Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant Type anything in IE. Pls Help. [RESOLVED]


  • This topic is locked This topic is locked

#1
whjt201

whjt201

    Member

  • Member
  • PipPip
  • 13 posts
Currently using IE7. it just hangs whenever i tried to type sth in the google search box or any other places. But it's ok if i typed it in the address bar. I tried using nod32 and norton to scan but no virus found. i also used ad aware but no critical errors found. firefox works fine. i also tried uninstalling and reinstall but the problem still exist. when in safe mode ie7 works perfectly. didnt install any new programmes recently.
Whenever ie hangs, a msg saying 'drwatson postmortem debugger not responding' appears. looking forward to your reply. thx in advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:52, on 18/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Symantec AntiVirus\DefWatch.exe
C:\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\iTunes\iTunesHelper.exe
C:\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Qlock\qlock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\conime.exe
C:\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVD43] "C:\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [3721CN] rundll32.exe Drive.dll Windows
O4 - HKUS\S-1-5-21-1824225954-2913268999-2536492390-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'admin')
O4 - HKUS\S-1-5-21-1824225954-2913268999-2536492390-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'admin')
O4 - Startup: qlock.lnk = C:\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: Use ViDown to download - C:\ViDown\vd_link.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.bang-oluf...lObjs/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13908 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
whjt201

whjt201

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Many thanks for the help.

DSS Result:

Main Txt:

Deckard's System Scanner v20071014.68
Run by Justin Tong on 2008-02-22 13:36:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-02-22 13:37:03 UTC - RP369 - Deckard's System Scanner Restore Point
49: 2008-02-19 18:43:43 UTC - RP368 - System Checkpoint
48: 2008-02-18 04:53:08 UTC - RP367 - Removed Ad-Aware 2007
47: 2008-02-18 04:34:41 UTC - RP366 - Removed HKBN 2b
46: 2008-02-18 04:10:10 UTC - RP365 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-09 09:26:42 UTC - RP320 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 88% (more than 75%).
System Drive C: has 4.9 GiB (less than 15%) free.


-- HijackThis (run as Justin Tong.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:57, on 22/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Symantec AntiVirus\DefWatch.exe
C:\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\iTunes\iTunesHelper.exe
C:\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Qlock\qlock.exe
C:\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\HKBN 2b\PCCLauncher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\HKBN 2b\bin\SMC.exe
C:\DVDREG~1\DVDRegionFree.exe
C:\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Max Registry Cleaner\MaxRCPopUp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HP\HP Software Update\HPWUCli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Justin Tong\Desktop\Media Player Classic.exe
C:\WINDOWS\system32\divxsm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Justin Tong\Desktop\dss.exe
C:\TRENDM~1\HIJACK~1\Justin Tong.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVD43] "C:\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [3721CN] rundll32.exe Drive.dll Windows
O4 - HKUS\S-1-5-21-1824225954-2913268999-2536492390-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'admin')
O4 - HKUS\S-1-5-21-1824225954-2913268999-2536492390-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'admin')
O4 - Startup: qlock.lnk = C:\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: Use ViDown to download - C:\ViDown\vd_link.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.bang-oluf...lObjs/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Symantec AntiVirus\Rtvscan.exe

--
End of file - 16317 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FJGPNV - c:\windows\system32\drivers\fjgpnv.sys <Not Verified; FUJITSU LIMITED; FJGPNV>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 FlashDrv - c:\program files\fujitsu\flashaid\flashdrv.sys <Not Verified; FUJITSU LIMITED; FlashAid>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>
R3 vmfilter303 - c:\windows\system32\drivers\vmfilter303.sys <Not Verified; Vimicro Corporation; Filter for VM303 with Face Tracking>
R3 ZSMC303 (Kinstone USB PC Camera (Vimicro301 Neptune)) - c:\windows\system32\drivers\usbvm303.sys <Not Verified; Vimicro Corporation; >

S3 ADVNTDRV - c:\windows\system32\drivers\advntdrv.sys <Not Verified; FUJITSU LIMITED.; Microsoft® Windows NT™ Operating System>
S3 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe <Not Verified; O2Micro International; O2 MS1/MP1 Service>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing)
S3 NipSvc (Norman API-hooking helper) - c:\norman\nvc\bin\nipsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_139A10CF&REV_12\4&192AC53F&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_139A10CF&REV_12\4&192AC53F&0&00E0
Service: yukonwxp


-- Scheduled Tasks -------------------------------------------------------------

2008-02-18 16:18:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-22 13:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 13:36:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 13:36:18 0 d-------- C:\WINDOWS\LastGood
2008-02-18 05:08:41 0 d-------- C:\Documents and Settings\Justin Tong\HKBN 2b
2008-02-18 05:05:39 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-02-18 05:04:48 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-02-18 04:54:20 32837 -----n--- C:\WINDOWS\system32\exthook.dll <Not Verified; Nortel Networks NA, Inc.; Nortel Networks Contivity VPN Client>
2008-02-18 04:54:20 24521 --a------ C:\WINDOWS\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
2008-02-18 04:54:19 155184 --a------ C:\WINDOWS\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
2008-02-18 04:54:19 0 d-------- C:\Program Files\HKBN
2008-02-18 04:53:43 0 d-------- C:\Program Files\HKBN 2b
2008-02-18 02:02:09 0 d-------- C:\Documents and Settings\admin\Application Data\Sun
2008-02-18 01:56:59 0 d-------- C:\Documents and Settings\admin\Application Data\Macromedia
2008-02-18 01:55:03 0 d-------- C:\Documents and Settings\admin\HKBN 2b
2008-02-18 01:53:57 0 d-------- C:\Documents and Settings\admin\Application Data\HP
2008-02-18 01:52:29 0 d-------- C:\Documents and Settings\admin\Application Data\Real
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\Templates
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\Start Menu
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\SendTo
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\PrintHood
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\NetHood
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\My Documents
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\Local Settings
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\Favorites
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Desktop
2008-02-18 01:51:25 0 d--hs---- C:\Documents and Settings\admin\Cookies
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\Application Data
2008-02-18 01:51:25 0 d---s---- C:\Documents and Settings\admin\Application Data\Microsoft
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Intel
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Identities
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-02-18 01:51:24 1835008 --ah----- C:\Documents and Settings\admin\NTUSER.DAT
2008-02-18 01:38:38 0 d-------- C:\Program Files\Common Files\Java
2008-02-18 01:14:54 0 d-------- C:\Trend Micro
2008-02-18 00:50:56 0 d-------- C:\WINDOWS\CSC
2008-02-18 00:17:59 0 d-------- C:\Program Files\MSXML 6.0
2008-02-17 23:47:34 0 d-------- C:\Program Files\MSBuild
2008-02-17 23:44:11 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-17 23:43:36 0 d-------- C:\Program Files\Reference Assemblies
2008-02-17 22:47:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 22:29:22 75652 --a------ C:\WINDOWS\e01.exe
2008-02-17 22:29:12 20173 --a------ C:\WINDOWS\e00.exe
2008-02-17 22:29:07 23040 --a------ C:\info.exe
2008-02-17 21:38:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-05 16:28:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 16:27:46 0 d-------- C:\Spyware Doctor
2008-02-05 15:56:42 0 d-------- C:\Program Files\Common Files\Apple
2008-02-05 15:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-03 17:31:31 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2008-02-03 17:31:23 143360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2008-02-03 17:31:22 0 d-------- C:\Program Files\Max Registry Cleaner
2008-02-03 17:30:44 0 d-------- C:\Max Registry Cleaner v6.0.0.033修複和優化注冊表
2008-01-23 16:30:55 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\skypePM
2008-01-23 16:30:55 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-23 16:30:28 0 d-------- C:\Program Files\Common Files\Skype


-- Find3M Report ---------------------------------------------------------------

2008-02-22 13:25:28 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Skype
2008-02-18 04:53:28 0 d-------- C:\Program Files\Common Files
2008-02-18 01:40:30 3912 --a------ C:\WINDOWS\mozver.dat
2008-02-18 01:40:19 0 d-------- C:\Program Files\Java
2008-02-18 00:34:00 37384 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-05 16:07:42 0 d-------- C:\Program Files\QuickTime
2008-02-05 15:57:53 0 d-------- C:\Program Files\Apple Software Update
2008-02-03 18:07:38 0 d-------- C:\Program Files\Online Services
2008-02-03 17:04:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 17:01:31 0 d-------- C:\Program Files\DNA
2008-02-02 00:05:53 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\U3
2008-01-23 16:23:04 0 d-------- C:\Program Files\Slide
2008-01-23 16:22:38 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Slide
2008-01-23 16:16:51 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\BeoMediaDatabase
2008-01-21 00:21:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-01-20 19:19:54 162 --a----c- C:\WINDOWS\system32\cid_store.dat
2008-01-20 18:39:45 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2005 06:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 09:43 C:\WINDOWS\Alcmtr.exe]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [09/08/2005 18:53]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [21/07/2005 22:21]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [21/07/2005 22:20]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [08/06/2005 17:20]
"AGRSMMSG"="AGRSMMSG.exe" [17/01/2006 21:26 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [18/05/2005 23:57]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/01/2006 01:03]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/11/2005 23:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/11/2005 23:26]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 20:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 19:41]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [28/11/2005 19:47]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [16/02/2006 23:34]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [03/01/2006 13:20]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [21/02/2006 23:00]
"@"="" []
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [20/07/2005 22:23]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [26/08/2005 06:49]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 12:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [04/08/2004 12:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 12:00]
"DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 03:50]
"DVD43"="C:\DVD Region+CSS Free\DVDRegionFree.exe" [22/10/2004 07:18]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [27/02/2006 03:25]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [14/06/2006 15:24]
"nod32kui"="C:\Eset\nod32kui.exe" [30/07/2007 21:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/03/2006 13:02]
"HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 22:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/11/2007 02:14]
"RCAutoLiveUpdate"="C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [02/01/2008 12:25]
"RCSystemTray"="C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [02/01/2008 12:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/02/2008 16:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/12/2007 15:08]
"3721CN"="Drive.dll" [25/03/1998 02:24 C:\WINDOWS\system32\drive.dll]

C:\Documents and Settings\Justin Tong\Start Menu\Programs\Startup\
qlock.lnk - C:\Qlock\qlock.exe [31/7/2006 9:28:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 22:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [18/1/2006 2:51:40]
HP Digital Imaging Monitor.lnk - C:\HP\Digital Imaging\bin\hpqtra08.exe [19/2/2006 4:21:22]
HP Photosmart Premier Fast Start.lnk - C:\HP\Digital Imaging\bin\hpqthb08.exe [10/2/2006 7:56:20]
InterVideo WinCinema Manager.lnk - C:\InterVideo\Common\Bin\WinCinemaMgr.exe [25/8/2006 10:06:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\DVDREG~1\DVDShell.dll [09/10/2004 07:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 26/08/2005 06:29 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6730b76a-a184-11db-8232-00037af1546a}]
Auto\command- G:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925ca377-d33e-11dc-82ac-00037af1546a}]
Auto\command- H:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c487d1a-71cf-11dc-8286-00037af1546a}]
AutoRun\command- H:\VMC_PBStarter.exe




-- End of Deckard's System Scanner: finished at 2008-02-22 13:39:21 ------------




EXTRA TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 87%
Physical Memory (total/avail): 1013.86 MiB / 123.11 MiB
Pagefile Memory (total/avail): 2439.25 MiB / 1051.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.67 MiB

C: is Fixed (NTFS) - 36.51 GiB total, 4.9 GiB free.
D: is Fixed (NTFS) - 36.5 GiB total, 12.14 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 4 partitions
\PARTITION0 - Unknown - 1537.44 MiB
\PARTITION1 - Unknown - 15.69 MiB
\PARTITION2 (bootable) - Installable File System - 36.51 GiB - C:
\PARTITION3 - Installable File System - 36.5 GiB - D:

\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 5.72 GiB - 1 partition
\PARTITION0 - Unknown - 5.68 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32防毒系統 2.70 v2.70 (ESET, spol. s r.o.)
AV: Symantec AntiVirus Corporate Edition v10.1.0.394 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\InterVideo\\DVD7\\WinDVD.exe"="C:\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\HKBN 2b\\bin\\SMC.exe"="C:\\HKBN 2b\\bin\\SMC.exe:*:Enabled:Multimedia PC Client"
"C:\\Program Files\\HKBN\\HKBN 2b\\Extranet.exe"="C:\\Program Files\\HKBN\\HKBN 2b\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\HKBN 2b\\bin\\SMC.exe"="C:\\Program Files\\HKBN 2b\\bin\\SMC.exe:*:Enabled:Multimedia PC Client"
"C:\\Program Files\\MSN Messenger\\msgr.exe"="C:\\Program Files\\MSN Messenger\\msgr.exe:*:Disabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Foxy\\Foxy.exe"="C:\\Foxy\\Foxy.exe:*:Enabled:Foxy"
"C:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\RealPlayer\\realplay.exe"="C:\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Funshion Online\\Funshion\\Funshion.exe"="C:\\Funshion Online\\Funshion\\Funshion.exe:*:Enabled:Funshion"
"C:\\Thunder\\Program\\Thunder5.exe"="C:\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder5"
"C:\\TVAnts\\Tvants.exe"="C:\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Tudou\\iTudou\\iTudou.exe"="C:\\Tudou\\iTudou\\iTudou.exe:*:Enabled:iTudou"
"C:\\Documents and Settings\\Justin Tong\\Desktop\\Thunder\\Program\\Thunder5.exe"="C:\\Documents and Settings\\Justin Tong\\Desktop\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Documents and Settings\\Justin Tong\\Desktop\\AOC File\\AOC\\世紀帝國─征服者入侵.exe"="C:\\Documents and Settings\\Justin Tong\\Desktop\\AOC File\\AOC\\世紀帝國─征服者入侵.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\Justin Tong\\Desktop\\世紀帝國2-征服者\\世紀帝國2-征服者\\age2_x1.exe"="C:\\Documents and Settings\\Justin Tong\\Desktop\\世紀帝國2-征服者\\世紀帝國2-征服者\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Documents and Settings\\Justin Tong\\Desktop\\世紀帝國2-征服者\\世紀帝國2-征服者\\empires2.exe"="C:\\Documents and Settings\\Justin Tong\\Desktop\\世紀帝國2-征服者\\世紀帝國2-征服者\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\iTunes\\iTunes.exe"="C:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Mozilla Firefox\\firefox.exe"="C:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Justin Tong\Application Data
CLASSPATH=.; \lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-ADEB17C737
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=true
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin Tong
LOGONSERVER=\\YOUR-ADEB17C737
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA= \lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp
USERDOMAIN=YOUR-ADEB17C737
USERNAME=Justin Tong
USERPROFILE=C:\Documents and Settings\Justin Tong
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Justin Tong (admin)
admin (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced WMA Workshop version 2.03b --> "C:\Advanced WMA Workshop\unins000.exe"
Agere Systems HDA Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Region+CSS Free 5.58 --> "C:\DVD Region+CSS Free\unins000.exe"
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{8C26E186-E649-4A01-B8EC-DDEF5E454389}
FlashAid --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C3758FA-C2DF-4E10-9D29-0CC28DA9214A}\setup.exe"
FlashGet(JetCar) --> C:\FlashGet\UNWISE.EXE C:\FlashGet\INSTALL.LOG
Fujitsu Display Manager --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3703B471-08F1-40F6-9DBF-DACFE74DBFCC}
Fujitsu Hardware Diagnostics Tool --> C:\Program Files\Fujitsu Hardware Diagnostics Tool\uninst.exe
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{805BDB3F-6803-45F7-B959-4FE5B921BC55}\setup.exe"
Fujitsu Radio Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B41D74C6-886C-4406-AE27-241590A6C433}\Setup.exe"
Fujitsu System Extension Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04ECD699-9F3A-4F9C-A476-EEAA4E172079}\setup.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 7.0 --> C:\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Premier Software 6.5 --> C:\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Inst
  • 0

#4
whjt201

whjt201

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry i think i missed out the kaspersky online scanner result. here it is:


KASPERSKY ONLINE SCANNER REPORT
Friday, February 22, 2008 3:47:49 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/02/2008
Kaspersky Anti-Virus database records: 575665


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 70271
Number of viruses found 2
Number of infected objects 5
Number of suspicious objects 0
Duration of the scan process 01:55:14

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\~DF4923.tmp Object is locked skipped

C:\Deckard\System Scanner\backup\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\~DF4955.tmp Object is locked skipped

C:\Deckard\System Scanner\backup\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\~DF87CD.tmp Object is locked skipped

C:\Deckard\System Scanner\backup\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\~DF87E4.tmp Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\call256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\callmember256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chat256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chat512.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatsync\34\34df533115c893c0.dat Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\chatsync\37\373110c2430cde95.dat Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\index2.dat Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\profile256.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\user1024.dbb Object is locked skipped

C:\Documents and Settings\admin\Application Data\Skype\tongjedi\user16384.dbb Object is locked skipped

C:\Documents and Settings\admin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.4a8bf74d.ini.inuse Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\admin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\History\History.IE5\MSHist012008021820080219\index.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temp\~DF26AE.tmp Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temp\~DFAD29.tmp Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\admin\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\admin\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\cert8.db Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\history.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\key3.db Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\parent.lock Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\call256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chat2048.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chat256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chat512.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chatmsg1024.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\index2.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\profile256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\user1024.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\user16384.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Application Data\Skype\tongjedi\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Justin Tong\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\HKBN 2b\Profiles\Default\Logs.txt Object is locked skipped

C:\Documents and Settings\Justin Tong\HKBN 2b\Profiles\Default\SipMessages2.txt Object is locked skipped

C:\Documents and Settings\Justin Tong\HKBN 2b\Profiles\Default\SystemInfo.txt Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.4a8bf74d.ini.inuse Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D6B4_8D48_B48D_2C55\dfsr.db Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D6B4_8D48_B48D_2C55\fsr.log Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D6B4_8D48_B48D_2C55\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D6B4_8D48_B48D_2C55\tmp.edb Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Application Data\Mozilla\Firefox\Profiles\8r0qswc1.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\History\History.IE5\MSHist012008021820080219\index.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\History\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temp\IH7C5F.tmp Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temp\Perflib_Perfdata_1b74.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temp\~DF3D7.tmp Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temp\~DF6EDF.tmp Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\ntuser.dat Object is locked skipped

C:\Documents and Settings\Justin Tong\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\ESET\cache\CACHE.NDB Object is locked skipped

C:\ESET\cache\FND1.NFI/data.rar/9.exe Infected: Backdoor.Win32.Hupigon.axbr skipped

C:\ESET\cache\FND1.NFI/data.rar Infected: Backdoor.Win32.Hupigon.axbr skipped

C:\ESET\cache\FND1.NFI RarSFX: infected - 2 skipped

C:\ESET\cache\FND1.NFI PE-Crypt.XorPE: infected - 2 skipped

C:\ESET\infected\F4RL2PDA.NQF Infected: Trojan-Downloader.Win32.Zlob.hzv skipped

C:\ESET\logs\virlog.dat Object is locked skipped

C:\ESET\logs\warnlog.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HKBN 2b\asulauncher_tmp.log Object is locked skipped

C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped

C:\Symantec AntiVirus\SAVRT\0283NAV~.TMP Object is locked skipped

C:\Symantec AntiVirus\SAVRT\0524NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP369\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{38C37D83-4F24-4670-8FBE-ED6C04ABB3CF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd2573.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_e68.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP369\change.log Object is locked skipped

Scan process completed.
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\e01.exe
    C:\WINDOWS\e00.exe
    C:\info.exe
    C:\ESET\cache\FND1.NFI
    G:\setup.exe
    H:\setup.exe
    H:\VMC_PBStarter.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6730b76a-a184-11db-8232-00037af1546a}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925ca377-d33e-11dc-82ac-00037af1546a}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c487d1a-71cf-11dc-8286-00037af1546a
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log and tell me how your PC is running
  • 0

#6
whjt201

whjt201

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
IE still hangs whenever i type in search boxes or any other places, except for address bar.


OTMOVEIT2 Result:

C:\WINDOWS\e01.exe moved successfully.
C:\WINDOWS\e00.exe moved successfully.
C:\info.exe moved successfully.
C:\ESET\cache\FND1.NFI moved successfully.
File/Folder G:\setup.exe not found.
File/Folder H:\setup.exe not found.
File/Folder H:\VMC_PBStarter.exe not found.
[Custom Input]
< purity >
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6730b76a-a184-11db-8232-00037af1546a} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6730b76a-a184-11db-8232-00037af1546a}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925ca377-d33e-11dc-82ac-00037af1546a} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925ca377-d33e-11dc-82ac-00037af1546a}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c487d1a-71cf-11dc-8286-00037af1546a >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c487d1a-71cf-11dc-8286-00037af1546a\\ not found.

OTMoveIt2 v1.0.20 log created on 02222008_191219




DSS LOG:

Main TXT




Deckard's System Scanner v20071014.68
Run by Justin Tong on 2008-02-22 19:27:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Justin Tong.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:55, on 22/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Symantec AntiVirus\DefWatch.exe
C:\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VM303_STI.EXE
C:\iTunes\iTunesHelper.exe
C:\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Mozilla Firefox\firefox.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Qlock\qlock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\Justin Tong\Desktop\dss.exe
C:\TRENDM~1\HIJACK~1\JUSTIN~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVD43] "C:\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [3721CN] rundll32.exe Drive.dll Windows
O4 - Startup: qlock.lnk = C:\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\FlashGet\jc_link.htm
O8 - Extra context menu item: Use ViDown to download - C:\ViDown\vd_link.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.bang-oluf...lObjs/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13153 bytes

-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-22 13:36:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 13:36:20 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-18 05:08:41 0 d-------- C:\Documents and Settings\Justin Tong\HKBN 2b
2008-02-18 05:05:39 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-02-18 05:04:48 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-02-18 04:54:20 32837 -----n--- C:\WINDOWS\system32\exthook.dll <Not Verified; Nortel Networks NA, Inc.; Nortel Networks Contivity VPN Client>
2008-02-18 04:54:20 24521 --a------ C:\WINDOWS\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
2008-02-18 04:54:19 155184 --a------ C:\WINDOWS\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
2008-02-18 04:54:19 0 d-------- C:\Program Files\HKBN
2008-02-18 04:53:43 0 d-------- C:\Program Files\HKBN 2b
2008-02-18 02:02:09 0 d-------- C:\Documents and Settings\admin\Application Data\Sun
2008-02-18 01:56:59 0 d-------- C:\Documents and Settings\admin\Application Data\Macromedia
2008-02-18 01:55:03 0 d-------- C:\Documents and Settings\admin\HKBN 2b
2008-02-18 01:53:57 0 d-------- C:\Documents and Settings\admin\Application Data\HP
2008-02-18 01:52:29 0 d-------- C:\Documents and Settings\admin\Application Data\Real
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\Templates
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\Start Menu
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\SendTo
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\PrintHood
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\NetHood
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\My Documents
2008-02-18 01:51:25 0 d--h----- C:\Documents and Settings\admin\Local Settings
2008-02-18 01:51:25 0 dr------- C:\Documents and Settings\admin\Favorites
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Desktop
2008-02-18 01:51:25 0 d--hs---- C:\Documents and Settings\admin\Cookies
2008-02-18 01:51:25 0 dr-h----- C:\Documents and Settings\admin\Application Data
2008-02-18 01:51:25 0 d---s---- C:\Documents and Settings\admin\Application Data\Microsoft
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Intel
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Identities
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-02-18 01:51:25 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-02-18 01:51:24 2097152 --ah----- C:\Documents and Settings\admin\NTUSER.DAT
2008-02-18 01:38:38 0 d-------- C:\Program Files\Common Files\Java
2008-02-18 01:14:54 0 d-------- C:\Trend Micro
2008-02-18 00:50:56 0 d-------- C:\WINDOWS\CSC
2008-02-18 00:17:59 0 d-------- C:\Program Files\MSXML 6.0
2008-02-17 23:47:34 0 d-------- C:\Program Files\MSBuild
2008-02-17 23:44:11 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-17 23:43:36 0 d-------- C:\Program Files\Reference Assemblies
2008-02-17 22:47:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 21:38:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-02-05 16:28:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-05 16:27:46 0 d-------- C:\Spyware Doctor
2008-02-05 15:56:42 0 d-------- C:\Program Files\Common Files\Apple
2008-02-05 15:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-03 17:31:31 63 --a------ C:\WINDOWS\system\SYSRegC.dll
2008-02-03 17:31:23 143360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2008-02-03 17:31:22 0 d-------- C:\Program Files\Max Registry Cleaner
2008-02-03 17:30:44 0 d-------- C:\Max Registry Cleaner v6.0.0.033修複和優化注冊表
2008-01-23 16:30:55 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\skypePM
2008-01-23 16:30:55 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-23 16:30:28 0 d-------- C:\Program Files\Common Files\Skype


-- Find3M Report ---------------------------------------------------------------

2008-02-22 19:24:13 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Skype
2008-02-18 04:53:28 0 d-------- C:\Program Files\Common Files
2008-02-18 01:40:30 3912 --a------ C:\WINDOWS\mozver.dat
2008-02-18 01:40:19 0 d-------- C:\Program Files\Java
2008-02-18 00:34:00 37384 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-05 16:07:42 0 d-------- C:\Program Files\QuickTime
2008-02-05 15:57:53 0 d-------- C:\Program Files\Apple Software Update
2008-02-03 18:07:38 0 d-------- C:\Program Files\Online Services
2008-02-03 17:04:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 17:01:31 0 d-------- C:\Program Files\DNA
2008-02-02 00:05:53 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\U3
2008-01-23 16:23:04 0 d-------- C:\Program Files\Slide
2008-01-23 16:22:38 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Slide
2008-01-23 16:16:51 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\BeoMediaDatabase
2008-01-21 00:21:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-01-20 19:19:54 162 --a----c- C:\WINDOWS\system32\cid_store.dat
2008-01-20 18:39:45 0 d-------- C:\Documents and Settings\Justin Tong\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2005 06:49 C:\WINDOWS\RTHDCPL.exe]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [09/08/2005 18:53]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [21/07/2005 22:21]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [21/07/2005 22:20]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [08/06/2005 17:20]
"AGRSMMSG"="AGRSMMSG.exe" [17/01/2006 21:26 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [18/05/2005 23:57]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/01/2006 01:03]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/11/2005 23:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/11/2005 23:26]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 20:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 19:41]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [28/11/2005 19:47]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [16/02/2006 23:34]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [03/01/2006 13:20]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [21/02/2006 23:00]
"@"="" []
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [20/07/2005 22:23]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [26/08/2005 06:49]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 12:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [04/08/2004 12:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 12:00]
"DAEMON Tools"="C:\DAEMON Tools\daemon.exe" [10/12/2005 14:57]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 03:50]
"DVD43"="C:\DVD Region+CSS Free\DVDRegionFree.exe" [22/10/2004 07:18]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [27/02/2006 03:25]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [14/06/2006 15:24]
"nod32kui"="C:\Eset\nod32kui.exe" [30/07/2007 21:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/03/2006 13:02]
"HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 22:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/11/2007 02:14]
"RCAutoLiveUpdate"="C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [02/01/2008 12:25]
"RCSystemTray"="C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [02/01/2008 12:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/02/2008 16:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/12/2007 15:08]
"3721CN"="Drive.dll" [25/03/1998 02:24 C:\WINDOWS\system32\drive.dll]

C:\Documents and Settings\Justin Tong\Start Menu\Programs\Startup\
qlock.lnk - C:\Qlock\qlock.exe [31/7/2006 9:28:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 22:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [18/1/2006 2:51:40]
HP Digital Imaging Monitor.lnk - C:\HP\Digital Imaging\bin\hpqtra08.exe [19/2/2006 4:21:22]
HP Photosmart Premier Fast Start.lnk - C:\HP\Digital Imaging\bin\hpqthb08.exe [10/2/2006 7:56:20]
InterVideo WinCinema Manager.lnk - C:\InterVideo\Common\Bin\WinCinemaMgr.exe [25/8/2006 10:06:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\DVDREG~1\DVDShell.dll [09/10/2004 07:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 26/08/2005 06:29 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c487d1a-71cf-11dc-8286-00037af1546a}]
AutoRun\command- H:\VMC_PBStarter.exe




-- End of Deckard's System Scanner: finished at 2008-02-22 19:28:25 ------------
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean, this isn't a malware issue. You would be better off posting in the Windows XP forum

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#8
whjt201

whjt201

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanks for the help, so i now should start a new post in the windows xp forum?
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes that would be your best bet, it is probably a keyboard problem. Tell them that I sent you over

Good luck
  • 0

#10
whjt201

whjt201

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thanks alot for all the help given
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP