• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
LexToh

need help.. here's my log..

19 posts in this topic

here is my log of my hi jack and also combofix if needed.. comp freeze and found some trojan but unable to clear.. appreciated it. thanks

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:04:33 PM, on 1/5/2008

Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6827AE15-0587-4934-A77C-5063BF9C3338} - C:\WINDOWS\system32\ddccb.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453972147

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453963365

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 7453 bytes

 

 

 

 

ComboFix 08-01-04.1 - Lex 2008-01-05 0:25:13.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1461 [GMT 8:00]

Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\rqrstuu.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))

.

 

2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-05 00:17 . 2008-01-04 23:59 7,680 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner

2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-04 23:56 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions

2008-01-04 23:47 . 2008-01-05 00:16 <DIR> d-------- C:\VundoFix Backups

2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics

2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll

2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec

2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel

2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2

2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software

2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX

2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC

2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback

2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept

2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter

2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries

2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia

2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite

2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia

2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic

2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX

2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun

2007-12-14 00:19 . 2008-01-02 01:01 <DIR> d-------- C:\Program Files\mIRC

2007-12-14 00:19 . 2007-12-30 16:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry

2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere

2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts

2007-12-12 23:08 . 2007-10-31 00:33 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax

2007-12-12 23:08 . 2007-10-31 00:33 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax

2007-12-12 23:08 . 2007-10-31 00:33 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax

2007-12-12 23:08 . 2007-10-31 00:33 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax

2007-12-12 23:08 . 2007-10-31 00:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-12-12 23:08 . 2007-10-31 00:32 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-12-12 23:08 . 2007-10-31 00:33 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax

2007-12-12 23:08 . 2007-10-31 00:33 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax

2007-12-12 23:08 . 2007-10-31 00:33 20,992 --a------ C:\WINDOWS\system32\dshowext.ax

2007-12-12 23:08 . 2007-10-31 00:33 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax

2007-12-12 23:06 . 2007-12-12 23:06 <DIR> d-------- C:\Program Files\Acer

2007-12-12 22:52 . 2007-12-12 22:52 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nero

2007-12-12 22:51 . 2007-12-12 22:51 <DIR> d-------- C:\Program Files\Nero

2007-12-12 22:51 . 2007-12-12 22:51 <DIR> d-------- C:\Program Files\Common Files\Nero

2007-12-12 22:51 . 2007-10-26 08:05 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll

2007-12-12 22:51 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll

2007-12-12 22:51 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll

2007-12-12 22:51 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll

2007-12-12 22:51 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll

2007-12-12 22:51 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll

2007-12-12 22:51 . 2007-10-26 08:05 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll

2007-12-12 22:49 . 2007-12-12 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2007-12-12 22:45 . 2007-12-12 23:00 <DIR> d-------- C:\Program Files\Paint.NET

2007-12-12 22:43 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2007-12-12 22:27 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-12-12 22:27 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2007-12-12 22:27 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2007-12-12 22:09 . 2007-10-30 18:41 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2007-12-12 22:09 . 2007-10-30 18:41 9,472 --------- C:\WINDOWS\system32\drivers\dumpdrv.sys

2007-12-12 22:07 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\006012_.tmp

2007-12-12 21:34 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2007-12-12 21:26 . 2007-12-12 21:26 <DIR> d-------- C:\Program Files\MSBuild

2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-12-12 21:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll

2007-12-12 21:19 . 2004-08-04 15:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-12-12 21:18 . 2007-12-12 21:19 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-12-12 21:17 . 2007-12-12 21:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-12-12 21:17 . 2007-12-14 21:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-12-12 21:08 . 2007-12-12 21:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-12-12 20:52 . 2007-12-12 20:54 <DIR> d-------- C:\Program Files\DivX

2007-12-12 20:42 . 2007-12-30 16:48 <DIR> d-------- C:\Documents and Settings\Lex\Contacts

2007-12-12 20:40 . 2007-12-14 18:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-12-12 20:38 . 2007-12-12 20:40 <DIR> d-------- C:\Program Files\Windows Live

2007-12-12 20:38 . 2007-12-12 20:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM

2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek

2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage

2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2007-10-30 16:32 69,120 ----a-w C:\WINDOWS\notepad.exe

2007-10-30 16:32 50,688 ----a-w C:\WINDOWS\twain_32.dll

2007-10-30 16:32 32,866 ------w C:\WINDOWS\slrundll.exe

2007-10-30 16:32 146,432 ----a-w C:\WINDOWS\regedit.exe

2007-10-30 16:32 10,752 ----a-w C:\WINDOWS\hh.exe

2007-10-30 16:32 1,033,728 ----a-w C:\WINDOWS\explorer.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]

C:\WINDOWS\system32\ddccb.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]

"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-12-18 14:59 587776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-13 07:11 7577600]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-13 07:11 86016]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

2006-07-19 09:41 53248 --------- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2006-06-26 15:47 331776 --a------ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

C:\WINDOWS\system32\ElkCtrl.exe /automation

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\System32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]

2007-01-30 10:40 94208 --a------ C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-25 01:11 132496 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-04-29 06:13 766041 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-05 00:33:12

Windows 5.1.2600 Service Pack 3, v.3244 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-05 0:34:40 - machine was rebooted [Lex]

ComboFix-quarantined-files.txt 2008-01-04 16:34:36

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Sorry about the wait, we're very busy.

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

jedi

Share this post


Link to post
Share on other sites

Hi Jedi,

THanks so much for your time and attention. followed ur instruction

here is the log:

mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\mirc.chm;IRC.Generic.32;;

mirc.chm;C:\Program Files\mIRC;Archive contains infected objects;Moved.;

mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;;

A0021438.exe;C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP151;Probably DLOADER.Trojan;;

 

 

 

waiting for ur reply. thanks

Share this post


Link to post
Share on other sites

Hi again,

 

Please delete your current version of Combofix and download and scan with this new version:

 

1. Download this file -

ComboFix

2. Double click ComboFix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

HI there,

 

 

below is the log

 

Thanks alot

 

ComboFix 08-01-13.1 - Lex 2008-01-13 11:59:21.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1240 [GMT 8:00]

Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\Lex\DoctorWeb

2008-01-11 09:19 . 2008-01-11 09:19 38 --a------ C:\WINDOWS\AviSplitter.INI

2008-01-08 23:29 . 2008-01-12 20:05 <DIR> d-------- C:\Program Files\eMule

2008-01-07 22:57 . 2008-01-07 22:57 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iTunes

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iPod

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Apple Computer

2008-01-06 00:30 . 2008-01-12 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 00:30 . 2008-01-06 00:30 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\QuickTime

2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-06 00:29 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-01-05 20:10 . 2008-01-05 20:10 <DIR> d-------- C:\Program Files\a-squared HiJackFree

2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Grisoft

2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-05 20:08 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-01-05 10:54 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-05 10:50 . 2008-01-05 11:24 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\HouseCall 6.6

2008-01-05 10:17 . 2008-01-05 20:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-05 00:41 . 2008-01-05 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-05 00:17 . 2008-01-04 23:59 7,680 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner

2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-04 23:56 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions

2008-01-04 23:47 . 2008-01-05 10:57 <DIR> d-------- C:\VundoFix Backups

2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics

2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll

2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec

2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel

2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2

2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software

2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX

2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC

2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback

2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept

2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter

2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries

2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia

2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite

2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia

2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic

2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX

2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun

2007-12-14 00:19 . 2008-01-12 20:29 <DIR> d-------- C:\Program Files\mIRC

2007-12-14 00:19 . 2008-01-12 20:07 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry

2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere

2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-12 12:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-01-05 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-19 16:48 --------- d-----w C:\Program Files\Norton 360

2007-12-12 15:07 --------- d-----w C:\Program Files\Common Files\Logitech

2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 15:06 --------- d-----w C:\Program Files\Acer

2007-12-12 15:00 --------- d-----w C:\Program Files\Paint.NET

2007-12-12 14:52 --------- d-----w C:\Documents and Settings\Lex\Application Data\Nero

2007-12-12 14:51 --------- d-----w C:\Program Files\Nero

2007-12-12 14:51 --------- d-----w C:\Program Files\Common Files\Nero

2007-12-12 14:43 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-12-12 13:26 --------- d-----w C:\Program Files\MSBuild

2007-12-12 13:23 --------- d-----w C:\Program Files\Reference Assemblies

2007-12-12 13:19 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-12 12:54 --------- d-----w C:\Program Files\DivX

2007-12-12 12:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2007-12-12 12:40 --------- d-----w C:\Program Files\Windows Live

2007-12-12 12:38 --------- d-----w C:\Program Files\Java

2007-12-12 12:37 --------- d-----w C:\Program Files\Common Files\Java

2007-12-12 12:24 --------- d-----w C:\Documents and Settings\Lex\Application Data\Symantec

2007-12-12 11:19 --------- d-----w C:\Program Files\XP Codec Pack

2007-12-12 11:14 --------- d-----w C:\Program Files\Common Files\Adobe

2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-12 11:04 --------- d-----w C:\Documents and Settings\Lex\Application Data\Talkback

2007-12-12 10:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-12 10:44 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-12 10:44 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-12 10:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-12 10:44 --------- d-----w C:\Program Files\Symantec

2007-12-12 10:37 --------- d-----w C:\Program Files\Common Files\Acer

2007-12-12 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM

2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek

2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe

2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-10-30 16:37 330,240 ----a-w C:\WINDOWS\system32\netsetup.exe

2007-10-30 16:33 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2007-10-30 16:33 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr

2007-10-30 16:33 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2007-10-30 16:33 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr

2007-10-30 16:33 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr

2007-10-30 16:33 65,024 ----a-w C:\WINDOWS\system32\wextract.exe

2007-10-30 16:33 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr

2007-10-30 16:33 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe

2007-10-30 16:33 50,176 ----a-w C:\WINDOWS\system32\utilman.exe

2007-10-30 16:33 5,632 ----a-w C:\WINDOWS\system32\winver.exe

2007-10-30 16:33 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr

2007-10-30 16:33 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe

2007-10-30 16:33 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr

2007-10-30 16:33 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe

2007-10-30 16:33 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe

2007-10-30 16:33 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe

2007-10-30 16:33 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe

2007-10-30 16:33 29,696 ----a-w C:\WINDOWS\system32\format.com

2007-10-30 16:33 289,792 ----a-w C:\WINDOWS\system32\vssvc.exe

2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2007-10-30 16:33 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe

2007-10-30 16:33 26,112 ----a-w C:\WINDOWS\system32\userinit.exe

2007-10-30 16:33 259,584 ----a-w C:\WINDOWS\system32\tracerpt.exe

2007-10-30 16:33 220,672 ----a-w C:\WINDOWS\system32\logon.scr

2007-10-30 16:33 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr

2007-10-30 16:33 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr

2007-10-30 16:33 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr

2007-10-30 16:33 18,432 ----a-w C:\WINDOWS\system32\ups.exe

2007-10-30 16:33 165,888 ------w C:\WINDOWS\system32\wuauclt1.exe

2007-10-30 16:33 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.34.20.81 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-05 02:18:22 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll

+ 2008-01-05 02:18:23 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll

+ 2008-01-05 02:18:23 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll

+ 2008-01-05 02:18:33 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

+ 2008-01-05 12:18:57 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll

+ 2008-01-05 02:18:35 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll

+ 2008-01-05 02:18:25 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

+ 2007-10-25 02:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll

+ 2000-08-31 00:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-01-13 03:58:50 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-13 03:58:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-13 03:58:51 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-13 03:58:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-13 03:58:52 4,751,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-13 03:58:52 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-07 14:57:07 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe

- 2007-12-12 14:50:26 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-01-05 01:38:23 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-01-05 16:29:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe

+ 2007-10-31 06:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys

- 2007-12-02 07:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-01-04 16:21:31 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-01-13 03:52:53 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-04 16:21:31 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-01-13 03:52:53 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]

C:\WINDOWS\system32\ddccb.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-13 07:11 7577600]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2006-07-19 09:41 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-19 09:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\System32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2007-10-31 00:32 1695232 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-06-13 07:11 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]

C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]

--a------ 2007-01-30 10:40 94208 C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2006-04-29 06:13 766041 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 12:01:03

Windows 5.1.2600 Service Pack 3, v.3244 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-13 12:01:45

ComboFix-quarantined-files.txt 2008-01-13 04:01:42

.

2008-01-09 15:07:40 --- E O F ---

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

 

File::

C:\WINDOWS\system32\ddccb.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]

 

Save this as CFScript

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

 

jedi

Share this post


Link to post
Share on other sites

hi there

 

here is the combofix log

 

ComboFix 08-01-13.1 - Lex 2008-01-13 20:28:04.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1507 [GMT 8:00]

Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lex\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\system32\ddccb.dll

.

 

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

 

2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\Lex\DoctorWeb

2008-01-11 09:19 . 2008-01-11 09:19 38 --a------ C:\WINDOWS\AviSplitter.INI

2008-01-08 23:29 . 2008-01-12 20:05 <DIR> d-------- C:\Program Files\eMule

2008-01-07 22:57 . 2008-01-07 22:57 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iTunes

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iPod

2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Apple Computer

2008-01-06 00:30 . 2008-01-12 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-06 00:30 . 2008-01-06 00:30 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\QuickTime

2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-06 00:29 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-05 10:54 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-05 10:50 . 2008-01-05 11:24 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\HouseCall 6.6

2008-01-05 10:17 . 2008-01-05 20:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-05 00:41 . 2008-01-05 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner

2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions

2008-01-04 23:47 . 2008-01-05 10:57 <DIR> d-------- C:\VundoFix Backups

2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics

2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys

2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll

2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll

2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll

2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll

2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll

2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec

2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel

2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2

2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software

2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX

2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC

2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback

2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept

2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter

2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries

2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter

2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia

2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX

2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite

2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia

2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic

2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX

2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun

2007-12-14 00:19 . 2008-01-12 20:29 <DIR> d-------- C:\Program Files\mIRC

2007-12-14 00:19 . 2008-01-12 20:07 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo

2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll

2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry

2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive

2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere

2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 04:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-13 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-01-05 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-12-19 16:48 --------- d-----w C:\Program Files\Norton 360

2007-12-12 15:07 --------- d-----w C:\Program Files\Common Files\Logitech

2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-12 15:06 --------- d-----w C:\Program Files\Acer

2007-12-12 15:00 --------- d-----w C:\Program Files\Paint.NET

2007-12-12 14:52 --------- d-----w C:\Documents and Settings\Lex\Application Data\Nero

2007-12-12 14:51 --------- d-----w C:\Program Files\Nero

2007-12-12 14:51 --------- d-----w C:\Program Files\Common Files\Nero

2007-12-12 14:43 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-12-12 13:26 --------- d-----w C:\Program Files\MSBuild

2007-12-12 13:23 --------- d-----w C:\Program Files\Reference Assemblies

2007-12-12 13:19 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-12 12:54 --------- d-----w C:\Program Files\DivX

2007-12-12 12:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2007-12-12 12:40 --------- d-----w C:\Program Files\Windows Live

2007-12-12 12:38 --------- d-----w C:\Program Files\Java

2007-12-12 12:37 --------- d-----w C:\Program Files\Common Files\Java

2007-12-12 12:24 --------- d-----w C:\Documents and Settings\Lex\Application Data\Symantec

2007-12-12 11:19 --------- d-----w C:\Program Files\XP Codec Pack

2007-12-12 11:14 --------- d-----w C:\Program Files\Common Files\Adobe

2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-12 11:04 --------- d-----w C:\Documents and Settings\Lex\Application Data\Talkback

2007-12-12 10:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-12 10:44 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-12 10:44 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-12 10:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-12 10:44 --------- d-----w C:\Program Files\Symantec

2007-12-12 10:37 --------- d-----w C:\Program Files\Common Files\Acer

2007-12-12 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles

2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM

2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek

2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe

2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-10-30 16:37 330,240 ----a-w C:\WINDOWS\system32\netsetup.exe

2007-10-30 16:33 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2007-10-30 16:33 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr

2007-10-30 16:33 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2007-10-30 16:33 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr

2007-10-30 16:33 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr

2007-10-30 16:33 65,024 ----a-w C:\WINDOWS\system32\wextract.exe

2007-10-30 16:33 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr

2007-10-30 16:33 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe

2007-10-30 16:33 50,176 ----a-w C:\WINDOWS\system32\utilman.exe

2007-10-30 16:33 5,632 ----a-w C:\WINDOWS\system32\winver.exe

2007-10-30 16:33 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr

2007-10-30 16:33 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe

2007-10-30 16:33 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr

2007-10-30 16:33 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe

2007-10-30 16:33 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe

2007-10-30 16:33 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe

2007-10-30 16:33 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe

2007-10-30 16:33 29,696 ----a-w C:\WINDOWS\system32\format.com

2007-10-30 16:33 289,792 ----a-w C:\WINDOWS\system32\vssvc.exe

2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe

2007-10-30 16:33 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe

2007-10-30 16:33 26,112 ----a-w C:\WINDOWS\system32\userinit.exe

2007-10-30 16:33 259,584 ----a-w C:\WINDOWS\system32\tracerpt.exe

2007-10-30 16:33 220,672 ----a-w C:\WINDOWS\system32\logon.scr

2007-10-30 16:33 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr

2007-10-30 16:33 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr

2007-10-30 16:33 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr

2007-10-30 16:33 18,432 ----a-w C:\WINDOWS\system32\ups.exe

2007-10-30 16:33 165,888 ------w C:\WINDOWS\system32\wuauclt1.exe

2007-10-30 16:33 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.34.20.81 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-05 02:18:22 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll

+ 2008-01-05 02:18:23 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll

+ 2008-01-05 02:18:23 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll

+ 2008-01-05 02:18:33 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll

+ 2008-01-05 12:18:57 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll

+ 2008-01-05 02:18:35 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll

+ 2008-01-05 02:18:25 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

+ 2007-10-25 02:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll

+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll

+ 2000-08-31 00:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-01-13 12:27:57 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-13 12:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-13 12:27:57 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-13 12:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-13 12:27:57 4,751,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-13 12:27:58 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-07 14:57:07 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe

- 2007-12-12 14:50:26 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-01-05 01:38:23 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-01-05 16:29:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe

+ 2007-10-31 06:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys

- 2007-12-02 07:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-01-04 16:21:31 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-01-13 12:22:17 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-04 16:21:31 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-01-13 12:22:17 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-13 07:11 7577600]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2006-07-19 09:41 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-19 09:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\System32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2007-10-31 00:32 1695232 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-06-13 07:11 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]

C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]

--a------ 2007-01-30 10:40 94208 C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2006-04-29 06:13 766041 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 20:30:04

Windows 5.1.2600 Service Pack 3, v.3244 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3244]

-> C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

.

Completion time: 2008-01-13 20:30:39

ComboFix-quarantined-files.txt 2008-01-13 12:30:36

ComboFix2.txt 2008-01-13 04:01:46

.

2008-01-09 15:07:40 --- E O F ---

 

 

 

 

hijack log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:40:37 PM, on 1/13/2008

Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453972147

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453963365

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{407CD3F1-B3F3-4932-9EBA-B0D73DE91FCD}: NameServer = 202.156.1.68,202.156.1.78

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 7254 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

When the scan is done, please let me know how the PC is running.

 

jedi

Share this post


Link to post
Share on other sites

Results

Identified Viruses 1

 

Infected Files 4

 

Suspect Files0

 

Warnings 0

 

Disinfected 0

 

Deleted Files 4

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Infected with: Trojan.Vundo.DVS

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Disinfection failed

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Deleted

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Infected with: Trojan.Vundo.DVS

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Disinfection failed

 

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Deleted

 

C:\VundoFix Backups\bccdd.ini.bad Infected with: Trojan.Vundo.DVS

 

C:\VundoFix Backups\bccdd.ini.bad Disinfection failed

 

C:\VundoFix Backups\bccdd.ini.bad Deleted

 

C:\VundoFix Backups\bccdd.ini2.bad Infected with: Trojan.Vundo.DVS

 

C:\VundoFix Backups\bccdd.ini2.bad Disinfection failed

 

C:\VundoFix Backups\bccdd.ini2.bad Deleted

Share this post


Link to post
Share on other sites

Hi again,

 

Please post a new HiJackThis log, and let me know how your PC is running now.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi. thanks for following up..

below is the log of hijack..

my comp is pretty much better than before..

i just feel that my norton 360 is not working as well as before?

and also i used to install another windows is my D drive and seems that i cant remove the folders. any advise on this? as there contains those system volume thingy..

thanks a million

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:55:31 PM, on 1/16/2008

Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453972147

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197453963365

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{407CD3F1-B3F3-4932-9EBA-B0D73DE91FCD}: NameServer = 202.156.1.68,202.156.1.78

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 7377 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Your log looks clean. :thumbsup:

 

I can't really give you any advice on Norton 360, I don't use Norton products myself. I know it's had a very mixed set of reviews, and a lot of people have had trouble with it:

http://www.amazon.co.uk/Norton-360-User-Li...iews/B000N8CIC2

Possibly Norton support could help you:

http://www.symantec.com/norton/support/index.jsp

or you could try an uninstall/reinstall.

 

I'm not quite sure what you mean here:

and also i used to install another windows is my D drive and seems that i cant remove the folders. any advise on this? as there contains those system volume thingy..

Could you explain further?

 

jedi

Share this post


Link to post
Share on other sites

hey thanks

what i mean is last time i ever installed win XP on C Drive then Win Vista installed on D Drive. currently on my d drive i cant competely del 'D drive windows' folder as inside my D drive seems like i cant remove " D:\WINDOWS\system32\Macromed\Flash " there is this two files 'Flash9e.ocx' and 'FlashUtil9e'

 

lastly what i mean was when i was using bit defender to scan.. its show that it scan something like D:\System Volume Information\_restore but i am not too sure whether it affect anything though..

 

basically i have 2 gb ram on my laptop and i just felt it isn't that fast as previously when i am using Vista. example when i press windows key + E for short cut to my computer. anyway not so important on this. just hope my comp is clean..

Thanks alot to you JEDI :) Cheers to you :thumbsup:

Share this post


Link to post
Share on other sites

You're very welcome. :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0