Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Asuyuki

Pages: [1] 2 3 ... 5
1
Tech Clinic / touchpad & security buttons not working
« on: October 23, 2007, 05:55:15 AM »
anyway for the blog template ... i dissected the template & realised tat it is my ban right click script tat is bugged, not the rainbow script .... removing it now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />

2
Tech Clinic / touchpad & security buttons not working
« on: October 22, 2007, 08:02:57 PM »
lets hear how the 1st method goes den ..

3
Tech Clinic / touchpad & security buttons not working
« on: October 21, 2007, 08:26:21 PM »
10/21/2007
file version: 000783-0

4
Tech Clinic / touchpad & security buttons not working
« on: October 21, 2007, 03:14:21 AM »
& i realised that it is not blogger's problem ... it is my own source code, which results in the so-called trojan found in the template page

trying to get the source code now >> (edit: got the code after i disabled the anti-virus)
would appreciate if any guidance is given on the possible conflict in the code ..

5
Tech Clinic / touchpad & security buttons not working
« on: October 19, 2007, 09:23:05 PM »
the trojan found is JS:Cardst [Trj]



i guess i solve this problem first before i consider a full reinstall, term examination coming ... >.<


internet explorer looks fine after that.  & i am uninstalling windows hider, trying now ... ( & it does not work)

6
Tech Clinic / touchpad & security buttons not working
« on: October 19, 2007, 01:27:19 AM »
nobody responded there for 5 days ...



anyway, do you noe how to solve the problem of internet explorer always hanging when i use h0tmail.
is it the problem with the new interface?

also, my avast! recognises my OWN blog as a trojan horse spreader. Also, it recognises some parts of blogger ( eg the template area) as trojans too ...
i nvr had this problem be4 .. is it a problem with avast! ??

7
Tech Clinic / touchpad & security buttons not working
« on: October 14, 2007, 06:24:10 AM »
ah ... knew i wasn't so lucky ....


anyway still interested in ACPI installation.

8
Tech Clinic / touchpad & security buttons not working
« on: October 14, 2007, 02:41:37 AM »
ok ... the joke is ... i am not sure wad i did with the computer. i attempted to reinstall Fujitsu Button Utilities and my touchpad works.
unable to believe my luk, i reboot, n it is still working ( for now, of course ...)


i am CERTAIN tat it is Fujitsu Button Utilities that is controlling screen orientation. & referriing to other sources, there is  possibility that the ACPI driver is involved in the problem ...
however, the ACPI driver frm the web had no distinct installation. any idea how to use it? so that i can try out this possibility of the problem.

thx

9
Tech Clinic / touchpad & security buttons not working
« on: October 13, 2007, 02:53:49 AM »
hav already tried all 5. none of them have an effect on the screen orientation ( unless it is touch panel, which does not seem to be an installer at all)


if yr method require reformatting, i will certainly not like tat to happen

btw,  any possibility to do with services.msc ? a sudden thought that it may affect the touchpad somehow .. n it is the only thing i hav altered the system

10
Tech Clinic / touchpad & security buttons not working
« on: October 11, 2007, 09:55:17 AM »
after reboot , back to square 1 ...

11
Tech Clinic / touchpad & security buttons not working
« on: October 11, 2007, 03:22:26 AM »
the touchpad is working ... for now ...


n the tablet screen coordination(as well as those 5 little buttons at the bottom right hand corner of my screen/monitor) is related to which driver? because nth really seems related to the tablet screen view change ..

12
Tech Clinic / touchpad & security buttons not working
« on: October 10, 2007, 02:43:17 AM »
though avast has claimed tat combofix is a trojan, i guess it is just part of the programme


anyway, the combofix log


ComboFix 07-10-10.1 - Pikasword 2007-10-10 15:34:57.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.129 [GMT 8:00]
Running from: C:\Documents and Settings\PUN KA TSUN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PUN KA TSUN\Desktop\CFScript.txt

FILE::
C:\DelUS.bat
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat

.
(((((((((((((((((((((((((   Files Created from 2007-09-10 to 2007-10-10  )))))))))))))))))))))))))))))))
.

2007-10-10 15:32   <DIR>   d--------   C:\WINDOWS\LastGood
2007-10-10 15:31   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-09 17:06   <DIR>   d--------   C:\Deckard
2007-10-07 21:43   <DIR>   d--------   C:\Program Files\Apoint2K
2007-10-07 21:43   103,391   -ra------   C:\WINDOWS\system32\drivers\Apfiltr.sys
2007-10-06 15:32   1,559,040   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-10-06 15:32   282,624   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-10-06 15:27   <DIR>   d--------   C:\Documents and Settings\PUN KA TSUN\Application Data\Real
2007-10-06 15:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Real
2007-10-06 15:18   <DIR>   d--------   C:\Documents and Settings\PUN KA TSUN\Application Data\Media Player Classic
2007-10-06 15:17   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2007-10-06 15:17   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-10-06 15:17   740,442   --a------   C:\WINDOWS\system32\divx.dll
2007-10-06 15:17   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-10-06 15:17   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2007-10-06 15:17   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-10-06 15:17   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-09-29 23:24   <DIR>   d--------   C:\Program Files\WIZET
2007-09-23 18:21   <DIR>   d--h-----   C:\WINDOWS\PIF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 07:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-09 13:58   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 13:47   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-07 13:47   ---------   d-----w   C:\Program Files\Fujitsu
2007-10-07 11:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-06 07:15   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-04 11:42   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor
2007-10-04 11:18   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Apple Computer
2007-10-04 11:17   ---------   d-----w   C:\Program Files\Common Files\Real
2007-10-04 11:00   ---------   d-----w   C:\Program Files\QuickTime
2007-09-30 06:20   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-09-29 04:33   ---------   d-----w   C:\Program Files\SpywareBlaster
2007-09-28 09:33   ---------   d-----w   C:\Program Files\FlashGet
2007-09-26 08:37   ---------   d-----w   C:\Program Files\a-squared Free
2007-09-23 09:51   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\uTorrent
2007-09-15 14:06   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Creative
2007-09-07 01:06   ---------   d-----w   C:\Program Files\SiteAdvisor
2007-09-07 01:06   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\MegauploadToolbar
2007-09-06 10:09   801,144   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   95,608   ----a-w   C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-05 02:08   ---------   d-----w   C:\Program Files\DAP
2007-09-02 14:32   ---------   d-----w   C:\Program Files\EA GAMES
2007-09-01 14:32   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Opera
2007-09-01 01:57   ---------   d-----w   C:\Program Files\AGEIA Technologies
2007-09-01 01:55   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 15:13   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Hamachi
2007-08-31 10:48   ---------   d-----w   C:\Program Files\GameSpot
2007-08-28 12:09   50,688   ----a-w   C:\WINDOWS\system32\wbhelp2.dll
2007-08-24 07:55   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\StromII
2007-08-23 14:06   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Storm
2007-08-20 10:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-14 09:01   ---------   d-----w   C:\Program Files\MSN Messenger
2007-08-11 02:49   ---------   d-----w   C:\Program Files\Graphmatica
2007-07-30 11:19   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19   549,720   ----a-w   C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19   43,352   -c--a-w   C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19   325,976   ----a-w   C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19   203,096   ----a-w   C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19   1,712,984   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:18   33,624   ----a-w   C:\WINDOWS\system32\wups.dll
2006-07-04 09:21:07   89,837   -csha-w   C:\WINDOWS\system32\xwodniw.dat
2007-03-31 09:30:46   32,288   -csha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 09:30:47   2,080   -csha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 21:00]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 09:16]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2004-08-05 08:19]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-12-15 16:07]
"Fujitsu Menu"="C:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [2003-10-28 10:00]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [2004-09-17 16:46]
"FjEvents"="C:\Program Files\Fujitsu\Utils\fjevents.exe" [2004-08-26 04:43]
"FjDspMon"="C:\Program Files\Fujitsu\Utils\FjDspMon.exe" [2003-07-29 02:20]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 17:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-08 02:15 C:\WINDOWS\AGRSMMSG.exe]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-16 10:04]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-16 10:07]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-11-18 20:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 18:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2004-08-10 17:47]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-07-02 19:48]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-10 17:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"WindowsHiderPro"="C:\Program Files\WHidePro\whpro.exe" [2002-08-08 23:02]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 17:08]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 02:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-16 10:03 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 21:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 21:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;C:\WINDOWS\system32\drivers\A302.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 DX02;DX02;C:\WINDOWS\system32\drivers\dx02.sys
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys
R3 hidpen;Wacom Serial Pen HID MiniDriver;C:\WINDOWS\system32\DRIVERS\hidpen.sys
R3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys
R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 DaFUTURE;DaFUTURE;\??\D:\ka tsun's stuff\other junks\UltraNoob\UltraNoob\LinkSys.sys
S3 Dua1;Dua1;\??\D:\ka tsun's stuff\other junks\hack\New Folder (2)\DualEngi.sys
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp\iMSPQMn.sys
S3 kaspersky1;kaspersky1;\??\D:\ka tsun's stuff\other junks\KasperSky\kaspersky.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-03-30 14:55:15 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 15:39:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-10 15:40:28
.
   --- E O F ---

13
Tech Clinic / touchpad & security buttons not working
« on: October 09, 2007, 04:14:40 AM »
[quote name=\'guestolo\' post=\'394722\' date=\'Oct 8 2007, 11:21 PM\']Do you know what this is related too?
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\·Ã‰Ã‹Ãâ„¢Tudou\TudouVa.exe[/quote]

oh this is a kind of player for a Chinese version of youtube, though i think i can delete this registry since i have deleted the application

btw, is it possible to know the reason behind my constant cut off from internet? happens around once when i switch on my computer, and very irritating for downloads
the logs,

main.txt

Deckard's System Scanner v20070905.67
Run by Pikasword on 2007-10-09 17:06:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-10-09 09:07:02 UTC - RP345 - Deckard's System Scanner Restore Point
11: 2007-10-07 13:11:02 UTC - RP344 - Installed Fingerprint Sensor Minimum Install
10: 2007-10-07 09:02:54 UTC - RP343 - Installed Commandos 3 - Destination Berlin
9: 2007-10-04 10:58:17 UTC - RP342 - Configured QuickTime
8: 2007-09-29 15:24:51 UTC - RP341 - Installed MapleStory


-- First Restore Point --
1: 2007-09-01 02:12:59 UTC - RP334 - Removed Medal of Honor Airborne Demo


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 503 MiB (512 MiB recommended).[/color]
[color=\"red\"]System Drive C: has 2.67 GiB (less than 15%) free.[/color]


-- HijackThis (run as Pikasword.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-09 17:09:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\FjEvents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAP\DAP.exe
C:\Documents and Settings\PUN KA TSUN\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKEY_LOCAL_MACHINE\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKEY_LOCAL_MACHINE\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKEY_LOCAL_MACHINE\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\·Ã‰Ã‹Ãâ„¢Tudou\TudouVa.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\system32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DX02 - c:\windows\system32\drivers\dx02.sys <Not Verified; Knowles Acoustics; DX.02 Speech Enhancement>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 DaFUTURE - d:\ka tsun's stuff\other junks\ultranoob\ultranoob\linksys.sys (file missing)
S3 Dua1 - d:\ka tsun's stuff\other junks\hack\new folder (2)\dualengi.sys (file missing)
S3 gmer - c:\windows\system32\drivers\gmer.sys (file missing)
S3 iMSPQMn - c:\docume~1\punkat~1\locals~1\temp\imspqmn.sys (file missing)
S3 kaspersky1 - d:\ka tsun's stuff\other junks\kaspersky\kaspersky.sys (file missing)
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Digitizer (Digitizer Service) - c:\windows\system32\digtizer.exe <Not Verified; WACOM; WACOM TabletPC Driver>
R2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Alps Pointing-device
Device ID: ACPI\PNP0F13\4&32D50C2&0
Manufacturer: Alps Electric
Name: Alps Pointing-device
PNP Device ID: ACPI\PNP0F13\4&32D50C2&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2006-03-30 22:55:15       114 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job


-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-07 21:43:03         0 d-------- C:\Program Files\Apoint2K
2007-10-07 21:33:34       817 --a------ C:\DelUS.bat
2007-10-06 15:32:08    282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-06 15:32:08   1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-06 15:27:04         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Real
2007-10-06 15:27:04         0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-10-06 15:18:58         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Media Player Classic
2007-10-06 15:17:29    164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-06 15:17:24    217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-06 15:17:21   3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-06 15:17:21     73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-06 15:17:19    740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-06 15:17:16      7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-06 15:17:11         0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-30 15:10:46         0 d-------- C:\WINDOWS\Application Data
2007-09-29 23:24:53         0 d-------- C:\Program Files\WIZET
2007-09-23 18:21:57         0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2007-10-07 21:47:23         0 d-------- C:\Program Files\Fujitsu
2007-10-07 21:47:22         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 19:42:39         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor
2007-10-04 19:18:57         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Apple Computer
2007-10-04 19:17:17         0 d-------- C:\Program Files\Common Files\Real
2007-10-04 19:16:08         0 d-------- C:\Program Files\Common Files
2007-10-04 19:00:32         0 d-------- C:\Program Files\QuickTime
2007-09-30 14:20:41         0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-29 12:33:46         0 d-------- C:\Program Files\SpywareBlaster
2007-09-28 17:33:32         0 d-------- C:\Program Files\FlashGet
2007-09-26 16:37:44         0 d-------- C:\Program Files\a-squared Free
2007-09-23 17:51:03         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\uTorrent
2007-09-23 13:12:15       880 --a------ C:\WINDOWS\eReg.dat
2007-09-15 22:06:57         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Creative
2007-09-07 09:06:33         0 d-------- C:\Program Files\SiteAdvisor
2007-09-07 09:06:32         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\MegauploadToolbar
2007-09-05 10:08:23         0 d-------- C:\Program Files\DAP
2007-09-02 22:32:13         0 d-------- C:\Program Files\EA GAMES
2007-09-01 22:32:22         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Opera
2007-09-01 09:57:48         0 d-------- C:\Program Files\AGEIA Technologies
2007-09-01 09:55:01         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 23:13:31         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Hamachi
2007-08-31 18:48:50         0 d-------- C:\Program Files\GameSpot
2007-08-28 20:09:48     50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-24 15:55:52         0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\StromII
2007-08-20 18:11:08         0 d-------- C:\Program Files\Java
2007-08-14 17:01:53         0 d-------- C:\Program Files\MSN Messenger
2007-08-11 10:49:17         0 d-------- C:\Program Files\Graphmatica


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 09:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [08/04/2004 09:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 09:00 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [09/06/2003 09:16 AM]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [08/05/2004 08:19 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 09:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/15/2003 04:07 PM]
"Fujitsu Menu"="C:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [10/28/2003 10:00 AM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [09/17/2004 04:46 PM]
"FjEvents"="C:\Program Files\Fujitsu\Utils\fjevents.exe" [08/26/2004 04:43 AM]
"FjDspMon"="C:\Program Files\Fujitsu\Utils\FjDspMon.exe" [07/29/2003 02:20 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/03/2004 05:05 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [06/08/2004 02:15 AM C:\WINDOWS\AGRSMMSG.exe]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/16/2004 10:04 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [08/16/2004 10:07 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [11/18/2006 08:46 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [08/10/2004 05:47 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/02/2004 07:48 PM]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [08/10/2004 05:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:00 PM]
"WindowsHiderPro"="C:\Program Files\WHidePro\whpro.exe" [08/08/2002 11:02 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" []
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [04/28/2006 05:08 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/25/2006 02:31 AM]
"TudouVAStart"="C:\Program Files\Tudou\·Ã‰Ã‹Ãâ„¢Tudou\TudouVa.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 08/16/2004 10:03 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 09:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 09:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185eb410-7922-11db-b005-000e35a85a68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad32aa60-18ae-11dc-b197-000e35a85a68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2007-10-09 17:10:45 ------------



n extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 502.48 MiB / 143.79 MiB
Pagefile Memory (total/avail): 1227.18 MiB / 777.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1953.07 MiB

C: is Fixed (NTFS) - 18.64 GiB total, 2.67 GiB free.
D: is Fixed (FAT32) - 18.61 GiB total, 3.05 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AT - 37.26 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 18.64 GiB - C:
  \PARTITION1 - Extended w/Extended Int 13 - 18.62 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1043 [VPS 000779-0] v4.7.1043 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\ka tsun's stuff\\other junks\\warcraft\\Frozen Throne.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\Frozen Throne.exe:*:Enabled:Frozen Throne.exe"
"D:\\ka tsun's stuff\\other junks\\warcraft\\war3.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\war3.exe:*:Enabled:war3.exe"
"D:\\ka tsun's stuff\\other junks\\warcraft\\yawle.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\yawle.exe:*:Enabled:yawle"
"D:\\ka tsun's stuff\\other junks\\cdirt100\\cdirt.exe"="D:\\ka tsun's stuff\\other junks\\cdirt100\\cdirt.exe:*:Enabled:Charred Dirt"
"D:\\ka tsun's stuff\\other junks\\warcraft\\lancraft101b\\lancraft.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\lancraft101b\\lancraft.exe:*:Enabled:lancraft"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\EA GAMES\\MOHAADemo\\MOHAADemo.exe"="C:\\Program Files\\EA GAMES\\MOHAADemo\\MOHAADemo.exe:*:Enabled:Medal of Honor PC"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\ka tsun's stuff\\UTORRENT.EXE"="D:\\ka tsun's stuff\\UTORRENT.EXE:*:Enabled:UTORRENT"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Tudou\\·Ã‰Ã‹Ãâ„¢Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\·Ã‰Ã‹Ãâ„¢Tudou\\TudouVa.exe:*:Enabled:??Tudou"
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"="C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PUN KA TSUN\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=S9170460I
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PUN KA TSUN
LOGONSERVER=\\S9170460I
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fujitsu Hardware Diagnostics Tool\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp
USERDOMAIN=S9170460I
USERNAME=Pikasword
USERPROFILE=C:\Documents and Settings\PUN KA TSUN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

s9170460i
PUN KA TSUN (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
 --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Creative Audio Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9  /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9  /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9  /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9  /remove
Creative ZEN V Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9  /remove
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
Fujitsu Button Driver Component --> MsiExec.exe /I{C1108168-3364-4F6F-B19E-1ECA24192164}
Fujitsu Button Utilities --> MsiExec.exe /I{AEAFF885-0382-454D-9B2B-FC4B55F90426}
Fujitsu Hardware Diagnostics Tool --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2216560B-CB29-4CEC-B98F-1C037976B317}\setup.exe"
Fujitsu Pen Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}\setup.exe" -l0x9 DigitizerDriver_Uninstall
Fujitsu Radio Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B41D74C6-886C-4406-AE27-241590A6C433}\Setup.exe"
GameGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9280CD93-B2D6-4D02-B53B-8FC5CF3B6D78}\Setup.exe" -l0x9
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GoldWave v5.13 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.13" "C:\Program Files\GoldWave\unstall.log"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Graphmatica --> C:\Program Files\Graphmatica\uninstall.exe
GunboundWC --> "C:\Program Files\softnyx\unins000.exe"
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HeuPrinter --> C:\Program Files\HeuPrinter\unins000.exe
HijackThis 1.99.1 --> D:\ka tsun's stuff\HijackThis.exe /uninstall
Hot Potatoes v 6.0.3.39 --> "C:\Program Files\HotPotatoes6\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IntelliSonic DX --> MsiExec.exe /I{CA05B399-C9A3-4F51-8E15-90CA867D0280}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
jetAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9  -removeonly
JX II Online Beta Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE2F808F-2D86-4319-8DA1-C584AE4F2B3E}\setup.exe" -l0x9  -removeonly
K-Lite Mega Codec Pack 3.4.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B50717C1-C259-4992-9E78-59E7F28E0C49}\setup.exe"
Little Fighter 2 1.9c --> D:\hinho\LF2_v1.9c\uninst.exe
Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9  -removeonly
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6172\uninstall.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Producer for Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack --> MsiExec.exe /X{14081443-583A-4605-BB91-83D38ADAC939}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicnotes Player V1.22.2 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nikon Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}\Setup.exe" -l0x9 UNINSTALL
O2Micro MemoryCardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08D94CF-88AA-45ED-B323-30B321DBC92A} /l1033
PenDA Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CAC2AAD-B327-4710-899C-712718F8887A}\Setup.exe"
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe"  -uninstall
Quick Start V1.3 --> "C:\Program Files\Prolink Hurricane 9000C\unins000.exe"
Security Panel Application --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24CF0DBF-FF47-42E5-A13F-1D4D773E8AC7}\setup.exe"
Security Panel Application for Supervisor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93444A72-EEA4-43E9-A12C-372DCC126A9B}\setup.exe"
Security Task Manager 1.6f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sqirlz Water Reflections --> C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update Navi V1.1L41 --> MsiExec.exe /X{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YAWLE 0.5b --> C:\WINDOWS\iun6002.exe "D:\ka tsun's stuff\other junks\warcraft\irunin.ini"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9  /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type954 / Success
Event Submitted/Written: 10/09/2007 05:02:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type941 / Success
Event Submitted/Written: 10/09/2007 00:45:25 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type931 / Success
Event Submitted/Written: 10/09/2007 00:26:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type915 / Success
Event Submitted/Written: 10/08/2007 05:20:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type899 / Success
Event Submitted/Written: 10/07/2007 09:57:12 PM
Even

14
Tech Clinic / touchpad & security buttons not working
« on: October 08, 2007, 04:56:17 AM »
i am using a Fujitsu Lifebook T4010

yesterday, i realised tat my touchpad was not working. Thus, i went to reinstall the driver for the touchpad. After several tries, the touchpad finally was working. However, today, i found out tat it was not working again http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />  i personally suspect it is a virus, but all scans so far does not proves so.

Also, being a lifebook, my tablet has the ability to switch to tablet mode. However, it is not working when i tried it ytd ( though i am not sure if it has not worked for a long time). The buttons at the side of my screen also fail to work.(eg change screen orientation)


well` a hijack log ..


Logfile of HijackThis v1.99.1
Scan saved at 5:54:22 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\ka tsun's stuff\other junks\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\·ÉËÙTudou\TudouVa.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

15
Tech Clinic / normal scan
« on: August 20, 2007, 09:59:10 AM »
just performing my usual com check up , especially after my bro messing up my com with p2p ware ... n some java trojans pop out using kaspersky's , since my own com's scanners do not detect these ...

no problem found YET .. except a small problem of firefox not loading page ( but i think is update problem ... )

anyway hijack log ...

Logfile of HijackThis v1.99.1
Scan saved at 10:45:14 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\ka tsun's stuff\other junks\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe





also the kaspersky log


   KASPERSKY ONLINE SCANNER REPORT
Monday, August 20, 2007 10:05:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/08/2007
Kaspersky Anti-Virus database records: 385377
Scan Settings
Scan using the following antivirus database    extended
Scan Archives    true
Scan Mail Bases    true
Scan Target    My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects    83819
Number of viruses found    3
Number of infected objects    4
Number of suspicious objects    7
Duration of the scan process    02:11:15

Infected Object Name    Virus Name    Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Microsoft\IMJP8_1\imjp81u.dic    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor\SiteAdv.csh    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/BlackBox.class    Infected: Exploit.Java.ByteVerify    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/VerifierBug.class    Infected: Exploit.Java.ByteVerify    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/Beyond.class    Infected: Trojan-Downloader.Java.OpenConnection.aa    skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip    ZIP: infected - 3    skipped
C:\Documents and Settings\PUN KA TSUN\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\Logs\Dfsr00005.log    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\pending.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\Working\database_9E2C_A7C2_2CA7_9435\dfsr.db    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\Working\database_9E2C_A7C2_2CA7_9435\fsr.log    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\Working\database_9E2C_A7C2_2CA7_9435\fsrtmp.log    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Messenger\pikaswordEmail Removed\SharingMetadata\Working\database_9E2C_A7C2_2CA7_9435\tmp.edb    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\real\members.stg    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\shadow\members.stg    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF1E0.tmp    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF77CE.tmp    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF780E.tmp    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF9B4.tmp    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\ntuser.dat    Object is locked    skipped
C:\Documents and Settings\PUN KA TSUN\NTUSER.DAT.LOG    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log    Object is locked    skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt    Object is locked    skipped
C:\Program Files\GameSpot\logs\GameSpot_Download_Service.log    Object is locked    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237400.EXE/WISE0168.BIN    Suspicious: Type_Win32    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237400.EXE    WiseSFX: suspicious - 1    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237401.EXE/WISE0028.BIN    Suspicious: Type_Win32    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237401.EXE/WISE0029.BIN    Suspicious: Type_Win32    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237401.EXE/WISE0030.BIN    Suspicious: Type_Win32    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237401.EXE/WISE0031.BIN    Suspicious: Type_Win32    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP327\A0237401.EXE    WiseSFX: suspicious - 4    skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP329\change.log    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B867BF52-260D-476E-B773-4CAFBC0E2E8A}.bin    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000040.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000040.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000035.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000035.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001H.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001H.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00001AR.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00001AR.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000G8.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000G8.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager00000AK.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager00000AK.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.que    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager00000ES.msg    Object is locked    skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager00000ES.que    Object is locked    skipped
C:\WINDOWS\system32\config\Antivirus.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\DEFAULT    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SOFTWARE    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SYSTEM    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat    Object is locked    skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped
D:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP329\change.log    Object is locked    skipped
Scan process completed.

16
Tech Clinic / weird sign??
« on: May 09, 2007, 04:06:42 AM »
should be no problem le ... thx a lot ..

17
Tech Clinic / weird sign??
« on: May 08, 2007, 03:22:25 AM »
hmm ... i think u forgot about the browser size problem .... anyway ... it is also related to the localstore.rdf .... thus the problem is solved .... all problems solved now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

18
Tech Clinic / weird sign??
« on: May 07, 2007, 02:40:11 AM »
actually ... when u told me last time ... i have already changed to the new version .... but there seems to be no difference ..

anyway ... hijack log ..

Logfile of HijackThis v1.99.1
Scan saved at 3:35:07 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\ka tsun's stuff\other junks\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chs.moe.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = chs.moe.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chs.moe.edu.sg
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

19
Tech Clinic / weird sign??
« on: May 05, 2007, 01:15:12 AM »
ok done ..... here's the logs ... and to add on, the d:\ is alright after the cleanautorun .... but the firefox is still the same


part 1


Part1 Report
Sat 05/05/2007 14:04:35.77

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

 
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

Files found on C:
autorun.inf

 
Contents of autorun.inf on  C:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0)


Files found on D:
autorun.inf

 
Contents of autorun.inf on  D:
[autorun]
shellexecute=Recycled\ctfmon.exe
shell\Open(0)\command=Recycled\ctfmon.exe
shell=Open(0)



part 2


Part2 Report
Sat 05/05/2007 14:04:37.47
 
No shell subkeys found in MountPoints Registry entries

No Autorun files found in C:\WINDOWS  

No Autorun files found in C:\WINDOWS\system32
 
No Autorun files found in root of C:

 
No Autorun files found in root of D:

 


avenger log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vab^htnw

*******************

Script file located at: \??\C:\cubkudmu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Recycled\Recycled deleted successfully.
File C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\ctfmon.exe deleted successfully.
File C:\Recycled\ctfmon.exe deleted successfully.
File D:\Recycled\ctfmon.exe deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

20
Tech Clinic / weird sign??
« on: May 04, 2007, 01:44:39 AM »
ok ..... i got time to do the scan tis morning ....

on the report of my situation ... the d:\ is still the same(creates pop up upon clicking)

the firefox is slightly better .... can create bookmarks now(as long as i create my own name for tat bookmark and not use the default name) ... but it still opens as a minimised window ..



ok ... so abt the report of kaspersky ....



-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, May 04, 2007 2:11:29 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.83.0
 Kaspersky Anti-Virus database last update:  4/05/2007
 Kaspersky Anti-Virus database records: 313003
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 106170
   Number of viruses found: 4
   Number of infected objects: 20 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 02:10:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Microsoft\IMJP8_1\imjp81u.dic   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\cert8.db   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\foxmarks.log   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\history.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\key3.db   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\parent.lock   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\search.sqlite   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\urlclassifier2.sqlite   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor\SiteAdv.csh   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/BaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/VaaaaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/Baaaaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/BlackBox.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/VerifierBug.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/Beyond.class   Infected: Trojan-Downloader.Java.OpenConnection.aa   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/BlackBox.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/VerifierBug.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/Beyond.class   Infected: Trojan-Downloader.Java.OpenConnection.aa   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/BaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/VaaaaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/Baaaaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\real\members.stg   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\shadow\members.stg   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\History\History.IE5\MSHist012007050420070505\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF3A1A.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF3A4D.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF5034.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF5047.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF92BA.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\Documents and Settings\PUN KA TSUN\UserData\index.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt   Object is locked   skipped
C:\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\Recycled\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP255\change.log   Object is locked   skipped
C:\WINDOWS\CSC0000001   Object is locked   skipped
C:\WINDOWS\Debug\Netlogon.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\DataTransferService.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000039.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000039.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000032.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000032.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001A.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001A.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00000V4.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00000V4.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000AR.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000AR.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager000009J.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager000009J.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager000009I.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager000009I.que   Object is locked   skipped
C:\WINDOWS\system32\config\Antivirus.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\DEFAULT   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SOFTWARE   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SYSTEM   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_134.dat   Object is locked   skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
D:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP255\change.log   Object is locked   skipped

Scan process completed.

Pages: [1] 2 3 ... 5