Can't remove ddcdbxw

[golflam]

sfp created one file already. The size is 27m. That is too big for bleepingcomputer.com

Second, I am doing the other and send the log on the next reply

[tetonbob]

Please submit the cab file here:

http://deckard.be/submit/

[golflam]

Submitting the cab file.

DrWeb file log as below.

Ds.exe;C:\Program Files\Super Rabbit\magicset;Modification of BackDoor.Generic.1549;Moved.;
magicset.exe;C:\Program Files\Super Rabbit\magicset;BackDoor.Generic.1549;Deleted.;
srms.exe;C:\Program Files\Super Rabbit\magicset;Probably BACKDOOR.Trojan;Incurable.Moved.;
SRRest.exe;C:\Program Files\Super Rabbit\magicset;Modification of BackDoor.Generic.1549;Moved.;
winspeed.exe;C:\Program Files\Super Rabbit\magicset;Modification of BackDoor.Generic.1549;Moved.;
vncviewer.exe;C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB8.tmp;Program.RemoteAdmin;Incurable.Moved.;
winvnc.exe;C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB8.tmp;Program.RemoteAdmin;Incurable.Moved.;
asebcdkj.dll.vir;C:\QooBox\Quarantine\07-04-03\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
gtldgtns.dll.vir;C:\QooBox\Quarantine\07-04-03\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
jyubaoie.dll.vir;C:\QooBox\Quarantine\07-04-03\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
kfdlficd.dll.vir;C:\QooBox\Quarantine\07-04-03\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
somiyfip.dll.vir;C:\QooBox\Quarantine\07-04-03\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
Dc4.dll;C:\RECYCLER\S-1-5-21-1708537768-926492609-839522115-1003;Adware.Crew;Incurable.Moved.;
A0076745.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP279;Trojan.Virtumod;Deleted.;
A0076807.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0077825.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0077826.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0077829.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0077862.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0077868.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP280;Trojan.Virtumod;Deleted.;
A0079951.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Adware.Crew;Incurable.Moved.;
A0079952.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Adware.Crew;Incurable.Moved.;
A0079953.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Adware.Crew;Incurable.Moved.;
A0079954.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Adware.Crew;Incurable.Moved.;
A0079955.dll;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Adware.Crew;Incurable.Moved.;
A0080039.exe;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Modification of BackDoor.Generic.1549;Moved.;
A0080040.exe;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;BackDoor.Generic.1549;Deleted.;
A0080041.exe;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Modification of BackDoor.Generic.1549;Moved.;
A0080042.exe;C:\System Volume Information\_restore{984AC8E7-8003-4DF7-B96F-9E25D04E100F}\RP281;Modification of BackDoor.Generic.1549;Moved.;
hijackthis23344.exe;D:\Software;Probably WIN.SCRIPT.Virus;Incurable.Moved.;

[tetonbob]

Were you able to submit the .cab file? It seems as though there may have been some size restrictions in place. Would you mind trying again, please?

Also post a new HijackThis log.

[golflam]

I just finished to do the second times upload the cab file.
Second, I changed the adware to AVG.
dss file log as below..Thanks again for your help.

Deckard's System Scanner v20070328.36
Run by Home on 2007-04-04 at 22:04:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 下午 10:04:38, on 2007/4/4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Download\Firefox Download\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\HIJACK~1\Home.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- Files created between 2007-03-04 and 2007-04-04 -----------------------------

2007-04-04 02:39:24 0 d-------- C:\Program Files\7-Zip
2007-04-04 02:31:08 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-04 0232 0 d-------- C:\Program Files\Lavasoft
2007-04-04 01:22:52 0 d-------- C:\Documents and Settings\Home\Application Data\Webroot
2007-04-03 22:22:55 0 d-------- C:\Documents and Settings\Home\DoctorWeb<DOCTOR~1>
2007-04-03 04:37:43 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-02 17:20:23 0 d-------- C:\Documents and Settings\Home\Application Data\Comodo
2007-04-02 17:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-02 17:17:27 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-02 17:17:27 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-04-02 17:17:26 0 d-------- C:\Program Files\Comodo
2007-04-02 15:44:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-04-02 14:53:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-02 05:20:11 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-04-02 02:08:31 0 d-------- C:\Documents and Settings\Home\Application Data\Jetico Personal Firewall<JETICO~1>
2007-04-01 15:08:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-01 15:07:53 0 d-------- C:\Documents and Settings\Home\Application Data\PC Tools<PCTOOL~2>
2007-04-01 12:24:02 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 11:30:40 0 d-------- C:\Documents and Settings\Home\Application Data\PCToolsFirewallPlus<PCTOOL~1>
2007-04-01 11:28:20 0 d-------- C:\Program Files\PC Tools Firewall Plus<PCTOOL~1>
2007-03-28 02:12:38 12 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT>
2007-03-28 02:12:29 0 d-------- C:\Program Files\Thunder Network<THUNDE~1>
2007-03-27 23:12:24 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-27 23:12:24 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-27 23:12:24 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-27 23:12:23 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-27 23:12:23 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-27 23:12:19 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-27 23:12:19 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-27 23:12:15 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-27 04:32:13 240944 --a------ C:\WINDOWS\system32\RICHED.DLL
2007-03-25 01:21:17 0 d-------- C:\Documents and Settings\Home\Application Data\PPLive
2007-03-23 03:11:38 0 d-------- C:\Documents and Settings\Home\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2007-04-04 0239 0 d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-04-04 00:41:54 0 d-------- C:\Documents and Settings\Home\Application Data\SolidDocuments<SOLIDD~1>
2007-04-03 04:42:27 0 d-------- C:\Documents and Settings\Home\Application Data\Foxy
2007-04-02 06:45:01 0 d-------- C:\Program Files\Foxy
2007-04-02 04:08:13 364368 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-04-02 04:08:13 120104 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-03-31 03:00:12 0 d-------- C:\Documents and Settings\Home\Application Data\Adobe
2007-03-27 04:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-27 04:12:54 0 d---s---- C:\Documents and Settings\Home\Application Data\Microsoft<MICROS~1>
2007-03-27 04:05:40 1242 --a------ C:\Documents and Settings\Home\Application Data\AdobeDLM.log
2007-03-25 01:32:50 0 d-------- C:\Program Files\PPLive
2007-03-25 01:21:31 0 d-------- C:\Documents and Settings\Home\Application Data\ppstream
2007-03-25 01:21:24 0 d-------- C:\Program Files\PPStream
2007-03-23 23:03:14 6 --a------ C:\Documents and Settings\Home\Application Data\dm.ini
2007-03-23 23:00:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 23:05:13 0 d-------- C:\Documents and Settings\Home\Application Data\AdobeUM
2007-02-28 16:45:02 0 d-------- C:\Program Files\Java
2007-02-13 12:04:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="; \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\「開始」功能表\\程式集\\啟動\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cqxltdaq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\cqxltdaq.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Home/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd4ba295-fde8-11da-a728-806d6172696f}]
Shell\AutoRun\command I:\ASUSACPI.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN


-- End of Deckard's System Scanner: finished at 2007-04-04 at 22:04:58 ---------

[golflam]

Is there anything that I need to do?
Please reply..Thanks a lot

[tetonbob]

Sorry I missed your reply. Real Life has been hectic the last day or so.

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]

Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

How is your system behaving, please?

[golflam]

My computer is work fine now.
Since I start to use the combo firewall, AVG anti-spyware and avast anti virus, the computer being slow.
Actually I believe that it back to normal.
Thank you very much for your help.

Is there all the things was finished?
Any suggestion for me?
Are there the previous software I need to use for normal tracking?

Thanks again

[tetonbob]

Well done. Your logs appear clean. Any more issues? If not you should be good to go. We still have a few items to address.

The combination of SpySweeper and AVG Anti-Spyware may be slowing you down some, as they both have real-time protection. Both are not needed in real time.

AVG Anti-Spyware would be a good program to keep, update and run a scan with once a week or so. It adds another layer of protection to your system's security tools. You may want to prevent AVG Anti-Spyware from running at Windows startup, and just call it into service when needed. This may help with system boot times. To do so, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days. To do so:

Open AVG Anti-Spyware.

• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[golflam]

I followed your suggestion to download the said software.
My case is fixed.
Thanks for your support.