Author Topic: touchpad & security buttons not working (Read 3792 times)

Asuyuki · « **on:** October 08, 2007, 04:56:17 AM »

i am using a Fujitsu Lifebook T4010

yesterday, i realised tat my touchpad was not working. Thus, i went to reinstall the driver for the touchpad. After several tries, the touchpad finally was working. However, today, i found out tat it was not working again

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' /> i personally suspect it is a virus, but all scans so far does not proves so.

Also, being a lifebook, my tablet has the ability to switch to tablet mode. However, it is not working when i tried it ytd ( though i am not sure if it has not worked for a long time). The buttons at the side of my screen also fail to work.(eg change screen orientation)

well` a hijack log ..

Logfile of HijackThis v1.99.1
Scan saved at 5:54:22 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\ka tsun's stuff\other junks\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\Â·Ã‰Ã‹Ã™Tudou\TudouVa.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

guestolo · « **Reply #1 on:** October 08, 2007, 10:21:57 AM »

Do you know what this is related too?
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\Â·Ã‰Ã‹Ã™Tudou\TudouVa.exe

Can you also do the following please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and extra.txt

Asuyuki · « **Reply #2 on:** October 09, 2007, 04:14:40 AM »

[quote name=\'guestolo\' post=\'394722\' date=\'Oct 8 2007, 11:21 PM\']Do you know what this is related too?
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\Â·Ãâ€°Ãâ€¹Ãâ„¢Tudou\TudouVa.exe[/quote]

oh this is a kind of player for a Chinese version of youtube, though i think i can delete this registry since i have deleted the application

btw, is it possible to know the reason behind my constant cut off from internet? happens around once when i switch on my computer, and very irritating for downloads
the logs,

main.txt

Deckard's System Scanner v20070905.67
Run by Pikasword on 2007-10-09 17:06:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
12: 2007-10-09 09:07:02 UTC - RP345 - Deckard's System Scanner Restore Point
11: 2007-10-07 13:11:02 UTC - RP344 - Installed Fingerprint Sensor Minimum Install
10: 2007-10-07 09:02:54 UTC - RP343 - Installed Commandos 3 - Destination Berlin
9: 2007-10-04 10:58:17 UTC - RP342 - Configured QuickTime
8: 2007-09-29 15:24:51 UTC - RP341 - Installed MapleStory

-- First Restore Point --
1: 2007-09-01 02:12:59 UTC - RP334 - Removed Medal of Honor Airborne Demo

Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 503 MiB (512 MiB recommended).[/color]
[color=\"red\"]System Drive C: has 2.67 GiB (less than 15%) free.[/color]

-- HijackThis (run as Pikasword.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-09 17:09:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\FjEvents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAP\DAP.exe
C:\Documents and Settings\PUN KA TSUN\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKEY_LOCAL_MACHINE\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKEY_LOCAL_MACHINE\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKEY_LOCAL_MACHINE\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKEY_LOCAL_MACHINE\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKEY_LOCAL_MACHINE\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TudouVAStart] C:\Program Files\Tudou\Â·Ãâ€°Ãâ€¹Ãâ„¢Tudou\TudouVa.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F6ABE9D-C7D5-4A6E-8E8B-866E3FA7381E}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\system32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DX02 - c:\windows\system32\drivers\dx02.sys <Not Verified; Knowles Acoustics; DX.02 Speech Enhancement>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 DaFUTURE - d:\ka tsun's stuff\other junks\ultranoob\ultranoob\linksys.sys (file missing)
S3 Dua1 - d:\ka tsun's stuff\other junks\hack\new folder (2)\dualengi.sys (file missing)
S3 gmer - c:\windows\system32\drivers\gmer.sys (file missing)
S3 iMSPQMn - c:\docume~1\punkat~1\locals~1\temp\imspqmn.sys (file missing)
S3 kaspersky1 - d:\ka tsun's stuff\other junks\kaspersky\kaspersky.sys (file missing)
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Digitizer (Digitizer Service) - c:\windows\system32\digtizer.exe <Not Verified; WACOM; WACOM TabletPC Driver>
R2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Alps Pointing-device
Device ID: ACPI\PNP0F13\4&32D50C2&0
Manufacturer: Alps Electric
Name: Alps Pointing-device
PNP Device ID: ACPI\PNP0F13\4&32D50C2&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2006-03-30 22:55:15 114 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job

-- Files created between 2007-09-09 and 2007-10-09 -----------------------------

2007-10-07 21:43:03 0 d-------- C:\Program Files\Apoint2K
2007-10-07 21:33:34 817 --a------ C:\DelUS.bat
2007-10-06 15:32:08 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-06 15:32:08 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-06 15:27:04 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Real
2007-10-06 15:27:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-10-06 15:18:58 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Media Player Classic
2007-10-06 15:17:29 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-06 15:17:24 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-06 15:17:21 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-06 15:17:21 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-06 15:17:19 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivXÂ®>
2007-10-06 15:17:16 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-06 15:17:11 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-09-30 15:10:46 0 d-------- C:\WINDOWS\Application Data
2007-09-29 23:24:53 0 d-------- C:\Program Files\WIZET
2007-09-23 18:21:57 0 d--h----- C:\WINDOWS\PIF

-- Find3M Report ---------------------------------------------------------------

2007-10-07 21:47:23 0 d-------- C:\Program Files\Fujitsu
2007-10-07 21:47:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 19:42:39 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor
2007-10-04 19:18:57 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Apple Computer
2007-10-04 19:17:17 0 d-------- C:\Program Files\Common Files\Real
2007-10-04 19:16:08 0 d-------- C:\Program Files\Common Files
2007-10-04 19:00:32 0 d-------- C:\Program Files\QuickTime
2007-09-30 14:20:41 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-29 12:33:46 0 d-------- C:\Program Files\SpywareBlaster
2007-09-28 17:33:32 0 d-------- C:\Program Files\FlashGet
2007-09-26 16:37:44 0 d-------- C:\Program Files\a-squared Free
2007-09-23 17:51:03 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\uTorrent
2007-09-23 13:12:15 880 --a------ C:\WINDOWS\eReg.dat
2007-09-15 22:06:57 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Creative
2007-09-07 09:06:33 0 d-------- C:\Program Files\SiteAdvisor
2007-09-07 09:06:32 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\MegauploadToolbar
2007-09-05 10:08:23 0 d-------- C:\Program Files\DAP
2007-09-02 22:32:13 0 d-------- C:\Program Files\EA GAMES
2007-09-01 22:32:22 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Opera
2007-09-01 09:57:48 0 d-------- C:\Program Files\AGEIA Technologies
2007-09-01 09:55:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 23:13:31 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\Hamachi
2007-08-31 18:48:50 0 d-------- C:\Program Files\GameSpot
2007-08-28 20:09:48 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-24 15:55:52 0 d-------- C:\Documents and Settings\PUN KA TSUN\Application Data\StromII
2007-08-20 18:11:08 0 d-------- C:\Program Files\Java
2007-08-14 17:01:53 0 d-------- C:\Program Files\MSN Messenger
2007-08-11 10:49:17 0 d-------- C:\Program Files\Graphmatica

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 09:00 PM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [08/04/2004 09:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 09:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 09:00 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [09/06/2003 09:16 AM]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [08/05/2004 08:19 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 09:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/15/2003 04:07 PM]
"Fujitsu Menu"="C:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [10/28/2003 10:00 AM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [09/17/2004 04:46 PM]
"FjEvents"="C:\Program Files\Fujitsu\Utils\fjevents.exe" [08/26/2004 04:43 AM]
"FjDspMon"="C:\Program Files\Fujitsu\Utils\FjDspMon.exe" [07/29/2003 02:20 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/03/2004 05:05 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [06/08/2004 02:15 AM C:\WINDOWS\AGRSMMSG.exe]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/16/2004 10:04 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [08/16/2004 10:07 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [11/18/2006 08:46 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [08/10/2004 05:47 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/02/2004 07:48 PM]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [08/10/2004 05:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 09:00 PM]
"WindowsHiderPro"="C:\Program Files\WHidePro\whpro.exe" [08/08/2002 11:02 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" []
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [04/28/2006 05:08 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/25/2006 02:31 AM]
"TudouVAStart"="C:\Program Files\Tudou\Â·Ãâ€°Ãâ€¹Ãâ„¢Tudou\TudouVa.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 08/16/2004 10:03 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 09:00 PM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 09:00 PM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185eb410-7922-11db-b005-000e35a85a68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad32aa60-18ae-11dc-b197-000e35a85a68}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

-- End of Deckard's System Scanner: finished at 2007-10-09 17:10:45 ------------

n extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 502.48 MiB / 143.79 MiB
Pagefile Memory (total/avail): 1227.18 MiB / 777.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1953.07 MiB

C: is Fixed (NTFS) - 18.64 GiB total, 2.67 GiB free.
D: is Fixed (FAT32) - 18.61 GiB total, 3.05 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AT - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 18.64 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 18.62 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1043 [VPS 000779-0] v4.7.1043 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\ka tsun's stuff\\other junks\\warcraft\\Frozen Throne.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\Frozen Throne.exe:*:Enabled:Frozen Throne.exe"
"D:\\ka tsun's stuff\\other junks\\warcraft\\war3.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\war3.exe:*:Enabled:war3.exe"
"D:\\ka tsun's stuff\\other junks\\warcraft\\yawle.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\yawle.exe:*:Enabled:yawle"
"D:\\ka tsun's stuff\\other junks\\cdirt100\\cdirt.exe"="D:\\ka tsun's stuff\\other junks\\cdirt100\\cdirt.exe:*:Enabled:Charred Dirt"
"D:\\ka tsun's stuff\\other junks\\warcraft\\lancraft101b\\lancraft.exe"="D:\\ka tsun's stuff\\other junks\\warcraft\\lancraft101b\\lancraft.exe:*:Enabled:lancraft"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunBoundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\EA GAMES\\MOHAADemo\\MOHAADemo.exe"="C:\\Program Files\\EA GAMES\\MOHAADemo\\MOHAADemo.exe:*:Enabled:Medal of Honor PC"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\ka tsun's stuff\\UTORRENT.EXE"="D:\\ka tsun's stuff\\UTORRENT.EXE:*:Enabled:UTORRENT"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\Tudou\\Â·Ãâ€°Ãâ€¹Ãâ„¢Tudou\\TudouVa.exe"="C:\\Program Files\\Tudou\\Â·Ãâ€°Ãâ€¹Ãâ„¢Tudou\\TudouVa.exe:*:Enabled:??Tudou"
"C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"="C:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PUN KA TSUN\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=S9170460I
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PUN KA TSUN
LOGONSERVER=\\S9170460I
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fujitsu Hardware Diagnostics Tool\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp
USERDOMAIN=S9170460I
USERNAME=Pikasword
USERPROFILE=C:\Documents and Settings\PUN KA TSUN
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

s9170460i
PUN KA TSUN (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80FFF4BA-C102-4102-A4B1-935D9573278B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Creative Audio Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9D879B-0F98-4059-85A5-D05718A1D6F7}\SETUP.EXE" -l0x9 /remove
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
Fujitsu Button Driver Component --> MsiExec.exe /I{C1108168-3364-4F6F-B19E-1ECA24192164}
Fujitsu Button Utilities --> MsiExec.exe /I{AEAFF885-0382-454D-9B2B-FC4B55F90426}
Fujitsu Hardware Diagnostics Tool --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2216560B-CB29-4CEC-B98F-1C037976B317}\setup.exe"
Fujitsu Pen Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}\setup.exe" -l0x9 DigitizerDriver_Uninstall
Fujitsu Radio Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B41D74C6-886C-4406-AE27-241590A6C433}\Setup.exe"
GameGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9280CD93-B2D6-4D02-B53B-8FC5CF3B6D78}\Setup.exe" -l0x9
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
GoldWave v5.13 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.13" "C:\Program Files\GoldWave\unstall.log"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Graphmatica --> C:\Program Files\Graphmatica\uninstall.exe
GunboundWC --> "C:\Program Files\softnyx\unins000.exe"
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HeuPrinter --> C:\Program Files\HeuPrinter\unins000.exe
HijackThis 1.99.1 --> D:\ka tsun's stuff\HijackThis.exe /uninstall
Hot Potatoes v 6.0.3.39 --> "C:\Program Files\HotPotatoes6\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IntelliSonic DX --> MsiExec.exe /I{CA05B399-C9A3-4F51-8E15-90CA867D0280}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
jetAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
JX II Online Beta Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE2F808F-2D86-4319-8DA1-C584AE4F2B3E}\setup.exe" -l0x9 -removeonly
K-Lite Mega Codec Pack 3.4.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B50717C1-C259-4992-9E78-59E7F28E0C49}\setup.exe"
Little Fighter 2 1.9c --> D:\hinho\LF2_v1.9c\uninst.exe
Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9 -removeonly
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6172\uninstall.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Producer for Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack --> MsiExec.exe /X{14081443-583A-4605-BB91-83D38ADAC939}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicnotes Player V1.22.2 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nikon Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}\Setup.exe" -l0x9 UNINSTALL
O2Micro MemoryCardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08D94CF-88AA-45ED-B323-30B321DBC92A} /l1033
PenDA Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CAC2AAD-B327-4710-899C-712718F8887A}\Setup.exe"
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Quick Start V1.3 --> "C:\Program Files\Prolink Hurricane 9000C\unins000.exe"
Security Panel Application --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24CF0DBF-FF47-42E5-A13F-1D4D773E8AC7}\setup.exe"
Security Panel Application for Supervisor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93444A72-EEA4-43E9-A12C-372DCC126A9B}\setup.exe"
Security Task Manager 1.6f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sqirlz Water Reflections --> C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update Navi V1.1L41 --> MsiExec.exe /X{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
YAWLE 0.5b --> C:\WINDOWS\iun6002.exe "D:\ka tsun's stuff\other junks\warcraft\irunin.ini"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

-- Application Event Log -------------------------------------------------------

Event Record #/Type954 / Success
Event Submitted/Written: 10/09/2007 05:02:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type941 / Success
Event Submitted/Written: 10/09/2007 00:45:25 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type931 / Success
Event Submitted/Written: 10/09/2007 00:26:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type915 / Success
Event Submitted/Written: 10/08/2007 05:20:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type899 / Success
Event Submitted/Written: 10/07/2007 09:57:12 PM
Even

guestolo · « **Reply #3 on:** October 09, 2007, 10:43:39 AM »

Can you do the following
Access your add/remove programs and remove
PopCap Browser Plugin

If you have an older version of Combofix, delete it
Download this file - Combofix.exe and save it ONLY to your desktop
We'll need it in a bit

Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\DelUS.bat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185eb410-7922-11db-b005-000e35a85a68}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad32aa60-18ae-11dc-b197-000e35a85a68}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"TudouVAStart"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Tudou\\Â·ï¿½â€°ï¿½â€¹ï¿½â„¢Tudou\\TudouVa.exe"=-

Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..

Post that log please

Asuyuki · « **Reply #4 on:** October 10, 2007, 02:43:17 AM »

though avast has claimed tat combofix is a trojan, i guess it is just part of the programme

anyway, the combofix log

ComboFix 07-10-10.1 - Pikasword 2007-10-10 15:34:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT 8:00]
Running from: C:\Documents and Settings\PUN KA TSUN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PUN KA TSUN\Desktop\CFScript.txt

FILE::
C:\DelUS.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 15:32   <DIR>   d--------   C:\WINDOWS\LastGood
2007-10-10 15:31   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-09 17:06   <DIR>   d--------   C:\Deckard
2007-10-07 21:43   <DIR>   d--------   C:\Program Files\Apoint2K
2007-10-07 21:43   103,391   -ra------   C:\WINDOWS\system32\drivers\Apfiltr.sys
2007-10-06 15:32   1,559,040   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-10-06 15:32   282,624   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-10-06 15:27   <DIR>   d--------   C:\Documents and Settings\PUN KA TSUN\Application Data\Real
2007-10-06 15:27   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Real
2007-10-06 15:18   <DIR>   d--------   C:\Documents and Settings\PUN KA TSUN\Application Data\Media Player Classic
2007-10-06 15:17   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2007-10-06 15:17   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-10-06 15:17   740,442   --a------   C:\WINDOWS\system32\divx.dll
2007-10-06 15:17   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-10-06 15:17   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2007-10-06 15:17   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-10-06 15:17   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-09-29 23:24   <DIR>   d--------   C:\Program Files\WIZET
2007-09-23 18:21   <DIR>   d--h-----   C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 07:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-09 13:58   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-07 13:47   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-07 13:47   ---------   d-----w   C:\Program Files\Fujitsu
2007-10-07 11:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-06 07:15   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-04 11:42   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor
2007-10-04 11:18   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Apple Computer
2007-10-04 11:17   ---------   d-----w   C:\Program Files\Common Files\Real
2007-10-04 11:00   ---------   d-----w   C:\Program Files\QuickTime
2007-09-30 06:20   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-09-29 04:33   ---------   d-----w   C:\Program Files\SpywareBlaster
2007-09-28 09:33   ---------   d-----w   C:\Program Files\FlashGet
2007-09-26 08:37   ---------   d-----w   C:\Program Files\a-squared Free
2007-09-23 09:51   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\uTorrent
2007-09-15 14:06   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Creative
2007-09-07 01:06   ---------   d-----w   C:\Program Files\SiteAdvisor
2007-09-07 01:06   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\MegauploadToolbar
2007-09-06 10:09   801,144   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   95,608   ----a-w   C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-05 02:08   ---------   d-----w   C:\Program Files\DAP
2007-09-02 14:32   ---------   d-----w   C:\Program Files\EA GAMES
2007-09-01 14:32   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Opera
2007-09-01 01:57   ---------   d-----w   C:\Program Files\AGEIA Technologies
2007-09-01 01:55   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-08-31 15:13   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\Hamachi
2007-08-31 10:48   ---------   d-----w   C:\Program Files\GameSpot
2007-08-28 12:09   50,688   ----a-w   C:\WINDOWS\system32\wbhelp2.dll
2007-08-24 07:55   ---------   d-----w   C:\Documents and Settings\PUN KA TSUN\Application Data\StromII
2007-08-23 14:06   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Storm
2007-08-20 10:05   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-14 09:01   ---------   d-----w   C:\Program Files\MSN Messenger
2007-08-11 02:49   ---------   d-----w   C:\Program Files\Graphmatica
2007-07-30 11:19   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19   549,720   ----a-w   C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19   43,352   -c--a-w   C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19   325,976   ----a-w   C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19   203,096   ----a-w   C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19   1,712,984   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:18   33,624   ----a-w   C:\WINDOWS\system32\wups.dll
2006-07-04 09:21:07   89,837   -csha-w   C:\WINDOWS\system32\xwodniw.dat
2007-03-31 09:30:46   32,288   -csha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 09:30:47   2,080   -csha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 21:00]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 09:16]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2004-08-05 08:19]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-12-15 16:07]
"Fujitsu Menu"="C:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [2003-10-28 10:00]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updnavi.exe" [2004-09-17 16:46]
"FjEvents"="C:\Program Files\Fujitsu\Utils\fjevents.exe" [2004-08-26 04:43]
"FjDspMon"="C:\Program Files\Fujitsu\Utils\FjDspMon.exe" [2003-07-29 02:20]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 17:05]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-08 02:15 C:\WINDOWS\AGRSMMSG.exe]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-16 10:04]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-16 10:07]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-11-18 20:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 18:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2004-08-10 17:47]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-07-02 19:48]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-10 17:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"WindowsHiderPro"="C:\Program Files\WHidePro\whpro.exe" [2002-08-08 23:02]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-04-28 17:08]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 02:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-16 10:03 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 21:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 21:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 Wuser32;SMS Remote Control Agent;C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;C:\WINDOWS\system32\drivers\A302.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 DX02;DX02;C:\WINDOWS\system32\drivers\dx02.sys
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys
R3 hidpen;Wacom Serial Pen HID MiniDriver;C:\WINDOWS\system32\DRIVERS\hidpen.sys
R3 idisw2km;idisw2km;C:\WINDOWS\system32\DRIVERS\idisw2km.sys
R3 kbstuff;SMS Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 DaFUTURE;DaFUTURE;\??\D:\ka tsun's stuff\other junks\UltraNoob\UltraNoob\LinkSys.sys
S3 Dua1;Dua1;\??\D:\ka tsun's stuff\other junks\hack\New Folder (2)\DualEngi.sys
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\PUNKAT~1\LOCALS~1\Temp\iMSPQMn.sys
S3 kaspersky1;kaspersky1;\??\D:\ka tsun's stuff\other junks\KasperSky\kaspersky.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-03-30 14:55:15 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 15:39:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-10 15:40:28
.
   --- E O F ---

guestolo · « **Reply #5 on:** October 10, 2007, 08:40:00 AM »

How is everything?
If your still having problems with your hotkeys and touchpad

You may want to download the latest drivers from this link related to Hotkeys, buttons, and touchpad
http://www.pc-ap.fujitsu.com/support/drv_lb_wxp_t4010.html
Unzip them individually to their own folders

Uninstall the software from add/remove programs
Reboot the computer and try reinstalling them
Reboot, see if that helps

Asuyuki · « **Reply #6 on:** October 11, 2007, 03:22:26 AM »

the touchpad is working ... for now ...

n the tablet screen coordination(as well as those 5 little buttons at the bottom right hand corner of my screen/monitor) is related to which driver? because nth really seems related to the tablet screen view change ..

Asuyuki · « **Reply #7 on:** October 11, 2007, 09:55:17 AM »

after reboot , back to square 1 ...

guestolo · « **Reply #8 on:** October 12, 2007, 09:04:56 PM »

I was assuming the software you needed was related to the hotkeys and touchpad
Any of the following from the link may apply

Fujitsu HotKey Utility
Fujitsu Button Driver
Fujitsu Button Utility
TouchPad Mouse
Touch Panel Driver

If you removed the software related above from add/remove and then rebooted then installed the ones you download
Does it help?

If not, it may be time to think about backing up your files and clean installing
Not just reinstall, but a format>>Install
Are you willing to try that route?

Asuyuki · « **Reply #9 on:** October 13, 2007, 02:53:49 AM »

hav already tried all 5. none of them have an effect on the screen orientation ( unless it is touch panel, which does not seem to be an installer at all)

if yr method require reformatting, i will certainly not like tat to happen

btw, any possibility to do with services.msc ? a sudden thought that it may affect the touchpad somehow .. n it is the only thing i hav altered the system

guestolo · « **Reply #10 on:** October 13, 2007, 10:00:30 AM »

Quote

btw, any possibility to do with services.msc ? a sudden thought that it may affect the touchpad somehow .. n it is the only thing i hav altered the system

I'm not sure what you may of altered in services.msc
So you will have to troubleshoot that problem on your end
All I know is you've had troubles with this pc for a while

Not sure what you want from me on this end, read the documentation that came with your tablet pc
Find out what drivers are required to run properly

Asuyuki · « **Reply #11 on:** October 14, 2007, 02:41:37 AM »

ok ... the joke is ... i am not sure wad i did with the computer. i attempted to reinstall Fujitsu Button Utilities and my touchpad works.
unable to believe my luk, i reboot, n it is still working ( for now, of course ...)

i am CERTAIN tat it is Fujitsu Button Utilities that is controlling screen orientation. & referriing to other sources, there is possibility that the ACPI driver is involved in the problem ...
however, the ACPI driver frm the web had no distinct installation. any idea how to use it? so that i can try out this possibility of the problem.

thx

Asuyuki · « **Reply #12 on:** October 14, 2007, 06:24:10 AM »

ah ... knew i wasn't so lucky ....

anyway still interested in ACPI installation.

guestolo · « **Reply #13 on:** October 14, 2007, 07:36:43 PM »

Since I don't know much about this laptop
You might get better help if you post in a notebook forum
These guys might have a better idea
http://forum.notebookreview.com/forumdisplay.php?f=7

You might find a user that experienced your problem in the past and have a fix for you

Asuyuki · « **Reply #14 on:** October 19, 2007, 01:27:19 AM »

nobody responded there for 5 days ...

anyway, do you noe how to solve the problem of internet explorer always hanging when i use h0tmail.
is it the problem with the new interface?

also, my avast! recognises my OWN blog as a trojan horse spreader. Also, it recognises some parts of blogger ( eg the template area) as trojans too ...
i nvr had this problem be4 .. is it a problem with avast! ??

guestolo · « **Reply #15 on:** October 19, 2007, 08:29:40 AM »

Quote

do you noe how to solve the problem of internet explorer always hanging when i use h0tmail.
is it the problem with the new interface?

It could be I had you disable Messenger plus 3
2 things to either try, uninstall Messenger plus 3 altogether from add/remove programs
However I only see Messenger plus live in your add/remove list

or try the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe

Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer
Does that help with IE freezing?

WindowsHiderPro, how long have you had it installed?
Did you touchpad function keys start having problems after you installed it?
It does use hotkey functions that may be interfering, I'm not sure

Quote

also, my avast! recognises my OWN blog as a trojan horse spreader. Also, it recognises some parts of blogger ( eg the template area) as trojans too ...
i nvr had this problem be4 .. is it a problem with avast! ??

I got no idea, what files is it finding, exact file names?
It could very well be a false positive, but that's not enough information

Still, with the problems you continually having with this computer
I would still maybe venture clean installing the machine
First, collect all CD's for installation of operating system, drivers, etc...
You should of got them with the notebook

Backup important files/folders

After a clean install (factory restore), careful with what you install, get your AV reinstalled
After that, every program you install ensure the computer is running fine afterwards
This may be the best solution

Asuyuki · « **Reply #16 on:** October 19, 2007, 09:23:05 PM »

the trojan found is JS:Cardst [Trj]

i guess i solve this problem first before i consider a full reinstall, term examination coming ... >.<

internet explorer looks fine after that. & i am uninstalling windows hider, trying now ... ( & it does not work)

Asuyuki · « **Reply #17 on:** October 21, 2007, 03:14:21 AM »

& i realised that it is not blogger's problem ... it is my own source code, which results in the so-called trojan found in the template page

trying to get the source code now >> (edit: got the code after i disabled the anti-virus)
would appreciate if any guidance is given on the possible conflict in the code ..

guestolo · « **Reply #18 on:** October 21, 2007, 10:10:58 AM »

I'm surprised Avast didn't find it when I scanned at virustotal, but it is up on it
blog_template.txt received on 10.21.2007 16:29:40 (CET)


Antivirus    Version    Last Update    Result
AhnLab-V3   2007.10.20.0   2007.10.19   -
AntiVir   7.6.0.27   2007.10.20   JS/Cardst.B
Authentium   4.93.8   2007.10.20   JS/RClick
Avast   4.7.1051.0   2007.10.21   -
AVG   7.5.0.488   2007.10.20   -
BitDefender   7.2   2007.10.21   Trojan.JS.RClick.A
CAT-QuickHeal   9.00   2007.10.20   -
ClamAV   0.91.2   2007.10.20   Trojan.JS.Cardst
DrWeb   4.44.0.09170   2007.10.21   -
eSafe   7.0.15.0   2007.10.15   -
eTrust-Vet   31.2.5225   2007.10.20   -
Ewido   4.0   2007.10.21   -
FileAdvisor   1   2007.10.21   -
Fortinet   3.11.0.0   2007.10.19   JS/Cardst.A!tr
F-Prot   4.3.2.48   2007.10.20   JS/RClick
F-Secure   6.70.13030.0   2007.10.21   -
Ikarus   T3.1.1.12   2007.10.21   Trojan.JS.Cardst
Kaspersky   7.0.0.125   2007.10.21   -
McAfee   5145   2007.10.19   -
Microsoft   1.2908   2007.10.21   -
NOD32v2   2604   2007.10.19   -
Norman   5.80.02   2007.10.19   -
Panda   9.0.0.4   2007.10.21   -
Prevx1   V2   2007.10.21   -
Rising   19.45.62.00   2007.10.21   -
Sophos   4.22.0   2007.10.21   -
Sunbelt   2.2.907.0   2007.10.20   -
Symantec   10   2007.10.21   -
TheHacker   6.2.9.103   2007.10.21   -
VBA32   3.12.2.4   2007.10.19   -
VirusBuster   4.3.26:9   2007.10.21   -
Additional information
File size: 30760 bytes
MD5: e8f4c9a13f39f8a68fe4217bfa8bfb0b
SHA1: 2f0a45a5443c3321dc5c07004a925518fb0315d6
packers: Unicode
packers: Unicode

Here's some info on JS:Cardst and blogs
http://www.computing.co.uk/vnunet/news/218...fensive-content
This question may be better addressed at the script forums that produced the Rainbow Link Hover Provided by Blogring.net
If you don't trust it, I would remove it

Can you right click on the Avast icon by the clock
Select About Avast
Under Virus Database>>Expand (+) on it and let me know what your compilation date is

Asuyuki · « **Reply #19 on:** October 21, 2007, 08:26:21 PM »

10/21/2007
file version: 000783-0

News:

Author Topic: touchpad & security buttons not working (Read 3792 times)