Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Can't remove ddcdbxw
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 04-02-2007, 03:02 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Can't remove ddcdbxw
I try vundofix before. It got 3 file
1.ddcdbxw.dll
2.jkklk.dll
3.klkkj.ini

the last two can remove but the first one can't.
Hope someone can help me.Thanks a lot.

here is my hijackthis.log
__________________________________________________________
Logfile of HijackThis v1.98.0
Scan saved at 下午 04:31:01, on 2007/4/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Download\Firefox Download\hijackthis23344.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {27CA571B-14D3-4937-B387-BE72FA7A0F87} - C:\WINDOWS\system32\ddcdbxw.dll (file missing)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {50B6F726-9999-4081-8CD5-D87669F3D950} - C:\WINDOWS\system32\gtldgtns.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - C:\WINDOWS\system32\jkklk.dll (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Netvigator.lnk = ?
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
Last edited by golflam; 04-02-2007 at 03:03 AM. Reason: wrong typing of title
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-02-2007, 10:23 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Your version of HJT is outdated. Please delete it, and do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 10:52 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


can't remove ddcdbxw.dll
I try vundofix before. It got 3 file
1.ddcdbxw.dll
2.jkklk.dll
3.klkkj.ini

the last two already remove but the first one can't.
PC look like fine after delete 2 &3 but not smooth.

Please give me some advise.
Hope someone can help me.Thanks a lot.
DSS report......
______________________________________________

Deckard's System Scanner v20070328.36
Run by Home on 2007-04-03 at 00:42:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2007-04-02 16:42:09 UTC - RP281 - Deckard's System Scanner Restore Point
36: 2007-04-02 06:34:36 UTC - RP280 - Spyware Doctor: Cleaning Threats
35: 2007-04-01 22:11:26 UTC - RP279 - Spyware Doctor: Cleaning Threats
34: 2007-04-01 04:21:16 UTC - RP278 - Removed EasyCleaner
33: 2007-04-01 01:27:02 UTC - RP277 - 系統檢查點


-- First Restore Point --
1: 2007-02-17 20:55:57 UTC - RP245 - 系統檢查點


Performed disk cleanup.


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 上午 12:43:30, on 2007/4/3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Download\Firefox Download\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\Home.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {27CA571B-14D3-4937-B387-BE72FA7A0F87} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {50B6F726-9999-4081-8CD5-D87669F3D950} - C:\WINDOWS\system32\gtldgtns.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddabc - C:\WINDOWS\system32\ddabc.dll (file missing)
O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSI - c:\windows\system32\drivers\ssi.sys
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys
R1 FsVga - c:\windows\system32\drivers\fsvga.sys
R2 EIO - c:\windows\system32\drivers\eio.sys
R3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R3 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R3 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R3 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys

S0 IntelIde - c:\windows\system32\drivers\intelide.sys (file missing)
S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys (file missing)
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
S3 BthPan (藍芽裝置 (個人區域網路)) - c:\windows\system32\drivers\bthpan.sys
S3 BTHPORT (藍芽連接埠驅動程式) - c:\windows\system32\drivers\bthport.sys
S3 BTHUSB (藍芽無線電 USB 驅動程式) - c:\windows\system32\drivers\bthusb.sys
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys
S3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe
R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe
R2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe

S2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing)
S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe"
S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S3 Autocomplete (AutoComplete Service) - c:\program files\acesoft\tracks eraser pro\delautocomp.exe
S3 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
S3 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe"
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-02 17:20:23 0 d-------- C:\Documents and Settings\Home\Application Data\Comodo
2007-04-02 17:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-02 17:17:27 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-02 17:17:27 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-04-02 17:17:26 0 d-------- C:\Program Files\Comodo
2007-04-02 15:45:26 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-02 15:44:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-04-02 15:17:27 132116 --a------ C:\WINDOWS\system32\gtldgtns.dll
2007-04-02 14:53:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-02 14:53:27 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-04-02 14:53:27 78336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-04-02 14:52:26 0 d-------- C:\Program Files\Webroot
2007-04-02 14:52:26 0 d-------- C:\Documents and Settings\Home\Application Data\Webroot
2007-04-02 06:22:45 132116 --a------ C:\WINDOWS\system32\asebcdkj.dll
2007-04-02 05:28:20 458057 --ahs---- C:\WINDOWS\system32\cbadd.ini2<CBADD~1.INI>
2007-04-02 05:20:11 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-04-02 05:20:09 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-02 05:20:09 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-02 05:20:09 59472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-02 05:20:09 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-02 05:20:09 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-02 05:20:00 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-02 05:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools<PCTOOL~1>
2007-04-02 05:13:55 132116 --a------ C:\WINDOWS\system32\kfdlficd.dll
2007-04-02 05:10:02 132116 --a------ C:\WINDOWS\system32\somiyfip.dll
2007-04-02 0304 132116 --a------ C:\WINDOWS\system32\vatxncas.dll
2007-04-02 03:04:34 132116 --a------ C:\WINDOWS\system32\jyubaoie.dll
2007-04-02 02:08:31 0 d-------- C:\Documents and Settings\Home\Application Data\Jetico Personal Firewall<JETICO~1>
2007-04-01 15:08:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-01 15:07:53 0 d-------- C:\Documents and Settings\Home\Application Data\PC Tools<PCTOOL~2>
2007-04-01 12:24:02 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 11:30:40 0 d-------- C:\Documents and Settings\Home\Application Data\PCToolsFirewallPlus<PCTOOL~1>
2007-04-01 11:28:20 0 d-------- C:\Program Files\PC Tools Firewall Plus<PCTOOL~1>
2007-03-28 02:12:38 12 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT>
2007-03-28 02:12:29 0 d-------- C:\Program Files\Thunder Network<THUNDE~1>
2007-03-27 23:12:24 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-27 23:12:24 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-27 23:12:24 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-27 23:12:23 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-27 23:12:23 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-27 23:12:19 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-27 23:12:19 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-27 23:12:15 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-27 04:32:13 240944 --a------ C:\WINDOWS\system32\RICHED.DLL
2007-03-25 01:21:17 0 d-------- C:\Documents and Settings\Home\Application Data\PPLive
2007-03-23 03:11:38 0 d-------- C:\Documents and Settings\Home\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2007-04-02 06:55:34 0 d-------- C:\Documents and Settings\Home\Application Data\SolidDocuments<SOLIDD~1>
2007-04-02 06:45:01 0 d-------- C:\Program Files\Foxy
2007-04-02 06:45:00 0 d-------- C:\Documents and Settings\Home\Application Data\Foxy
2007-04-02 06:28:25 0 d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-04-02 04:08:13 364368 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-04-02 04:08:13 120104 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-03-31 03:00:12 0 d-------- C:\Documents and Settings\Home\Application Data\Adobe
2007-03-27 04:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-27 04:12:54 0 d---s---- C:\Documents and Settings\Home\Application Data\Microsoft<MICROS~1>
2007-03-27 04:05:40 1242 --a------ C:\Documents and Settings\Home\Application Data\AdobeDLM.log
2007-03-25 01:32:50 0 d-------- C:\Program Files\PPLive
2007-03-25 01:21:31 0 d-------- C:\Documents and Settings\Home\Application Data\ppstream
2007-03-25 01:21:24 0 d-------- C:\Program Files\PPStream
2007-03-23 23:03:14 6 --a------ C:\Documents and Settings\Home\Application Data\dm.ini
2007-03-23 23:00:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 23:05:13 0 d-------- C:\Documents and Settings\Home\Application Data\AdobeUM
2007-02-28 16:45:02 0 d-------- C:\Program Files\Java
2007-02-13 12:04:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="; \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\「開始」功能表\\程式集\\啟動\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cqxltdaq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\cqxltdaq.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{27CA571B-14D3-4937-B387-BE72FA7A0F87}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Home/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf577bda-fdb7-11da-a2ec-0015f2456edc}]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd4ba295-fde8-11da-a728-806d6172696f}]
Shell\AutoRun\command I:\ASUSACPI.exe


-- End of Deckard's System Scanner: finished at 2007-04-03 at 00:43:54 ---------
Attached Files
File Type: txt extra.txt (16.4 KB, 2 views)
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 11:14 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
I already make a new threat by using DSS
Thanks for your kind help.
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 11:37 AM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Rather than create a new thread, we prefer to continue a single issue in one thread. I've merged the two.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 11:47 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
I see you have remants of Norton still present, but it's not showing in your Add/Remove programs

Please use the instructions on this page to completely uninstall your Norton Products.

-----------------------------------------------------------------------

Download combofix.exe to your desktop.


* IMPORTANT !!! Place it on your Desktop.


Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo
When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 12:53 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
I am sure that I put the file in desktop, when I put the command in the RUN field. One alert said that c:\documents and setting\home\desktop can't be use. (since I am using Chinese version so I was difficult to translate).
Is there any way that I can do?

Thanks
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 01:22 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
I'll try to get one of my colleagues to look in, but DSS indicates that command should work.

For the meantime....did you copy the command completely? Including the quote marks?

"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 01:32 PM   #9 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
"%userprofile%\desktop\combofix.exe" /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

yes, I copy the above already.
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 01:35 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Can you please post a screenshot of the error message?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 01:38 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
using the browse button from Start>Run, can you navigate to ComboFix.exe to get the path into the run box, then add this to the end of what's in there:


/v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo

Make sure there is a space between the quote mark at the end of path, and the /v
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 02:18 PM   #12 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
I copy the file to c:\ and change the command by your suggestion. It was fixed.

BTW, I can't attach the combofix txt file.
The combofix log shows below and the hijackthis log as attach.
____________________________________________________________________

"Home" - 07-04-03 3:57:53 Service Pack 2
ComboFix 07-04-01 - Running from: "C:\"
Command switches used :: /v gtldgtns asebcdkj ddabc kfdlficd somiyfip jyubaoie sstqo


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gtldgtns.dll
C:\WINDOWS\system32\asebcdkj.dll
C:\WINDOWS\system32\kfdlficd.dll
C:\WINDOWS\system32\somiyfip.dll
C:\WINDOWS\system32\jyubaoie.dll
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\cbadd.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Home\桌面.\internet explorer.lnk
C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_MCHINJDRV


((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))


2007-04-03 03:55 1,124,494 --a------ C:\ComboFix.exe
2007-04-03 00:42 <DIR> d-------- C:\Deckard
2007-04-02 17:20 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\Comodo
2007-04-02 17:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-04-02 17:17 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-02 17:17 <DIR> d-------- C:\Program Files\Comodo
2007-04-02 15:45 <DIR> d-------- C:\VundoFix Backups
2007-04-02 15:44 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-04-02 14:53 78,336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-04-02 14:53 102,912 --a------ C:\WINDOWS\system32\islzma.dll
2007-04-02 14:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-04-02 14:52 <DIR> d-------- C:\Program Files\Webroot
2007-04-02 14:52 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\Webroot
2007-04-02 05:20 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-02 05:20 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-02 05:20 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-02 05:20 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-02 05:20 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-02 05:20 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-02 05:20 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2007-04-02 05:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-04-02 03:06 132,116 --a------ C:\WINDOWS\system32\vatxncas.dll
2007-04-02 02:08 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\Jetico Personal Firewall
2007-04-01 15:08 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-01 15:07 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\PC Tools
2007-04-01 12:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 11:30 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\PCToolsFirewallPlus
2007-04-01 11:28 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2007-03-28 02:12 12 --a------ C:\WINDOWS\system32\cid_store.dat
2007-03-28 02:12 <DIR> d-------- C:\Program Files\Thunder Network
2007-03-27 23:12 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-27 23:12 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-27 23:12 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-27 23:12 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-27 23:12 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-27 23:12 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-27 23:12 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-27 23:12 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-27 04:32 240,944 --a------ C:\WINDOWS\system32\RICHED.DLL
2007-03-25 01:21 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\PPLive
2007-03-23 03:11 <DIR> d-------- C:\DOCUME~1\Home\APPLIC~1\WinRAR


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-02 06:55 -------- d-------- C:\DOCUME~1\Home\APPLIC~1\soliddocuments
2007-04-02 06:45 -------- d-------- C:\Program Files\foxy
2007-04-02 06:45 -------- d-------- C:\DOCUME~1\Home\APPLIC~1\foxy
2007-04-02 06:28 -------- d-------- C:\DOCUME~1\Home\APPLIC~1\lavasoft
2007-04-02 04:08 364368 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-04-02 04:08 120104 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-03-27 04:33 -------- d--h----- C:\Program Files\installshield installation information
2007-03-27 04:05 1242 --a------ C:\DOCUME~1\Home\APPLIC~1\adobedlm.log
2007-03-25 01:32 -------- d-------- C:\Program Files\pplive
2007-03-25 01:21 -------- d-------- C:\Program Files\ppstream
2007-03-25 01:21 -------- d-------- C:\DOCUME~1\Home\APPLIC~1\ppstream
2007-03-23 23:03 6 --a------ C:\DOCUME~1\Home\APPLIC~1\dm.ini
2007-02-28 16:45 -------- d-------- C:\Program Files\java
2007-02-13 12:04 -------- d-------- C:\Program Files\msn messenger


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="; \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\「開始」功能表\\程式集\\啟動\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cqxltdaq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\cqxltdaq.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Home/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf577bda-fdb7-11da-a2ec-0015f2456edc}]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd4ba295-fde8-11da-a728-806d6172696f}]
Shell\AutoRun\command I:\ASUSACPI.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-03 4:03:21

Deckard's System Scanner v20070328.36
Run by Home on 2007-04-03 at 04:09:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at ¤W¤È 04:09:13, on 2007/4/3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Download\Firefox Download\dss.exe
C:\PROGRA~1\HIJACK~1\Home.exe

R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - (no file)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Foxy ¤U¸ü - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy ·j´M - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: ¨Ï¥Î FlashGet ¤U¸ü - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: ¥þ³¡¨Ï¥Î FlashGet ¤U¸ü - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ¥D±±¥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 03:55:20 1124494 --a------ C:\ComboFix.exe
2007-04-02 17:20:23 0 d-------- C:\Documents and Settings\Home\Application Data\Comodo
2007-04-02 17:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-02 17:17:27 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-02 17:17:27 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-04-02 17:17:26 0 d-------- C:\Program Files\Comodo
2007-04-02 15:45:26 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-02 15:44:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-04-02 14:53:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-02 14:53:27 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-04-02 14:53:27 78336 --a------ C:\WINDOWS\system32\drivers\ssi.sys
2007-04-02 14:52:26 0 d-------- C:\Program Files\Webroot
2007-04-02 14:52:26 0 d-------- C:\Documents and Settings\Home\Application Data\Webroot
2007-04-02 05:20:11 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-04-02 05:20:09 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-02 05:20:09 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-02 05:20:09 59472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-02 05:20:09 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-02 05:20:09 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-02 05:20:00 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-02 05:20:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools<PCTOOL~1>
2007-04-02 0304 132116 --a------ C:\WINDOWS\system32\vatxncas.dll
2007-04-02 02:08:31 0 d-------- C:\Documents and Settings\Home\Application Data\Jetico Personal Firewall<JETICO~1>
2007-04-01 15:08:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-01 15:07:53 0 d-------- C:\Documents and Settings\Home\Application Data\PC Tools<PCTOOL~2>
2007-04-01 12:24:02 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-01 11:30:40 0 d-------- C:\Documents and Settings\Home\Application Data\PCToolsFirewallPlus<PCTOOL~1>
2007-04-01 11:28:20 0 d-------- C:\Program Files\PC Tools Firewall Plus<PCTOOL~1>
2007-03-28 02:12:38 12 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT>
2007-03-28 02:12:29 0 d-------- C:\Program Files\Thunder Network<THUNDE~1>
2007-03-27 23:12:24 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-27 23:12:24 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-27 23:12:24 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-27 23:12:23 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-27 23:12:23 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-27 23:12:19 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-27 23:12:19 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-27 23:12:15 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-27 04:32:13 240944 --a------ C:\WINDOWS\system32\RICHED.DLL
2007-03-25 01:21:17 0 d-------- C:\Documents and Settings\Home\Application Data\PPLive
2007-03-23 03:11:38 0 d-------- C:\Documents and Settings\Home\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2007-04-02 06:55:34 0 d-------- C:\Documents and Settings\Home\Application Data\SolidDocuments<SOLIDD~1>
2007-04-02 06:45:01 0 d-------- C:\Program Files\Foxy
2007-04-02 06:45:00 0 d-------- C:\Documents and Settings\Home\Application Data\Foxy
2007-04-02 06:28:25 0 d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-04-02 04:08:13 364368 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-04-02 04:08:13 120104 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-03-31 03:00:12 0 d-------- C:\Documents and Settings\Home\Application Data\Adobe
2007-03-27 04:33:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-27 04:12:54 0 d---s---- C:\Documents and Settings\Home\Application Data\Microsoft<MICROS~1>
2007-03-27 04:05:40 1242 --a------ C:\Documents and Settings\Home\Application Data\AdobeDLM.log
2007-03-25 01:32:50 0 d-------- C:\Program Files\PPLive
2007-03-25 01:21:31 0 d-------- C:\Documents and Settings\Home\Application Data\ppstream
2007-03-25 01:21:24 0 d-------- C:\Program Files\PPStream
2007-03-23 23:03:14 6 --a------ C:\Documents and Settings\Home\Application Data\dm.ini
2007-03-23 23:00:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-02 23:05:13 0 d-------- C:\Documents and Settings\Home\Application Data\AdobeUM
2007-02-28 16:45:02 0 d-------- C:\Program Files\Java
2007-02-13 12:04:07 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="; \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"nwiz"="nwiz.exe /install"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^¡u¶}©l¡v¥\¯àªí^µ{¦¡¶°^±Ò°Ê^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\¡u¶}©l¡v¥\¯àªí\\µ{¦¡¶°\\±Ò°Ê\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DkIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTLCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cqxltdaq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\cqxltdaq.dll\",setvm"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/Home/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf577bda-fdb7-11da-a2ec-0015f2456edc}]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd4ba295-fde8-11da-a728-806d6172696f}]
Shell\AutoRun\command I:\ASUSACPI.exe


-- End of Deckard's System Scanner: finished at 2007-04-03 at 04:09:28 ---------
Attached Files
File Type: txt main.txt (20.9 KB, 2 views)
Last edited by tetonbob; 04-02-2007 at 02:21 PM.
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 02:26 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Good work. That did the trick.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F87E466D-43B8-4AF0-A595-CDF419A7359C} - (no file)
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)


Close HijackThis now.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 02:26 PM   #14 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
I checked the said file (ddcdbxw.dll) was missing already on c:\windows\system32\

Is there any problem on my system now?
Are them change their name already?
Do you have any suggestion to my computer?

Thanks for your kind help again..
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 02:28 PM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
We posted at the same time.

Please see my instructions for more tasks in post #13.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 02:30 PM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Additionally, please do this:

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\vatxncas.dll

  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.


---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 03:39 PM   #17 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
virus total:
C:\WINDOWS\system32\vatxncas.dll
__________________________________________________
hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 上午 05:36:23, on 2007/4/3
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131c} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gg1011.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159441899882
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E8493C-7983-429E-A4A6-0B56124B7A49}: NameServer = 218.102.32.208 205.252.144.126
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

______________________________________________________________


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.go.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\dbfdhkhn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e6ed18vo.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e6ed18vo.default\cookies.txt[.toplist.cz/]
Adware:Adware/BaiduBar Not disinfected C:\Program Files\Kingsoft\PowerWord 2006\Regbaidu.exe
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEA0.tmp
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Installer\b3c44fb.msi[unk_0053]
Potentially unwanted tool:Application/Processor Not disinfected D:\Download\Firefox Download\VirtumundoBeGone.exe[2?C]
Adware:Adware/Borlander Not disinfected D:\Software\Storm codec.exe[mms.exe]
Adware:Adware/Borlander Not disinfected D:\Software\Storm codec.exe[mms.exe][2eC]
Attached Files
File Type: txt Activescan.txt (6.8 KB, 1 views)
Last edited by tetonbob; 04-02-2007 at 04:59 PM.
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 03:42 PM   #18 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
VirusTotal result:

Your file "vatxncas.dll" is queued in position: 1. Estimated start time is between 46 and 66 seconds.
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 03:47 PM   #19 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 16
OS: xp


Re: Can't remove ddcdbxw
sorry!! I make some mistakes
the result show as below:
____________________________________________________________
Complete scanning result of "vatxncas.dll", received in VirusTotal at 04.02.2007, 23:41:17 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.3.0 04.02.2007 no virus found
AntiVir 7.3.1.48 04.02.2007 TR/Dldr.ConHook.Gen
Authentium 4.93.8 03.31.2007 no virus found
Avast 4.7.936.0 04.02.2007 no virus found
AVG 7.5.0.447 04.02.2007 Generic3.QOJ
BitDefender 7.2 04.02.2007 Trojan.BHO.AR
CAT-QuickHeal 9.00 04.02.2007 no virus found
ClamAV devel-20070312 04.02.2007 no virus found
DrWeb 4.33 04.02.2007 no virus found
eSafe 7.0.15.0 04.02.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3535 04.02.2007 no virus found
Ewido 4.0 04.02.2007 no virus found
FileAdvisor 1 04.02.2007 no virus found
Fortinet 2.85.0.0 04.02.2007 no virus found
F-Prot 4.3.1.45 03.30.2007 no virus found
F-Secure 6.70.13030.0 04.02.2007 Packed.Win32.Klone.j
Ikarus T3.1.1.3 04.02.2007 Packed.Win32.Klone.j
Kaspersky 4.0.2.24 04.02.2007 Packed.Win32.Klone.j
McAfee 4998 04.02.2007 no virus found
Microsoft 1.2306 04.02.2007 no virus found
NOD32v2 2164 04.02.2007 a variant of Win32/Adware.BHO.V
Norman 5.80.02 04.02.2007 W32/Vundo.gen7
Panda 9.0.0.4 04.02.2007 Suspicious file
Prevx1 V2 04.03.2007 no virus found
Sophos 4.16.0 03.30.2007 no virus found
Sunbelt 2.2.907.0 03.31.2007 no virus found
Symantec 10 04.02.2007 no virus found
TheHacker 6.1.6.084 04.02.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.3 04.02.2007 no virus found
VirusBuster 4.3.7:9 04.02.2007 Trojan.DL.Conhook.Gen!Pac
Webwasher-Gateway 6.0.1 04.02.2007 Trojan.Dldr.ConHook.Gen

Aditional Information
File size: 132116 bytes
MD5: 83f9ecee6c4dfe892fce48b04d90e304
SHA1: 3e2a408d7e9af29a5a7a60ced5fe152e230139f9
packers: MORPHINE
packers: Morphine
golflam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-02-2007, 05:23 PM   #20 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,561
OS: 2000 Pro; XP Pro; XP Home


Re: Can't remove ddcdbxw
Borlander is a nasty piece of adware, and a couple of your programs seem to be infected with it.

Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\Program Files\Kingsoft\PowerWord 2006\Regbaidu.exe
C:\WINDOWS\Installer\b3c44fb.msi
D:\Software\Storm codec.exe
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message, with a comment in the space provided "Attention Deckard"

Once you've done that, delete same files:

C:\Program Files\Kingsoft\PowerWord 2006\Regbaidu.exe
C:\WINDOWS\Installer\b3c44fb.msi
D:\Software\Storm codec.exe

and the cab file you created with SFP

as well as delete the file we scanned at VT:

C:\WINDOWS\system32\vatxncas.dll


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:25 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85