Can't remove ddcdbxw

[golflam]

I try vundofix before. It got 3 file
1.ddcdbxw.dll
2.jkklk.dll
3.klkkj.ini

the last two can remove but the first one can't.
Hope someone can help me.Thanks a lot.

here is my hijackthis.log
__________________________________________________________
Logfile of HijackThis v1.98.0
Scan saved at 下午 04:31:01, on 2007/4/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Download\Firefox Download\hijackthis23344.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {27CA571B-14D3-4937-B387-BE72FA7A0F87} - C:\WINDOWS\system32\ddcdbxw.dll (file missing)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {50B6F726-9999-4081-8CD5-D87669F3D950} - C:\WINDOWS\system32\gtldgtns.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - C:\WINDOWS\system32\jkklk.dll (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Netvigator.lnk = ?
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Your version of HJT is outdated. Please delete it, and do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

[golflam]

I try vundofix before. It got 3 file
1.ddcdbxw.dll
2.jkklk.dll
3.klkkj.ini

the last two already remove but the first one can't.
PC look like fine after delete 2 &3 but not smooth.

Please give me some advise.
Hope someone can help me.Thanks a lot.
DSS report......
______________________________________________

Deckard's System Scanner v20070328.36
Run by Home on 2007-04-03 at 00:42:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2007-04-02 16:42:09 UTC - RP281 - Deckard's System Scanner Restore Point
36: 2007-04-02 06:34:36 UTC - RP280 - Spyware Doctor: Cleaning Threats
35: 2007-04-01 22:11:26 UTC - RP279 - Spyware Doctor: Cleaning Threats
34: 2007-04-01 04:21:16 UTC - RP278 - Removed EasyCleaner
33: 2007-04-01 01:27:02 UTC - RP277 - 系統檢查點


-- First Restore Point --
1: 2007-02-17 20:55:57 UTC - RP245 - 系統檢查點


Performed disk cleanup.


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 上午 12:43:30, on 2007/4/3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Download\Firefox Download\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\Home.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {27CA571B-14D3-4937-B387-BE72FA7A0F87} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {50B6F726-9999-4081-8CD5-D87669F3D950} - C:\WINDOWS\system32\gtldgtns.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys
R1 FsVga - c:\windows\system32\drivers\fsvga.sys
R2 EIO - c:\windows\system32\drivers\eio.sys
R3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R3 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R3 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R3 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys

S0 IntelIde - c:\windows\system32\drivers\intelide.sys (file missing)
S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys (file missing)
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
S3 BthPan (藍芽裝置 (個人區域網路)) - c:\windows\system32\drivers\bthpan.sys
S3 BTHPORT (藍芽連接埠驅動程式) - c:\windows\system32\drivers\bthport.sys
S3 BTHUSB (藍芽無線電 USB 驅動程式) - c:\windows\system32\drivers\bthusb.sys
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys
S3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe
R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe
R2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe

S2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing)
S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe"
S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S3 Autocomplete (AutoComplete Service) - c:\program files\acesoft\tracks eraser pro\delautocomp.exe
S3 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
S3 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe"
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-02 17:20:23 0 d-------- C:\Documents and Settings\Home\Application Data\Comodo
2007-04-02 17:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-02 17:17:27 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-02 17:17:27 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-04-02 17:17:26 0 d-------- C:\Program Files\Comodo
2007-04-02 15:45:26 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-02 15:44:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-04-02 15:17:27 132116 --a------ C:\WINDOWS\system32\gtldgtns.dll
2007-04-02 14:53:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-02 14:53:27 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-04-02 14:53:27 78336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-04-02 14:52:26 0 d-------- C:\Program Files\Webroot
2007-04-02 14:52:26 0 d-------- C:\Documents and Settings\Home\Application Data\Webroot
2007-04-02 06:22:45 132116 --a------ C:\WINDOWS\system32\asebcdkj.dll
2007-04-02 05:28:20 458057 --ahs---- C:\WINDOWS\system32\cbadd.ini2<CBADD~1.INI>
2007-04-02 05:20:11 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-04-02 05:20:09 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-02 05:20:09 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-02 05:20:09 59472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-02 05:20:09 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-02 05:20:09 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-02 05:20:00 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-02 05:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools<PCTOOL~1>
2007-04-02 05:13:55 132116 --a------ C:\WINDOWS\system32\kfdlficd.dll
2007-04-02 05:10:02 132116 --a------ C:\WINDOWS\system32\somiyfip.dll
2007-04-02 0304 132116 --a------ C:\WINDOWS\system32\vatxncas.dll
2007-04-02 03:04:34 132116 --a------ C:\WINDOWS\system32\jyubaoie.dll
2007-04-02 02:08:31 0 d-------- C:\Documents and Settings\Home\Application Data\Jetico Personal Firewall<JETICO~1>
2007-04-01 15:08:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-01 15:07:53 0 d-------- C:\Documents and Settings\Home\Application Data\PC Tools<PCTOOL~2>
2007-04-01 12:24:02 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 11:30:40 0 d-------- C:\Documents and Settings\Home\Application Data\PCToolsFirewallPlus<PCTOOL~1>
2007-04-01 11:28:20 0 d-------- C:\Program Files\PC Tools Firewall Plus<PCTOOL~1>
2007-03-28 02:12:38 12 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT>
2007-03-28 02:12:29 0 d-------- C:\Program Files\Thunder Network<THUNDE~1>
2007-03-27 23:12:24 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-27 23:12:24 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-27 23:12:24 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-27 23:12:23 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-27 23:12:23 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-27 23:12:19 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-27 23:12:19 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-27 23:12:15 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-27 04:32:13 240944 --a------ C:\WINDOWS\system32\RICHED.DLL
2007-03-25 01:21:17 0 d-------- C:\Documents and Settings\Home\Application Data\PPLive
2007-03-23 03:11:38 0 d-------- C:\Documents and Settings\Home\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2007-04-02 06:55:34 0 d-------- C:\Documents and Settings\Home\Application Data\SolidDocuments<SOLIDD~1>
2007-04-02 06:45:01 0 d-------- C:\Program Files\Foxy
2007-04-02 06:45:00 0 d-------- C:\Documents and Settings\Home\Application Data\Foxy
2007-04-02 06:28:25 0 d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-04-02 04:08:13 364368 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-04-02 04:08:13 120104 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-03-31 03:00:12 0 d-------- C:\Documents and Settings\Home\Application Data\Adobe
2007-03-27 04:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-27 04:12:54 0 d---s---- C:\Documents and Settings\Home\Application Data\Microsoft<MICROS~1>
2007-03-27 04:05:40 1242 --a------ C:\Documents and Settings\Home\Application Data\AdobeDLM.log
2007-03-25 01:32:50 0 d-------- C:\Program Files\PPLive
2007-03-25 01:21:31 0 d-------- C:\Documents and Settings\Home\Application Data\ppstream
2007-03-25 01:21:24 0 d-------- C:\Program Files\PPStream
2007-03-23 23:03:14 6 --a------ C:\Documents and Settings\Home\Application Data\dm.ini
2007-03-23 23:00:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 23:05:13 0 d-------- C:\Documents and Settings\Home\Application Data\AdobeUM
2007-02-28 16:45:02 0 d-------- C:\Program Files\Java
2007-02-13 12:04:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="; \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\「開始」功能表\\程式集\\啟動\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cqxltdaq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\cqxltdaq.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{27CA571B-14D3-4937-B387-BE72FA7A0F87}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Home/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf577bda-fdb7-11da-a2ec-0015f2456edc}]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd4ba295-fde8-11da-a728-806d6172696f}]
Shell\AutoRun\command I:\ASUSACPI.exe


-- End of Deckard's System Scanner: finished at 2007-04-03 at 00:43:54 ---------

[golflam]

I already make a new threat by using DSS
Thanks for your kind help.

[tetonbob]

Rather than create a new thread, we prefer to continue a single issue in one thread. I've merged the two.

[tetonbob]

I see you have remants of Norton still present, but it's not showing in your Add/Remove programs

Please use the instructions on this page to completely uninstall your Norton Products.

-----------------------------------------------------------------------

Download combofix.exe to your desktop.


* IMPORTANT !!! Place it on your Desktop.


Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

[golflam]

I am sure that I put the file in desktop, when I put the command in the RUN field. One alert said that c:\documents and setting\home\desktop can't be use. (since I am using Chinese version so I was difficult to translate).
Is there any way that I can do?

Thanks

[tetonbob]

I'll try to get one of my colleagues to look in, but DSS indicates that command should work.

For the meantime....did you copy the command completely? Including the quote marks?

"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

[golflam]

"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

yes, I copy the above already.

[tetonbob]

Can you please post a screenshot of the error message?

[tetonbob]

using the browse button from Start>Run, can you navigate to ComboFix.exe to get the path into the run box, then add this to the end of what's in there:


/v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

Make sure there is a space between the quote mark at the end of path, and the /v