Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot my PC normally


  • This topic is locked This topic is locked
18 replies to this topic

#1 WinBMY

WinBMY

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 20 January 2010 - 08:27 AM

After install one digital certification software, my NB PC could not boot normally. Then I uninstall this software, but the NB PC could not boot normally. Please help me for correcting this issue. Following is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 09:21:32, on 2010/1/20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\HiJackThis\TJH.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINNT\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{08EF3536-F2C0-4C66-BE28-ECAFB8570246}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA1EEDC5-B4C7-41E7-BE1A-A172569BCB1B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{08EF3536-F2C0-4C66-BE28-ECAFB8570246}: NameServer = 156.154.70.25,156.154.71.25
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\system32\S24EvMon.exe

--
End of file - 6319 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 25 January 2010 - 02:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 25 January 2010 - 11:34 PM

Hi, myrti,

Thanks for replying my issue, here would be the step that casusing my PC unable to boot.
1. Somedays ago, I install a software call digital certifiaction offered by my Government.
2. After install this software, rebooting PC was required.
3. PC reboot in a very low speed manner.
4. Now I never boot this PC normally.
5. Now I boot this PC by adopting following steps:
5.1 Press F8 key during booting
5.2 Press arrow key by selecting "Previous Successful booting" option (I Don't Know the Correct English Procedure Name)


Please see the OLT scanning log files below:

Extras.Txt:

OTL Extras logfile created on: 2010/1/26 上午 11:59:28 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

766.00 Mb Total Physical Memory | 360.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.53 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 18.25 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.15 Gb Free Space | 8.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 10.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACK-7E05630515
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C9B0475-F65F-45AB-8D88-2AE7C195E907}" = Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{203AE71C-DD94-43CE-A45A-AE472869DD89}" = Microsoft Word 2003 試卷編輯小工具
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = CardBus
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1028-7B44-A81300000003}" = Adobe Reader 8.1.3 - Chinese Traditional
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{b697396d-4bff-430d-9578-8aa5a549777a}" = Intel® PROSet
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E25EB359-C7A3-4E0F-B06C-D6A539AD353E}" = COMODO System-Cleaner
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Comodo BO Tester_is1" = Comodo BO Tester x32
"Comodo Dragon" = Comodo Dragon
"Comodo HopSurf Toolbar" = Comodo HopSurf
"COMODO Internet Security" = COMODO Internet Security
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 壓縮工具
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google 瀏覽器

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010/1/20 下午 11:24:08 | Computer Name = JACK-7E05630515 | Source = Application Hang | ID = 1002
Description = 無回應的應用程式 rocketman.exe,版本 1.0.0.1。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址
0x00000000。

Error - 2010/1/23 上午 01:11:03 | Computer Name = JACK-7E05630515 | Source = Application Error | ID = 1000
Description = 失敗的應用程式 hpqste08.exe,版本 70.0.170.0,失敗的模組 unknown,版本 0.0.0.0,錯誤位址 0xb4d5ce68。

Error - 2010/1/23 上午 09:59:18 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/23 上午 10:59:05 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/23 下午 09:59:27 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/23 下午 10:59:07 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/24 上午 12:00:44 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/24 上午 04:59:05 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/24 上午 05:59:05 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

Error - 2010/1/25 上午 06:59:16 | Computer Name = JACK-7E05630515 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2010/1/25 下午 09:41:06 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:06 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:06 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:06 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:06 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:21 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 09:41:21 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Start: %%5

Error - 2010/1/25 下午 10:46:29 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7023
Description = Automatic Updates 服務因下列錯誤而終止: %%126

Error - 2010/1/25 下午 10:46:59 | Computer Name = JACK-7E05630515 | Source = DCOM | ID = 10010
Description = 伺服器 {E60687F7-01A1-40AA-86AC-DB1CBF673334} 沒有在指定的等候逾時內登錄 DCOM。

Error - 2010/1/25 下午 11:20:45 | Computer Name = JACK-7E05630515 | Source = Service Control Manager | ID = 7006
Description = 因為下列錯誤,ScRegSetValueExW 呼叫無法執行 Type: %%5


< End of report >


OLT.Txt log:

OTL logfile created on: 2010/1/26 上午 11:59:28 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Administrator\桌面
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

766.00 Mb Total Physical Memory | 360.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.53 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive D: | 22.61 Gb Total Space | 18.25 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 0.15 Gb Free Space | 8.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 10.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACK-7E05630515
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/26 11:26:35 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
PRC - [2010/01/20 19:16:17 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/20 19:16:14 | 01,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/17 12:00:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/30 20:11:49 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/05/21 12:48:56 | 00,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2008/04/14 22:00:32 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/09/20 10:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxpers.exe
PRC - [2005/09/20 10:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\hkcmd.exe
PRC - [2005/09/20 10:32:16 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxsrvc.exe
PRC - [2005/07/05 01:32:04 | 00,639,040 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\ZCfgSvc.exe
PRC - [2005/07/05 01:28:34 | 00,421,955 | ---- | M] (Intel Corporation ) -- C:\WINNT\system32\S24EvMon.exe
PRC - [2005/07/05 01:26:36 | 00,389,186 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\1XConfig.exe
PRC - [2005/07/05 01:26:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/26 11:26:35 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/20 19:16:17 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/07/05 01:28:34 | 00,421,955 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINNT\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/05 01:26:00 | 00,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/01/20 19:16:19 | 00,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINNT\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/20 19:16:19 | 00,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/20 19:16:19 | 00,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/09 19:53:44 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/04 19:50:56 | 00,056,736 | ---- | M] (COMODO Security Solutions Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\CFRPD.sys -- (CFRPD)
DRV - [2009/06/11 09:43:24 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/26 18:01:00 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/13 22:09:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/04/13 08:04:39 | 00,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/13 08:04:39 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/13 08:04:39 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/08/19 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/07/26 16:36:50 | 00,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\w70n51.sys -- (w70n51) Windows XP適用的 Intel®
DRV - [2005/06/17 07:15:26 | 00,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/05 16:38:32 | 00,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/10/23 17:04:00 | 00,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gticard.sys -- (GTICARD)
DRV - [2003/08/29 15:56:12 | 00,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/12/10 16:13:22 | 00,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/09/13 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/13 20:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-606747145-1563985344-1343024091-500\S-1-5-21-606747145-1563985344-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {561A5FBE-9761-4eb3-9182-892D82532414}:1.0
FF - prefs.js..extensions.enabledItems: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93}:0.9.0.46
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=zh-TW&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2009/08/19 21:17:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 22:11:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 12:39:41 | 00,000,000 | ---D | M]

[2009/07/15 12:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/25 21:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vde8hq8e.default\extensions
[2009/09/24 22:53:07 | 00,000,000 | ---D | M] (Comodo AV Scanner) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vde8hq8e.default\extensions\{561A5FBE-9761-4eb3-9182-892D82532414}
[2009/10/14 11:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/17 12:00:41 | 00,002,310 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\findbook-zh-TW.xml
[2010/01/17 12:00:41 | 00,001,222 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-zh-TW.xml
[2010/01/17 12:00:41 | 00,001,360 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-answer-zh-TW.xml
[2010/01/17 12:00:41 | 00,000,843 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-bid-zh-TW.xml
[2010/01/17 12:00:41 | 00,000,857 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zh-TW.xml

O1 HOSTS File: ([2010/01/24 09:29:57 | 00,373,587 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12876 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZCfgSvc.exe] C:\WINNT\system32\ZCfgSvc.exe (Intel Corporation)
O4 - HKU\S-1-5-21-606747145-1563985344-1343024091-500..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-606747145-1563985344-1343024091-500..\Run: [Google Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-606747145-1563985344-1343024091-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Photosmart Premier 快速啟動.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-1563985344-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-1563985344-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606747145-1563985344-1343024091-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-606747145-1563985344-1343024091-500\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINNT\system32\LgNotify.dll - C:\WINNT\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:20:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 21:44:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/07 23:41:52 | 00,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d48eed40-8328-11de-9c20-000d566d563e}\Shell - "" = AutoRun
O33 - MountPoints2\{d48eed40-8328-11de-9c20-000d566d563e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d53bad83-7fea-11de-9c1a-00042398ac9e}\Shell - "" = AutoRun
O33 - MountPoints2\{d53bad83-7fea-11de-9c1a-00042398ac9e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 21:44:40 | 00,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2009/06/11 07:19:28 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0C9B0475-F65F-45AB-8D88-2AE7C195E907} - .NET Framework
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - 進階創作
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web 資料夾
ActiveX: {76C19B33-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Traditional) Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VDOM - C:\WINNT\System32\vdowave.drv (VDOnet LTD..)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/26 11:58:29 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2010/01/20 19:57:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\beep.sys
[2010/01/20 19:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/01/20 19:16:29 | 00,171,552 | ---- | C] (COMODO) -- C:\WINNT\System32\guard32.dll
[2010/01/20 19:16:29 | 00,133,064 | ---- | C] (COMODO) -- C:\WINNT\System32\drivers\cmdguard.sys
[2010/01/20 19:16:29 | 00,087,104 | ---- | C] (COMODO) -- C:\WINNT\System32\drivers\inspect.sys
[2010/01/20 19:16:29 | 00,025,160 | ---- | C] (COMODO) -- C:\WINNT\System32\drivers\cmdhlp.sys
[2010/01/20 12:38:50 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/20 12:38:39 | 00,000,000 | ---D | C] -- C:\WINNT\SxsCaPendDel
[2010/01/13 13:30:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/08 23:06:26 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/08 21:50:32 | 00,000,000 | ---D | C] -- C:\WINNT\temp
[2010/01/06 14:04:35 | 00,000,000 | ---D | C] -- C:\WINNT\LastGood
[2010/01/06 11:25:17 | 00,000,000 | ---D | C] -- C:\WINNT\CHT Up2Date Service
[2010/01/06 11:24:11 | 00,000,000 | ---D | C] -- C:\Program Files\Chunghwa Telecom1
[2010/01/06 11:21:51 | 00,000,000 | ---D | C] -- C:\WINNT\LastGood.Tmp
[2010/01/06 11:20:52 | 00,000,000 | ---D | C] -- C:\WINNT\Downloaded Installations
[2010/01/04 21:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/12/30 20:28:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/12/30 20:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2009/12/27 18:30:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/27 18:30:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/12/27 18:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/18 06:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/18 06:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Comodo
[2009/12/18 06:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/12/18 06:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/06/11 10:13:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/11 07:23:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/11 07:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 03:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINNT\Fonts\RandFont.dll
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/26 12:04:22 | 01,474,832 | ---- | M] () -- C:\WINNT\System32\drivers\sfi.dat
[2010/01/26 11:59:01 | 00,000,668 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1563985344-1343024091-500UA.job
[2010/01/26 11:26:35 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\桌面\OTL.exe
[2010/01/26 09:22:13 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/01/26 09:22:09 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/01/26 09:21:19 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/26 09:21:05 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/26 09:20:27 | 04,305,804 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/26 09:20:05 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\AntiVirus Protection Test.xls
[2010/01/25 20:59:34 | 00,000,616 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1563985344-1343024091-500Core.job
[2010/01/25 14:00:23 | 00,002,350 | ---- | M] () -- C:\Documents and Settings\Administrator\桌面\Google 瀏覽器.lnk
[2010/01/25 09:49:40 | 00,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/01/24 09:29:57 | 00,373,587 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/01/21 22:12:18 | 00,081,338 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\error dgns 2010 01 21 2212
[2010/01/20 19:17:29 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\COMODO Internet Security.lnk
[2010/01/20 19:16:19 | 00,171,552 | ---- | M] (COMODO) -- C:\WINNT\System32\guard32.dll
[2010/01/20 19:16:19 | 00,133,064 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\cmdguard.sys
[2010/01/20 19:16:19 | 00,087,104 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\inspect.sys
[2010/01/20 19:16:19 | 00,025,160 | ---- | M] (COMODO) -- C:\WINNT\System32\drivers\cmdhlp.sys
[2010/01/20 12:41:06 | 00,000,014 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2010/01/20 12:39:41 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk
[2010/01/19 11:35:18 | 00,135,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\樹森肉類月彙總.xls
[2010/01/18 22:53:22 | 00,952,009 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介s.pdf
[2010/01/18 22:52:48 | 02,578,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介.pdf
[2010/01/18 22:51:28 | 31,834,112 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介20100118.ppt
[2010/01/17 11:14:42 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 16:57:01 | 00,373,451 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100124-092952.backup
[2010/01/12 06:43:33 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\Administrator\桌面\福華飯店 聚餐 - 特約餐廳合約書20100111.doc
[2010/01/10 18:53:57 | 00,013,896 | ---- | M] () -- C:\WINNT\System32\drivers\hitmanpro35.sys
[2010/01/10 17:03:02 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\亞洲幣與台幣.xls
[2010/01/10 09:28:52 | 00,000,045 | ---- | M] () -- C:\WINNT\wconf.ini
[2010/01/10 07:21:04 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\base download address.doc
[2010/01/09 10:14:30 | 00,201,216 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表2010105vdetail.xls
[2010/01/09 06:26:46 | 00,070,023 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Comodo Checking Report 2010 01 09
[2010/01/08 21:46:53 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/01/06 20:07:18 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Administrator\桌面\dds.com
[2010/01/06 14:04:42 | 00,000,251 | ---- | M] () -- C:\WINNT\Hbci1006140000.bak
[2010/01/06 13:56:23 | 00,000,018 | ---- | M] () -- C:\WINNT\Hbci0106060442.bak
[2010/01/06 11:23:21 | 00,000,247 | ---- | M] () -- C:\WINNT\Hbci0106055623.bak
[2010/01/05 13:09:33 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表2010105.xls
[2010/01/05 09:55:39 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Administrator\桌面\空白住戶聚餐 - 特約餐廳合約書.doc
[2010/01/04 12:01:10 | 00,206,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表200909.xls
[2010/01/03 22:26:31 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\UmSik.xls
[2010/01/03 21:13:29 | 04,967,424 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\大醬製作過程.ppt
[2010/01/03 19:00:26 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Comodo Dragon.lnk
[2010/01/03 11:36:12 | 00,339,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\營收收入統計表2009 9月份.xls
[2010/01/03 11:17:46 | 00,371,233 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100116-165653.backup
[2010/01/02 14:22:12 | 00,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\COMODO System-Cleaner.lnk
[2010/01/01 09:48:32 | 00,090,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\PKILT 2009 08.xls
[2009/12/31 08:50:05 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\鹿港戶外教學.doc
[2009/12/30 22:31:56 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\文開書院.doc
[2009/12/30 15:09:51 | 08,801,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介20091230.ppt
[2009/12/28 13:11:28 | 00,722,036 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/12/28 13:11:28 | 00,383,588 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/12/28 13:11:28 | 00,216,392 | ---- | M] () -- C:\WINNT\System32\prfh0404.dat
[2009/12/28 13:11:28 | 00,062,134 | ---- | M] () -- C:\WINNT\System32\prfc0404.dat
[2009/12/28 13:11:28 | 00,053,942 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/26 07:56:59 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\AntiVirus Protection Test.xls
[2010/01/21 22:12:17 | 00,081,338 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\error dgns 2010 01 21 2212
[2010/01/20 19:17:29 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\COMODO Internet Security.lnk
[2010/01/20 12:41:06 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt
[2010/01/20 12:39:41 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk
[2010/01/20 11:01:51 | 00,952,009 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介s.pdf
[2010/01/20 11:01:49 | 31,834,112 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介20100118.ppt
[2010/01/20 11:01:49 | 02,578,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介.pdf
[2010/01/20 10:25:33 | 00,135,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\樹森肉類月彙總.xls
[2010/01/11 14:17:56 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\Administrator\桌面\福華飯店 聚餐 - 特約餐廳合約書20100111.doc
[2010/01/10 16:06:00 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\亞洲幣與台幣.xls
[2010/01/10 07:21:04 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\base download address.doc
[2010/01/09 10:02:32 | 00,201,216 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表2010105vdetail.xls
[2010/01/09 06:26:45 | 00,070,023 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Comodo Checking Report 2010 01 09
[2010/01/06 20:08:24 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Administrator\桌面\dds.com
[2010/01/06 14:04:42 | 00,000,018 | ---- | C] () -- C:\WINNT\Hbci0106060442.bak
[2010/01/06 13:56:23 | 00,000,247 | ---- | C] () -- C:\WINNT\Hbci0106055623.bak
[2010/01/06 13:56:23 | 00,000,022 | ---- | C] () -- C:\WINNT\hbcitmp.ini
[2010/01/06 11:23:21 | 00,000,022 | ---- | C] () -- C:\WINNT\hbcikrnl.ini
[2010/01/05 13:05:36 | 00,194,560 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表2010105.xls
[2010/01/03 19:49:37 | 04,967,424 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\大醬製作過程.ppt
[2010/01/03 19:00:25 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Comodo Dragon.lnk
[2010/01/03 12:08:40 | 00,206,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\人員薪資及投保費用一覽表200909.xls
[2010/01/03 10:29:26 | 00,274,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\營收收入統計表2009 10月份.xls
[2010/01/02 15:34:25 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\UmSik.xls
[2010/01/02 14:22:12 | 00,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\COMODO System-Cleaner.lnk
[2009/12/31 10:21:51 | 00,095,744 | ---- | C] () -- C:\Documents and Settings\Administrator\桌面\空白住戶聚餐 - 特約餐廳合約書.doc
[2009/12/31 08:50:05 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\鹿港戶外教學.doc
[2009/12/30 22:31:55 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\文開書院.doc
[2009/12/30 20:29:08 | 00,013,896 | ---- | C] () -- C:\WINNT\System32\drivers\hitmanpro35.sys
[2009/12/30 15:09:49 | 08,801,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\長壽韓式料理公司(李家長壽)公司簡介20091230.ppt
[2009/12/09 11:45:31 | 00,000,221 | ---- | C] () -- C:\WINNT\NCLogConfig.ini
[2009/11/15 13:52:06 | 00,000,150 | ---- | C] () -- C:\WINNT\cavscan.INI
[2009/11/01 17:35:53 | 00,000,045 | ---- | C] () -- C:\WINNT\wconf.ini
[2009/07/25 08:19:40 | 00,000,130 | ---- | C] () -- C:\WINNT\cfplogvw.INI
[2009/07/18 19:02:49 | 00,000,534 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/07/18 18:57:26 | 00,000,723 | ---- | C] () -- C:\WINNT\disney.ini
[2009/07/17 12:31:15 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/07/17 11:42:29 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\HPZIDS01.dll
[2009/06/14 14:31:11 | 00,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/13 21:31:58 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/11 10:22:41 | 00,000,373 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/06/14 19:54:04 | 00,057,344 | ---- | C] () -- C:\WINNT\System32\CTAlc001.dll
[2005/07/05 01:37:14 | 00,045,124 | ---- | C] () -- C:\WINNT\System32\LsaWrApi.dll
[2005/07/05 01:29:16 | 00,139,264 | ---- | C] () -- C:\WINNT\System32\ShellNav.dll
[2005/07/05 01:27:42 | 00,532,549 | ---- | C] () -- C:\WINNT\System32\C1XStngs.dll
[2005/07/05 01:26:40 | 00,069,632 | ---- | C] () -- C:\WINNT\System32\D8021Xps.dll
[2005/01/13 03:00:14 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
[2005/01/13 03:00:10 | 00,651,264 | ---- | C] () -- C:\WINNT\System32\libeay32.dll
[2003/03/06 20:17:30 | 00,004,881 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2001/07/07 03:00:02 | 00,003,013 | ---- | C] () -- C:\WINNT\System32\HPTCPMON.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/04/14 22:16:34 | 20,230,651 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 22:16:34 | 20,230,651 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 22:16:34 | 20,230,651 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 22:16:34 | 20,230,651 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 21:59:28 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=51F615C1E8F407125FC7C96DF1AF817B -- C:\WINNT\ERDNT\cache\eventlog.dll
[2008/04/14 21:59:28 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=51F615C1E8F407125FC7C96DF1AF817B -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/14 21:59:28 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=51F615C1E8F407125FC7C96DF1AF817B -- C:\WINNT\system32\dllcache\eventlog.dll
[2008/04/14 21:59:28 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=51F615C1E8F407125FC7C96DF1AF817B -- C:\WINNT\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 21:59:42 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=58EFE73219C79CAA4B4121334C75C9A7 -- C:\WINNT\ERDNT\cache\netlogon.dll
[2008/04/14 21:59:42 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=58EFE73219C79CAA4B4121334C75C9A7 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/14 21:59:42 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=58EFE73219C79CAA4B4121334C75C9A7 -- C:\WINNT\system32\dllcache\netlogon.dll
[2008/04/14 21:59:42 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=58EFE73219C79CAA4B4121334C75C9A7 -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 21:59:54 | 00,172,544 | ---- | M] (Microsoft Corporation) MD5=E9A10E74ABF859D0BE98B5C3790D879A -- C:\WINNT\ERDNT\cache\scecli.dll
[2008/04/14 21:59:54 | 00,172,544 | ---- | M] (Microsoft Corporation) MD5=E9A10E74ABF859D0BE98B5C3790D879A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/14 21:59:54 | 00,172,544 | ---- | M] (Microsoft Corporation) MD5=E9A10E74ABF859D0BE98B5C3790D879A -- C:\WINNT\system32\dllcache\scecli.dll
[2008/04/14 21:59:54 | 00,172,544 | ---- | M] (Microsoft Corporation) MD5=E9A10E74ABF859D0BE98B5C3790D879A -- C:\WINNT\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2009/11/26 20:39:13 | 00,029,184 | ---- | M] ()(C:\Documents and Settings\Administrator\桌面\一本?得閱讀的書.doc) -- C:\Documents and Settings\Administrator\桌面\一本値得閱讀的書.doc
[2009/11/22 20:00:21 | 00,029,184 | ---- | C] ()(C:\Documents and Settings\Administrator\桌面\一本?得閱讀的書.doc) -- C:\Documents and Settings\Administrator\桌面\一本値得閱讀的書.doc
[2009/10/07 20:34:40 | 00,024,064 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?? 石榴.doc) -- C:\Documents and Settings\Administrator\My Documents\석류 石榴.doc
[2009/10/07 20:34:16 | 00,024,064 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?? 石榴.doc) -- C:\Documents and Settings\Administrator\My Documents\석류 石榴.doc
[2009/08/23 10:25:40 | 00,143,872 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?所驚魂記.ppt) -- C:\Documents and Settings\Administrator\My Documents\厠所驚魂記.ppt
[2009/08/23 10:24:46 | 00,062,976 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?所驚魂記.doc) -- C:\Documents and Settings\Administrator\My Documents\厠所驚魂記.doc
[2009/08/23 10:07:42 | 00,143,872 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?所驚魂記.ppt) -- C:\Documents and Settings\Administrator\My Documents\厠所驚魂記.ppt
[2009/08/22 20:17:53 | 00,062,976 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?所驚魂記.doc) -- C:\Documents and Settings\Administrator\My Documents\厠所驚魂記.doc
< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 26 January 2010 - 03:17 AM

Hi,

what does happen when you try to boot normally? Do you get to see a blue screen or does the boot freeze? Have you tried booting into safe mode? Does that work?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 26 January 2010 - 06:01 AM

Blue Screen? What is that?

Before install the certification software, usually it take about 1.5 minute for ready to use.
After that PC can boot, but the speed is very low. I have to wait a long time for ready to use.
Then all of software I try to use are open in a very low speed manner.
Then I uninstall the certification sotware, after that the PC boot speed is very low for loading all of the initial software.

Safe mode, Yes, safe mode can work. No issue.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 26 January 2010 - 06:24 PM

Hi,

this is a bluescreen:


Do you see such a screen when you boot into normal mode? It will take up the entire screen.

What exactly happens when you boot into normal mode? How long does it take? Have you run OTL after booting into normal mode?

Please also give me the name of the software you installed and removed.

Finally please provide a log from DDS as well:
Please run a scan with DDS:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    DDS.scr
    DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


Information on A/V control HERE

regards myrti

Edited by myrti, 26 January 2010 - 06:45 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 27 January 2010 - 08:08 AM

Hi, Myrti,

Thanks for the prompt reply, and sorry for the delay respond because I have to wait the PC have time to do the tasks you ask.

You ask : Do you see such a screen when you boot into normal mode?
No, I don't see blue screen while booting.

You ask: What exactly happens when you boot into normal mode?
Nothing happen when my PC booting under normal mode. It just slow.

You ask: How long does it take?
It take about 16 minutes.

You ask: Have you run OTL after booting into normal mode?
Yes, I reboot it 20 minutes ago for understanding if "blue screen" come out or not, and how long does it take.


DDS log file (this DDS version is 2010/1/6 DDS.com) not the dds.scr you ask to run, because it does not generate any log file.

#1. DDS log text file. (#2 upload the attached file as attached.)

DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 20:57:45.07 on 2010/01/27 星期三
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.766.333 [GMT 8:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINNT\system32\svchost.exe -k netsvcs
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\ZCfgSvc.exe
svchost.exe
C:\WINNT\Explorer.EXE
svchost.exe
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINNT\system32\conime.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
mRun: [igfxpers] c:\winnt\system32\igfxpers.exe
mRun: [ZCfgSvc.exe] c:\winnt\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: 匯出至 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {08EF3536-F2C0-4C66-BE28-ECAFB8570246} = 156.154.70.25,156.154.71.25
TCP: {CA1EEDC5-B4C7-41E7-BE1A-A172569BCB1B} = 156.154.70.22,156.154.71.22
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\winnt\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\vde8hq8e.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=zh-TW&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vde8hq8e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\comodo\hopsurftoolbar\hopsurfext_ff3_5\components\hopsurf.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vde8hq8e.default\extensions\{561a5fbe-9761-4eb3-9182-892d82532414}\plugins\npavwebscan.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 CFRPD;CFRPD;c:\winnt\system32\drivers\CFRPD.sys [2009-8-4 56736]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-23 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdguard.sys [2010-1-20 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [2010-1-20 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-23 185089]
R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-10-23 56816]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-20 723632]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 EMVSCARD;EMVSCARD;c:\winnt\system32\drivers\emvscard.sys --> c:\winnt\system32\drivers\EMVSCARD.sys [?]
S3 GTICARD;GTICARD;c:\winnt\system32\drivers\gticard.sys [2003-10-23 76160]

=============== Created Last 30 ================

2010-01-27 18:59 15,888 a------- c:\winnt\system32\drivers\EnumProcessesDriver.sys
2010-01-20 19:57 4,224 ac------ c:\winnt\system32\dllcache\beep.sys
2010-01-20 19:57 4,224 a------- c:\winnt\system32\drivers\beep.sys
2010-01-20 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2010-01-20 19:16 171,552 a------- c:\winnt\system32\guard32.dll
2010-01-20 19:16 133,064 a------- c:\winnt\system32\drivers\cmdguard.sys
2010-01-20 19:16 25,160 a------- c:\winnt\system32\drivers\cmdhlp.sys
2010-01-20 12:38 <DIR> --d----- c:\winnt\SxsCaPendDel
2010-01-08 23:06 <DIR> --ds---- C:\ComboFix
2010-01-06 14:04 18 a------- c:\winnt\Hbci0106060442.bak
2010-01-06 13:56 247 a------- c:\winnt\Hbci0106055623.bak
2010-01-06 13:56 22 a------- c:\winnt\hbcitmp.ini
2010-01-06 11:25 <DIR> --d----- c:\winnt\CHT Up2Date Service
2010-01-06 11:24 <DIR> --d----- c:\program files\Chunghwa Telecom1
2010-01-06 11:23 22 a------- c:\winnt\hbcikrnl.ini
2010-01-06 11:21 <DIR> --d----- c:\winnt\LastGood.Tmp
2010-01-06 11:20 <DIR> --d----- c:\winnt\Downloaded Installations
2009-12-30 20:29 13,896 a------- c:\winnt\system32\drivers\hitmanpro35.sys
2009-12-30 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hitman Pro
2009-12-30 20:28 <DIR> --d----- c:\program files\Hitman Pro 3.5

==================== Find3M ====================

2010-01-27 20:53 1,474,832 a------- c:\winnt\system32\drivers\sfi.dat
2009-12-28 13:11 216,392 a------- c:\winnt\system32\prfh0404.dat
2009-12-28 13:11 62,134 a------- c:\winnt\system32\prfc0404.dat
2009-12-09 22:54 261,632 a------- c:\winnt\PEV.exe
2009-12-09 19:53 56,816 a------- c:\winnt\system32\drivers\avgntflt.sys
1998-08-24 12:09 10,000 a------- c:\winnt\inf\unregpn.exe

============= FINISH: 20:58:48.36 ===============

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 29 January 2010 - 10:10 AM

Hi,

you are currently running two anti virus programs, please remove one of them.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Comodo or Avira.

Let me know if removing one of the anti virus programs speeds your PC up.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 30 January 2010 - 03:53 AM

Hi, Myrti,

Thanks, I uninstall Avira AntiVirus.
Then I reboot under normal mode.
It take 15 minutes for ready the PC to use. The respond and loading program of the PC is very low.


WinBMY

Edited by WinBMY, 30 January 2010 - 06:47 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 30 January 2010 - 10:40 AM

Hi,

could you please try to do a system restore to a point before you installed Comodo and the digital certification software. You can find instructions on how to use system restore here: link

Let me know if that helps.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 30 January 2010 - 06:25 PM

Hi, myrti,

Thanks for the prompt reply. I try to restore, but the installation of the digital sign certification software was several months ago (about 4 months ago, 2009/Sep). And I can not find that restore point. wacko.gif

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 31 January 2010 - 06:23 PM

Hi,

If it has been that long since you uninstalled the program, than there will be no restore point left. Has your PC always been this slow after you uninstalled it?

Do you still have the program that has caused this issue? Can you give me the name of the program?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 02 February 2010 - 09:08 AM

Hi, Myrti,

You ask:Has your PC always been this slow after you uninstalled it?
Yes, if it is booted normally.
But if it is booted by Press F8 Key, and press four Up arrow key for selecting boot success last time, then the PC run smoothly.

You ask:Do you still have the program that has caused this issue?
Yes, boot normally.

You ask:Can you give me the name of the program?
I will try to figure out for searching the CD. Will let you know tomorrow.

WinBMY

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:39 PM

Posted 05 February 2010 - 11:06 AM

QUOTE(WinBMY @ Feb 2 2010, 03:08 PM) View Post
You ask:Do you still have the program that has caused this issue?
Yes, boot normally.

Is the program still installed when you boot normally?

QUOTE
You ask:Can you give me the name of the program?
I will try to figure out for searching the CD. Will let you know tomorrow.

Please let me know if you have found the CD.

May I ask where you are from? I might be able to find the name of the program when I know which government has issued it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 05 February 2010 - 06:57 PM

Commercial Digital Certificate software is issued by Taiwan Government. (http://moeaca.nat.gov.tw)

I am still searching the IC card software installation CD.

When it caused my PC booting slowly then I had uninstalled the software already.

After uninstalled the software the PC boot slowly, too.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users