazalam,
    #6
  8. 2008/03/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks perfect. :) No need to reboot the machine, though you can if you like. Please go ahead and run ComboFix as described then post the resulting log.
     
    noahdfear,
    #7
  9. 2008/03/26
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    Ran Combo Fix..Pasting the log below... could you please also recommend a good anti virus ...im currently using Avast which clearly isnt effective...Cheers!




    ComboFix 08-03-25.1 - Shahzad 2008-03-26 18:08:37.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT 0:00]
    Running from: C:\Documents and Settings\Shahzad\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
    .

    2008-03-24 11:08 . 2008-03-24 11:08 <DIR> d-------- C:\Deckard
    2008-03-24 01:24 . 2008-03-24 01:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-03-24 01:18 . 2008-03-24 01:18 <DIR> d-------- C:\sdfix
    2008-03-24 01:02 . 2008-03-24 01:02 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-24 00:21 . 2008-03-24 00:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Documents and Settings\Shahzad\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-23 23:09 . 2008-03-23 23:09 <DIR> d-------- C:\Program Files\Lavasoft
    2008-03-23 23:09 . 2008-03-24 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-23 23:05 . 2008-03-24 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-22 21:23 . 2008-03-22 21:23 <DIR> d-------- C:\Documents and Settings\Shahzad\Application Data\TrojanHunter
    2008-03-22 20:15 . 2008-03-22 20:15 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
    2008-03-22 18:45 . 2008-03-22 20:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-22 18:43 . 2008-03-24 11:16 <DIR> d-------- C:\Program Files\Trojan Remover
    2008-03-22 14:19 . 2008-03-22 14:19 51 --a------ C:\xmp.bat
    2008-03-21 00:03 . 2006-01-04 09:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
    2008-03-21 00:03 . 2006-04-13 00:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2008-03-21 00:02 . 2006-04-13 00:04 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2008-03-21 00:02 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2008-03-21 00:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-03-21 00:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-03-21 00:02 . 2006-04-13 00:04 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2008-03-21 00:01 . 2006-04-13 00:02 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
    2008-03-21 00:01 . 2006-04-13 00:02 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
    2008-03-21 00:01 . 2006-04-13 00:02 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
    2008-03-21 00:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-03-21 00:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-26 22:35 . 2008-02-26 22:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-26 22:35 . 2008-02-26 22:35 1,409 --a------ C:\WINDOWS\system32\tmp1A748.FOT
    2008-02-26 22:35 . 2008-02-26 22:35 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-25 22:43 --------- d-----w C:\Documents and Settings\Shahzad\Application Data\DMCache
    2008-03-22 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-10 23:03 --------- d-----w C:\Documents and Settings\Shahzad\Application Data\vlc
    2008-02-10 23:01 --------- d-----w C:\Program Files\VideoLAN
    2007-12-05 19:10 557,056 ----a-w C:\Documents and Settings\Shahzad\GoToAssist_phone__319_en.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "aupd "= "C:\WINDOWS\system32\sywsvcs.exe" [ ]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [2006-04-26 10:11 845312]
    "SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31 155648]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27 126976]
    "NDSTray.exe "= "NDSTray.exe" []
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2005-01-11 08:55 36972]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48 479232]
    "StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-06-24 18:33 95662]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
    "Athan "= "C:\Program Files\Athan\Athan.exe" [2007-09-06 18:25 1003520]
    "THGuard "= "C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 01:39 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 12:15 1634304]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxproxy]
    C:\WINDOWS\bxproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit]
    --a------ 2005-05-17 08:54 40960 C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    --a------ 2007-01-01 21:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2004-02-03 05:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2006-05-10 04:48 94208 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    --a------ 2004-11-17 10:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2006-11-28 09:12 222720 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor]
    --a------ 2006-03-13 17:12 57344 C:\Program Files\NewSoft\Presto! PVR\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2005-09-10 02:39 17678888 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    --a------ 2004-11-15 09:14 118784 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2004-10-08 13:43 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2004-10-08 13:44 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-11-18 01:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    --a------ 2003-09-05 02:24 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
    --a------ 2004-12-10 20:26 1089536 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URemote]
    --------- 2006-01-27 09:40 24576 C:\Program Files\NewSoft\Presto! PVR\URemote.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe "=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "=
    "C:\\Program Files\\DAP\\DAP.exe "=
    "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe "=
    "C:\\Program Files\\WebPhone Dialer\\WebPhoneDialer.exe "=
    "C:\\WINDOWS\\system32\\dpvsetup.exe "=
    "C:\\WINDOWS\\system32\\rundll32.exe "=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "C:\\Documents and Settings\\Shahzad\\Desktop\\Shezi\\Counter Strike 1.6 version 3147\\cstrike.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
    R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
    R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 13:57]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2005-11-02 00:46]
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 18:29]
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 18:12]
    R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]
    S1 M9207;Digital TV USB Mini Receiver;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-12-05 13:20]
    S2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
    S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 17:02]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    RpcxSs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc204bfc-513e-11da-adfa-00c09fa72fa8}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 18:12:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-26 18:14:38
    ComboFix-quarantined-files.txt 2008-03-26 18:13:52
    .
    2008-01-26 14:47:25 --- E O F ---
     
    shazalam,
    #8
  10. 2008/03/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Are you wanting a free antivirus program or are you willing to purchase one? As a side note, antivirus alone cannot protect you from much of todays malware, nor can they clean much of it effectively. While a lot of malware has virus-like behavior, many are not classified as virus and therefore won't even be detected by an antivirus program.

    Click Start>Run and type cmd then hit enter. Copy the bolded command below, then right click and paste it into the command window and hit Enter. It will open notepad. Please copy the contents and post it here.

    start notepad C:\xmp.bat


    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
C:\WINDOWS\system32\SVKP.sys
C:\Windows\bxproxy.exe
C:\Windows\RpcxSs.dll 
NetSvc::
RpcxSs
Driver::
SVKP
RpcxSs
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc204bfc-513e-11da-adfa-00c09fa72fa8}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxproxy]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "aupd "=-
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a new HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
    noahdfear,
    #9
  11. 2008/03/27
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    I prefer a fre anitvirus program and any other firewall etc that u recommend



    xmp.bat command doesnt work... its says " temp\GDEC-tmpa1i.exe is not recognised as an internal or external command, operable program or batch file




    ComboFix 08-03-25.1 - Shahzad 2008-03-27 18:34:01.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT 0:00]
    Running from: C:\Documents and Settings\Shahzad\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Shahzad\Desktop\CFscript.txt
    * Created a new restore point

    FILE ::
    C:\Windows\bxproxy.exe
    C:\Windows\RpcxSs.dll
    C:\WINDOWS\system32\SVKP.sys
    .
    -- Script messages for sUBs --
    VFind -td "C:\WINDOWS\system32\baiso*"
    VFind.exe -ltf -s-1300000 -d+2007-12-27 C:\WINDOWS\*
    VFind.exe -ltf -s-1000000 -d+2007-12-27 "C:\Program Files\*"

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\SVKP.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RPCXSS
    -------\Legacy_SVKP
    -------\Service_RpcxSs
    -------\Service_SVKP


    ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
    .

    2008-03-24 11:08 . 2008-03-24 11:08 <DIR> d-------- C:\Deckard
    2008-03-24 01:24 . 2008-03-24 01:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-03-24 01:18 . 2008-03-24 01:18 <DIR> d-------- C:\sdfix
    2008-03-24 01:02 . 2008-03-24 01:02 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-24 00:21 . 2008-03-24 00:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Documents and Settings\Shahzad\Application Data\SUPERAntiSpyware.com
    2008-03-24 00:15 . 2008-03-24 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-23 23:09 . 2008-03-23 23:09 <DIR> d-------- C:\Program Files\Lavasoft
    2008-03-23 23:09 . 2008-03-24 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-03-23 23:05 . 2008-03-24 10:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-22 21:23 . 2008-03-22 21:23 <DIR> d-------- C:\Documents and Settings\Shahzad\Application Data\TrojanHunter
    2008-03-22 20:15 . 2008-03-22 20:15 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
    2008-03-22 18:45 . 2008-03-22 20:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-22 14:19 . 2008-03-22 14:19 51 --a------ C:\xmp.bat
    2008-03-21 00:03 . 2006-01-04 09:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
    2008-03-21 00:03 . 2006-04-13 00:04 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2008-03-21 00:02 . 2006-04-13 00:04 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2008-03-21 00:02 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
    2008-03-21 00:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-03-21 00:02 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-03-21 00:02 . 2006-04-13 00:04 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2008-03-21 00:01 . 2006-04-13 00:02 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
    2008-03-21 00:01 . 2006-04-13 00:02 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
    2008-03-21 00:01 . 2006-04-13 00:02 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
    2008-03-21 00:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-03-21 00:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-26 22:55 --------- d-----w C:\Documents and Settings\Shahzad\Application Data\DMCache
    2008-03-22 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-02-10 23:03 --------- d-----w C:\Documents and Settings\Shahzad\Application Data\vlc
    2008-02-10 23:01 --------- d-----w C:\Program Files\VideoLAN
    2007-12-05 19:10 557,056 ----a-w C:\Documents and Settings\Shahzad\GoToAssist_phone__319_en.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-26_18.13.44.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    + 2008-03-27 18:39:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_570.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [2006-04-26 10:11 845312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31 155648]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27 126976]
    "NDSTray.exe "= "NDSTray.exe" []
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48 479232]
    "StormCodec_Helper "= "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-06-24 18:33 95662]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
    "Athan "= "C:\Program Files\Athan\Athan.exe" [2007-09-06 18:25 1003520]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 12:15 1634304]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit]
    --a------ 2005-05-17 08:54 40960 C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    --a------ 2007-01-01 21:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2004-02-03 05:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2006-05-10 04:48 94208 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    --a------ 2004-11-17 10:56 1077327 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2006-11-28 09:12 222720 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor]
    --a------ 2006-03-13 17:12 57344 C:\Program Files\NewSoft\Presto! PVR\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2005-09-10 02:39 17678888 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    --a------ 2004-11-15 09:14 118784 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2005-01-11 08:55 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    --a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a------ 2004-10-08 13:43 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    --a------ 2004-10-08 13:44 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
    --a------ 2008-02-08 11:22 1047712 C:\Program Files\TrojanHunter 5.0\THGuard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-11-18 01:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    --a------ 2003-09-05 02:24 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
    --a------ 2004-12-10 20:26 1089536 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URemote]
    --------- 2006-01-27 09:40 24576 C:\Program Files\NewSoft\Presto! PVR\URemote.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe "=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "=
    "C:\\Program Files\\DAP\\DAP.exe "=
    "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe "=
    "C:\\Program Files\\WebPhone Dialer\\WebPhoneDialer.exe "=
    "C:\\WINDOWS\\system32\\dpvsetup.exe "=
    "C:\\WINDOWS\\system32\\rundll32.exe "=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe "=
    "C:\\Documents and Settings\\Shahzad\\Desktop\\Shezi\\Counter Strike 1.6 version 3147\\cstrike.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
    R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
    R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 13:57]
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 18:29]
    R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 18:12]
    R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]
    S1 M9207;Digital TV USB Mini Receiver;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-12-05 13:20]
    S3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 17:02]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-27 18:40:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Internet Download Manager\idmmkb.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-27 18:45:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-27 18:44:46
    ComboFix2.txt 2008-03-26 18:14:38
    .
    2008-01-26 14:47:25 --- E O F ---




    HIJACK THIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:48:55, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EC29B08-1002-4C93-91EF-FD5F2274BC83}: NameServer = 192.168.1.254
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 5689 bytes
     
    shazalam,
    #10
  12. 2008/03/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please right click C:\xmp.bat and select Edit. It should open with notepad. Copy it's contents and post it here please.

    Scan with HijackThis and place a check next to the following entries, then click Fix Checked.

    O4 - HKUS\S-1-5-19\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe (User 'NETWORK SERVICE')


    Reboot and create a new HijackThis log, then post it here as well.
     
    noahdfear,
    #11
  13. 2008/03/27
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    C:\DOCUME~1\Shahzad\LOCALS~1\Temp\GDEC-tmpa1i.exe





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:57:17, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EC29B08-1002-4C93-91EF-FD5F2274BC83}: NameServer = 192.168.1.254
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 5436 bytes
     
    shazalam,
    #12
  14. 2008/03/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Log looks good. Please delete the file C:\xmp.bat
    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot

    Now, lets see if we've missed anything. Please do an online scan with Kaspersky WebScanner

    Click Scan Now and accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log here.
     
    noahdfear,
    #13
  15. 2008/03/29
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, March 29, 2008 1:59:37 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/03/2008
    Kaspersky Anti-Virus database records: 672073
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    C:\
    D:\
    E:\
    Scan Statistics
    Total number of scanned objects 54568
    Number of viruses found 9
    Number of infected objects 20
    Number of suspicious objects 0
    Duration of the scan process 01:39:37

    Infected Object Name Virus Name Last Action
    C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\history.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\key3.db Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Shahzad\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Shahzad\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Application Data\Mozilla\Firefox\Profiles\xvxpzqsv.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Temp\~DF9998.tmp Object is locked skipped
    C:\Documents and Settings\Shahzad\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Shahzad\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Shahzad\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\quarantine\Internet Download Manager 5.00 B.zip.5GWZWR2PAZSNAM6BFOSL5OWZN6ZXOC2NC2N56EA.dctmp.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
    C:\quarantine\Internet Download Manager 5.00 B.zip.5GWZWR2PAZSNAM6BFOSL5OWZN6ZXOC2NC2N56EA.dctmp.Vir ZIP: infected - 1 skipped
    C:\quarantine\java.jar-28679adb-18b53d5e.zip.Vir/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    C:\quarantine\java.jar-28679adb-18b53d5e.zip.Vir/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
    C:\quarantine\java.jar-28679adb-18b53d5e.zip.Vir/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\quarantine\java.jar-28679adb-18b53d5e.zip.Vir/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\quarantine\java.jar-28679adb-18b53d5e.zip.Vir ZIP: infected - 4 skipped
    C:\quarantine\javainstaller.jar-5aa0b436-211f2181.zip.Vir/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
    C:\quarantine\javainstaller.jar-5aa0b436-211f2181.zip.Vir ZIP: infected - 1 skipped
    C:\quarantine\javainstaller.jar-5aa0b436-645a8fe7.zip.Vir/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
    C:\quarantine\javainstaller.jar-5aa0b436-645a8fe7.zip.Vir ZIP: infected - 1 skipped
    C:\quarantine\loaderadv698.jar-2ad2754e-44e8ecdf.zip.Vir/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
    C:\quarantine\loaderadv698.jar-2ad2754e-44e8ecdf.zip.Vir/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
    C:\quarantine\loaderadv698.jar-2ad2754e-44e8ecdf.zip.Vir/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
    C:\quarantine\loaderadv698.jar-2ad2754e-44e8ecdf.zip.Vir ZIP: infected - 3 skipped
    C:\sdfix\SDFix\backups\backups.zip/backups/ausctv32a.dll Infected: Trojan-Downloader.Win32.Delf.gbi skipped
    C:\sdfix\SDFix\backups\backups.zip/backups/hosts Infected: Trojan.Win32.Qhost.el skipped
    C:\sdfix\SDFix\backups\backups.zip ZIP: infected - 2 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{5A9528F7-225B-4CD4-BAD6-35E03BC15D79}\RP533\A0084462.dll Infected: Trojan-Downloader.Win32.Delf.gbi skipped
    C:\System Volume Information\_restore{5A9528F7-225B-4CD4-BAD6-35E03BC15D79}\RP533\A0084468.dll Infected: Trojan-Downloader.Win32.Delf.gbi skipped
    C:\System Volume Information\_restore{5A9528F7-225B-4CD4-BAD6-35E03BC15D79}\RP539\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_568.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    Scan process completed.
     
    shazalam,
    #14
  16. 2008/03/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


    Delete the folder C:\SDFix and SDFix.exe
    Delete everything in the folder C:\quarantine
    Now empty the recycle bin.

    That should wrap things up. Everything seem to be working as it should?
     
    noahdfear,
    #15
  17. 2008/03/30
    shazalam

    shazalam Inactive Thread Starter

    Joined:
    2008/03/23
    Messages:
    10
    Likes Received:
    0
    Yes everything is working fine...thanks alot for your help.

    Regarding antivirus software, I've narrowed my options down to kaspersky (internet security including anti-virus) and bit defender (total security).. can you please recommend which one I should go for?

    Thanks!
     
    shazalam,
    #16
  18. 2008/03/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad I could help. I would pick Kaspersky over Bit Defender were it my own machine. :)

    Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #17

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...