Jump to content


Photo

need help.. here's my log..


  • This topic is locked This topic is locked
18 replies to this topic

#1 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 05 January 2008 - 08:06 AM

here is my log of my hi jack and also combofix if needed.. comp freeze and found some trojan but unable to clear.. appreciated it. thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:33 PM, on 1/5/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6827AE15-0587-4934-A77C-5063BF9C3338} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197453972147
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197453963365
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7453 bytes




ComboFix 08-01-04.1 - Lex 2008-01-05 0:25:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1461 [GMT 8:00]
Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rqrstuu.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:17 . 2008-01-04 23:59 7,680 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 23:56 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions
2008-01-04 23:47 . 2008-01-05 00:16 <DIR> d-------- C:\VundoFix Backups
2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics
2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec
2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel
2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2
2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software
2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX
2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC
2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback
2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter
2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries
2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia
2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite
2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia
2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic
2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX
2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun
2007-12-14 00:19 . 2008-01-02 01:01 <DIR> d-------- C:\Program Files\mIRC
2007-12-14 00:19 . 2007-12-30 16:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere
2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts
2007-12-12 23:08 . 2007-10-31 00:33 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2007-12-12 23:08 . 2007-10-31 00:33 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2007-12-12 23:08 . 2007-10-31 00:33 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2007-12-12 23:08 . 2007-10-31 00:33 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2007-12-12 23:08 . 2007-10-31 00:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-12-12 23:08 . 2007-10-31 00:32 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-12-12 23:08 . 2007-10-31 00:33 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2007-12-12 23:08 . 2007-10-31 00:33 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2007-12-12 23:08 . 2007-10-31 00:33 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2007-12-12 23:08 . 2007-10-31 00:33 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2007-12-12 23:06 . 2007-12-12 23:06 <DIR> d-------- C:\Program Files\Acer
2007-12-12 22:52 . 2007-12-12 22:52 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nero
2007-12-12 22:51 . 2007-12-12 22:51 <DIR> d-------- C:\Program Files\Nero
2007-12-12 22:51 . 2007-12-12 22:51 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-12 22:51 . 2007-10-26 08:05 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll
2007-12-12 22:51 . 2006-03-17 11:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2007-12-12 22:51 . 2006-03-17 11:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2007-12-12 22:51 . 2006-03-17 11:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2007-12-12 22:51 . 2006-03-17 14:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2007-12-12 22:51 . 2006-03-17 11:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2007-12-12 22:51 . 2007-10-26 08:05 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2007-12-12 22:49 . 2007-12-12 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-12 22:45 . 2007-12-12 23:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-12-12 22:43 . 2007-12-12 22:43 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-12-12 22:27 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-12 22:27 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-12 22:27 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-12 22:09 . 2007-10-30 18:41 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-12-12 22:09 . 2007-10-30 18:41 9,472 --------- C:\WINDOWS\system32\drivers\dumpdrv.sys
2007-12-12 22:07 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\006012_.tmp
2007-12-12 21:34 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-12 21:26 . 2007-12-12 21:26 <DIR> d-------- C:\Program Files\MSBuild
2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-12 21:23 . 2007-12-12 21:23 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-12 21:22 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-12-12 21:19 . 2004-08-04 15:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-12 21:18 . 2007-12-12 21:19 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-12 21:17 . 2007-12-12 21:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-12 21:17 . 2007-12-14 21:32 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-12 21:08 . 2007-12-12 21:09 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-12 20:52 . 2007-12-12 20:54 <DIR> d-------- C:\Program Files\DivX
2007-12-12 20:42 . 2007-12-30 16:48 <DIR> d-------- C:\Documents and Settings\Lex\Contacts
2007-12-12 20:40 . 2007-12-14 18:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-12 20:38 . 2007-12-12 20:40 <DIR> d-------- C:\Program Files\Windows Live
2007-12-12 20:38 . 2007-12-12 20:40 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM
2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek
2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-10-30 16:32 69,120 ----a-w C:\WINDOWS\notepad.exe
2007-10-30 16:32 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-10-30 16:32 32,866 ------w C:\WINDOWS\slrundll.exe
2007-10-30 16:32 146,432 ----a-w C:\WINDOWS\regedit.exe
2007-10-30 16:32 10,752 ----a-w C:\WINDOWS\hh.exe
2007-10-30 16:32 1,033,728 ----a-w C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-12-18 14:59 587776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-13 07:11 7577600]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-13 07:11 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-19 09:41 53248 --------- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-06-26 15:47 331776 --a------ C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
2007-01-30 10:40 94208 --a------ C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-04-29 06:13 766041 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 00:33:12
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 0:34:40 - machine was rebooted [Lex]
ComboFix-quarantined-files.txt 2008-01-04 16:34:36

#2 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 06 January 2008 - 10:30 AM

anyone to help? sory to ask again .. hope i post the right logs

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 08 January 2008 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 January 2008 - 04:30 PM

Hi,

Sorry about the wait, we're very busy.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 12 January 2008 - 01:35 AM

Hi Jedi,
THanks so much for your time and attention. followed ur instruction
here is the log:
mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\mirc.chm;IRC.Generic.32;;
mirc.chm;C:\Program Files\mIRC;Archive contains infected objects;Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.621;;
A0021438.exe;C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP151;Probably DLOADER.Trojan;;



waiting for ur reply. thanks

#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 January 2008 - 03:26 PM

Hi again,

Please delete your current version of Combofix and download and scan with this new version:

1. Download this file -
ComboFix
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 12 January 2008 - 11:04 PM

HI there,


below is the log

Thanks alot

ComboFix 08-01-13.1 - Lex 2008-01-13 11:59:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1240 [GMT 8:00]
Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\Lex\DoctorWeb
2008-01-11 09:19 . 2008-01-11 09:19 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-01-08 23:29 . 2008-01-12 20:05 <DIR> d-------- C:\Program Files\eMule
2008-01-07 22:57 . 2008-01-07 22:57 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iTunes
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iPod
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Apple Computer
2008-01-06 00:30 . 2008-01-12 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 00:30 . 2008-01-06 00:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\QuickTime
2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-06 00:29 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-05 20:10 . 2008-01-05 20:10 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Grisoft
2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-05 20:08 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 10:54 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-05 10:50 . 2008-01-05 11:24 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\HouseCall 6.6
2008-01-05 10:17 . 2008-01-05 20:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-05 00:41 . 2008-01-05 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:17 . 2008-01-04 23:59 7,680 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 23:56 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions
2008-01-04 23:47 . 2008-01-05 10:57 <DIR> d-------- C:\VundoFix Backups
2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics
2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec
2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel
2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2
2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software
2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX
2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC
2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback
2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter
2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries
2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia
2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite
2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia
2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic
2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX
2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun
2007-12-14 00:19 . 2008-01-12 20:29 <DIR> d-------- C:\Program Files\mIRC
2007-12-14 00:19 . 2008-01-12 20:07 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere
2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 03:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 12:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-05 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-19 16:48 --------- d-----w C:\Program Files\Norton 360
2007-12-12 15:07 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 15:06 --------- d-----w C:\Program Files\Acer
2007-12-12 15:00 --------- d-----w C:\Program Files\Paint.NET
2007-12-12 14:52 --------- d-----w C:\Documents and Settings\Lex\Application Data\Nero
2007-12-12 14:51 --------- d-----w C:\Program Files\Nero
2007-12-12 14:51 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-12 14:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-12 13:26 --------- d-----w C:\Program Files\MSBuild
2007-12-12 13:23 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-12 13:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 12:54 --------- d-----w C:\Program Files\DivX
2007-12-12 12:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-12 12:40 --------- d-----w C:\Program Files\Windows Live
2007-12-12 12:38 --------- d-----w C:\Program Files\Java
2007-12-12 12:37 --------- d-----w C:\Program Files\Common Files\Java
2007-12-12 12:24 --------- d-----w C:\Documents and Settings\Lex\Application Data\Symantec
2007-12-12 11:19 --------- d-----w C:\Program Files\XP Codec Pack
2007-12-12 11:14 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 11:04 --------- d-----w C:\Documents and Settings\Lex\Application Data\Talkback
2007-12-12 10:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 10:44 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-12 10:44 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-12 10:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-12 10:44 --------- d-----w C:\Program Files\Symantec
2007-12-12 10:37 --------- d-----w C:\Program Files\Common Files\Acer
2007-12-12 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM
2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek
2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-30 16:37 330,240 ----a-w C:\WINDOWS\system32\netsetup.exe
2007-10-30 16:33 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2007-10-30 16:33 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
2007-10-30 16:33 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2007-10-30 16:33 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr
2007-10-30 16:33 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-10-30 16:33 65,024 ----a-w C:\WINDOWS\system32\wextract.exe
2007-10-30 16:33 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
2007-10-30 16:33 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-10-30 16:33 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
2007-10-30 16:33 5,632 ----a-w C:\WINDOWS\system32\winver.exe
2007-10-30 16:33 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr
2007-10-30 16:33 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2007-10-30 16:33 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr
2007-10-30 16:33 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
2007-10-30 16:33 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2007-10-30 16:33 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-10-30 16:33 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
2007-10-30 16:33 29,696 ----a-w C:\WINDOWS\system32\format.com
2007-10-30 16:33 289,792 ----a-w C:\WINDOWS\system32\vssvc.exe
2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-10-30 16:33 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2007-10-30 16:33 26,112 ----a-w C:\WINDOWS\system32\userinit.exe
2007-10-30 16:33 259,584 ----a-w C:\WINDOWS\system32\tracerpt.exe
2007-10-30 16:33 220,672 ----a-w C:\WINDOWS\system32\logon.scr
2007-10-30 16:33 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr
2007-10-30 16:33 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr
2007-10-30 16:33 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr
2007-10-30 16:33 18,432 ----a-w C:\WINDOWS\system32\ups.exe
2007-10-30 16:33 165,888 ------w C:\WINDOWS\system32\wuauclt1.exe
2007-10-30 16:33 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.34.20.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 02:18:22 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-05 02:18:23 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-05 02:18:23 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-05 02:18:33 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-05 12:18:57 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-05 02:18:35 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-05 02:18:25 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2007-10-25 02:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2000-08-31 00:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-13 03:58:50 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 03:58:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 03:58:51 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 03:58:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 03:58:52 4,751,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 03:58:52 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-07 14:57:07 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
- 2007-12-12 14:50:26 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-05 01:38:23 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-05 16:29:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-10-31 06:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-12-02 07:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-01-04 16:21:31 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-13 03:52:53 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-04 16:21:31 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-13 03:52:53 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-13 07:11 7577600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2006-07-19 09:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-19 09:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2007-10-31 00:32 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-13 07:11 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
--a------ 2007-01-30 10:40 94208 C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-29 06:13 766041 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 12:01:03
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 12:01:45
ComboFix-quarantined-files.txt 2008-01-13 04:01:42
.
2008-01-09 15:07:40 --- E O F ---

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 January 2008 - 05:34 AM

Hi,

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

File::
C:\WINDOWS\system32\ddccb.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6827AE15-0587-4934-A77C-5063BF9C3338}]


Save this as CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 13 January 2008 - 09:12 AM

hi there

here is the combofix log

ComboFix 08-01-13.1 - Lex 2008-01-13 20:28:04.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1507 [GMT 8:00]
Running from: C:\Documents and Settings\Lex\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lex\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\ddccb.dll
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\Lex\DoctorWeb
2008-01-11 09:19 . 2008-01-11 09:19 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-01-08 23:29 . 2008-01-12 20:05 <DIR> d-------- C:\Program Files\eMule
2008-01-07 22:57 . 2008-01-07 22:57 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iTunes
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Program Files\iPod
2008-01-06 00:30 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Apple Computer
2008-01-06 00:30 . 2008-01-12 22:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 00:30 . 2008-01-06 00:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\QuickTime
2008-01-06 00:29 . 2008-01-06 00:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-06 00:29 . 2008-01-06 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-06 00:28 . 2008-01-06 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-05 10:54 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-05 10:50 . 2008-01-05 11:24 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\HouseCall 6.6
2008-01-05 10:17 . 2008-01-05 20:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-05 00:41 . 2008-01-05 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:07 . 2008-01-05 00:07 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 23:57 . 2008-01-04 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 23:50 . 2008-01-04 23:50 <DIR> d-------- C:\Program Files\InCode Solutions
2008-01-04 23:47 . 2008-01-05 10:57 <DIR> d-------- C:\VundoFix Backups
2007-12-30 16:44 . 2007-12-30 16:44 <DIR> d-------- C:\Program Files\Synaptics
2007-12-30 16:44 . 2006-04-29 05:54 193,056 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-12-30 16:44 . 2006-04-29 06:00 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-12-30 16:44 . 2006-04-29 06:00 94,297 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-12-30 16:44 . 2006-04-29 05:59 82,012 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-12-30 16:44 . 2006-04-29 06:17 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-12-30 16:44 . 2006-04-29 06:14 69,721 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-12-26 18:33 . 2007-12-26 18:33 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Symantec
2007-12-25 22:43 . 2007-12-25 22:43 <DIR> d-------- C:\Intel
2007-12-23 00:21 . 2007-12-23 00:21 <DIR> d-------- C:\Program Files\FM Modifier 2.2
2007-12-20 22:49 . 2007-12-20 22:49 <DIR> d-------- C:\Documents and Settings\Liyun\Bluetooth Software
2007-12-18 00:04 . 2007-12-18 00:04 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\DivX
2007-12-16 20:19 . 2007-12-25 20:47 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\mIRC
2007-12-15 20:05 . 2007-12-15 20:05 <DIR> d-------- C:\Documents and Settings\Liyun\Application Data\Talkback
2007-12-14 22:11 . 2007-12-14 22:11 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2007-12-14 21:34 . 2007-12-14 22:33 <DIR> d-------- C:\Documents and Settings\Lex\.SimpleCenter
2007-12-14 21:32 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\NSeries
2007-12-14 18:38 . 2007-10-30 18:47 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-14 18:25 . 2007-12-14 18:26 <DIR> d-------- C:\Program Files\SimpleCenter
2007-12-14 18:25 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2007-12-14 18:25 . 2007-12-14 18:39 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Nokia
2007-12-14 18:25 . 2007-12-14 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\DIFX
2007-12-14 18:24 . 2007-12-14 18:24 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-14 18:24 . 2007-12-14 18:25 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\PC Suite
2007-12-14 18:24 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-14 18:24 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-14 18:24 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-14 18:24 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-14 18:24 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-14 18:23 . 2007-12-14 18:25 <DIR> d-------- C:\Program Files\Nokia
2007-12-14 02:51 . 2007-12-14 02:51 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Media Player Classic
2007-12-14 02:50 . 2007-12-14 03:09 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\DivX
2007-12-14 01:26 . 2007-12-14 01:26 <DIR> d-------- C:\WINDOWS\Sun
2007-12-14 00:19 . 2008-01-12 20:29 <DIR> d-------- C:\Program Files\mIRC
2007-12-14 00:19 . 2008-01-12 20:07 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\mIRC
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-14 00:12 . 2007-12-14 00:12 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-13 23:13 . 2007-12-13 23:13 <DIR> d-------- C:\Documents and Settings\Lex\Application Data\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-12-13 23:06 . 2007-12-14 03:02 <DIR> d-------- C:\Program Files\Sports Interactive
2007-12-13 23:06 . 2007-12-13 23:06 <DIR> d--h----- C:\Documents and Settings\Lex\InstallAnywhere
2007-12-13 22:13 . 2007-12-15 20:04 <DIR> d-------- C:\Documents and Settings\Liyun\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 04:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-05 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-05 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-19 16:48 --------- d-----w C:\Program Files\Norton 360
2007-12-12 15:07 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-12 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 15:06 --------- d-----w C:\Program Files\Acer
2007-12-12 15:00 --------- d-----w C:\Program Files\Paint.NET
2007-12-12 14:52 --------- d-----w C:\Documents and Settings\Lex\Application Data\Nero
2007-12-12 14:51 --------- d-----w C:\Program Files\Nero
2007-12-12 14:51 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-12 14:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-12 13:26 --------- d-----w C:\Program Files\MSBuild
2007-12-12 13:23 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-12 13:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 12:54 --------- d-----w C:\Program Files\DivX
2007-12-12 12:40 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-12 12:40 --------- d-----w C:\Program Files\Windows Live
2007-12-12 12:38 --------- d-----w C:\Program Files\Java
2007-12-12 12:37 --------- d-----w C:\Program Files\Common Files\Java
2007-12-12 12:24 --------- d-----w C:\Documents and Settings\Lex\Application Data\Symantec
2007-12-12 11:19 --------- d-----w C:\Program Files\XP Codec Pack
2007-12-12 11:14 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-12 11:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-12 11:04 --------- d-----w C:\Documents and Settings\Lex\Application Data\Talkback
2007-12-12 10:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-12 10:44 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-12 10:44 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-12 10:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-12 10:44 --------- d-----w C:\Program Files\Symantec
2007-12-12 10:37 --------- d-----w C:\Program Files\Common Files\Acer
2007-12-12 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-12 09:54 --------- d-----w C:\Program Files\WIDCOMM
2007-12-12 09:50 --------- d-----w C:\Program Files\Realtek
2007-12-12 09:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-30 15:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 15:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 15:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 15:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 15:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 15:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 15:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 15:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-30 16:37 330,240 ----a-w C:\WINDOWS\system32\netsetup.exe
2007-10-30 16:33 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2007-10-30 16:33 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
2007-10-30 16:33 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2007-10-30 16:33 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr
2007-10-30 16:33 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-10-30 16:33 65,024 ----a-w C:\WINDOWS\system32\wextract.exe
2007-10-30 16:33 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
2007-10-30 16:33 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-10-30 16:33 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
2007-10-30 16:33 5,632 ----a-w C:\WINDOWS\system32\winver.exe
2007-10-30 16:33 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr
2007-10-30 16:33 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2007-10-30 16:33 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr
2007-10-30 16:33 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
2007-10-30 16:33 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2007-10-30 16:33 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-10-30 16:33 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
2007-10-30 16:33 29,696 ----a-w C:\WINDOWS\system32\format.com
2007-10-30 16:33 289,792 ----a-w C:\WINDOWS\system32\vssvc.exe
2007-10-30 16:33 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-10-30 16:33 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2007-10-30 16:33 26,112 ----a-w C:\WINDOWS\system32\userinit.exe
2007-10-30 16:33 259,584 ----a-w C:\WINDOWS\system32\tracerpt.exe
2007-10-30 16:33 220,672 ----a-w C:\WINDOWS\system32\logon.scr
2007-10-30 16:33 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr
2007-10-30 16:33 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr
2007-10-30 16:33 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr
2007-10-30 16:33 18,432 ----a-w C:\WINDOWS\system32\ups.exe
2007-10-30 16:33 165,888 ------w C:\WINDOWS\system32\wuauclt1.exe
2007-10-30 16:33 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.34.20.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 02:18:22 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-01-05 02:18:23 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-01-05 02:18:23 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-01-05 02:18:33 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-05 12:18:57 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-01-05 02:18:35 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-01-05 02:18:25 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2007-10-25 02:26:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-10-25 02:26:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2000-08-31 00:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-13 12:27:57 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 12:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 12:27:57 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 12:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 12:27:57 4,751,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 12:27:58 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-07 14:57:07 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
- 2007-12-12 14:50:26 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-05 01:38:23 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-05 16:29:07 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-10-31 06:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-12-02 07:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-01-04 16:21:31 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-13 12:22:17 70,526 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-04 16:21:31 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-13 12:22:17 436,928 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-13 07:11 7577600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2006-07-19 09:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-07-19 09:41 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2007-10-31 00:32 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-13 07:11 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2003-03-31 20:00 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-19 09:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
--a------ 2007-01-30 10:40 94208 C:\Program Files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-07-19 09:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-29 06:13 766041 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 20:30:04
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3244]
-> C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
.
Completion time: 2008-01-13 20:30:39
ComboFix-quarantined-files.txt 2008-01-13 12:30:36
ComboFix2.txt 2008-01-13 04:01:46
.
2008-01-09 15:07:40 --- E O F ---




hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:37 PM, on 1/13/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197453972147
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197453963365
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{407CD3F1-B3F3-4932-9EBA-B0D73DE91FCD}: NameServer = 202.156.1.68,202.156.1.78
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7254 bytes

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 January 2008 - 01:14 PM

Hi again,

Please do the following:
Run a BitDefender Online scan Here and post the results.

When the scan is done, please let me know how the PC is running.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 15 January 2008 - 10:24 AM

Results
Identified Viruses 1

Infected Files 4

Suspect Files0

Warnings 0

Disinfected 0

Deleted Files 4

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Disinfection failed

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP149\A0021232.ini Deleted

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Disinfection failed

C:\System Volume Information\_restore{200C3D14-20C3-494F-9462-42963C79A999}\RP150\A0021260.ini Deleted

C:\VundoFix Backups\bccdd.ini.bad Infected with: Trojan.Vundo.DVS

C:\VundoFix Backups\bccdd.ini.bad Disinfection failed

C:\VundoFix Backups\bccdd.ini.bad Deleted

C:\VundoFix Backups\bccdd.ini2.bad Infected with: Trojan.Vundo.DVS

C:\VundoFix Backups\bccdd.ini2.bad Disinfection failed

C:\VundoFix Backups\bccdd.ini2.bad Deleted

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 January 2008 - 03:35 PM

Hi again,

Please post a new HiJackThis log, and let me know how your PC is running now.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 16 January 2008 - 10:57 AM

Hi Jedi. thanks for following up..
below is the log of hijack..
my comp is pretty much better than before..
i just feel that my norton 360 is not working as well as before?
and also i used to install another windows is my D drive and seems that i cant remove the folders. any advise on this? as there contains those system volume thingy..
thanks a million


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:31 PM, on 1/16/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lex\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1197453972147
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197453963365
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{407CD3F1-B3F3-4932-9EBA-B0D73DE91FCD}: NameServer = 202.156.1.68,202.156.1.78
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7377 bytes

#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 16 January 2008 - 03:59 PM

Hi again,

Your log looks clean. :thumbsup:

I can't really give you any advice on Norton 360, I don't use Norton products myself. I know it's had a very mixed set of reviews, and a lot of people have had trouble with it:
http://www.amazon.co...iews/B000N8CIC2
Possibly Norton support could help you:
http://www.symantec....pport/index.jsp
or you could try an uninstall/reinstall.

I'm not quite sure what you mean here:

and also i used to install another windows is my D drive and seems that i cant remove the folders. any advise on this? as there contains those system volume thingy..

Could you explain further?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 17 January 2008 - 09:36 AM

hey thanks
what i mean is last time i ever installed win XP on C Drive then Win Vista installed on D Drive. currently on my d drive i cant competely del 'D drive windows' folder as inside my D drive seems like i cant remove " D:\WINDOWS\system32\Macromed\Flash " there is this two files 'Flash9e.ocx' and 'FlashUtil9e'

lastly what i mean was when i was using bit defender to scan.. its show that it scan something like D:\System Volume Information\_restore but i am not too sure whether it affect anything though..

basically i have 2 gb ram on my laptop and i just felt it isn't that fast as previously when i am using Vista. example when i press windows key + E for short cut to my computer. anyway not so important on this. just hope my comp is clean..
Thanks alot to you JEDI :) Cheers to you :thumbsup:

#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 19 January 2008 - 10:57 AM

Hi,

The Macromedia folder is nothing to worry about. Try working through the suggestions here:

http://users.telenet...owcomputer.html

to speed up your PC.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 LexToh

LexToh

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 22 January 2008 - 11:05 AM

Hi,

The Macromedia folder is nothing to worry about. Try working through the suggestions here:

http://users.telenet...owcomputer.html

to speed up your PC.

jedi


hi Jedi, Thanks lot.. u r great!!
:)

#18 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 January 2008 - 02:37 PM

You're very welcome. :)
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#19 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 29 January 2008 - 11:29 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button