Got infected, WIN32/Agent.DT trojan, please see hijackThis

**Broni** · January 17th, 2010, 03:19 AM

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.

===================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

**digo** · January 17th, 2010, 05:30 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 17, 2010 16:47:11
Records in database: 3324765
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Objects scanned: 215521
Threats found: 10
Infected objects found: 10
Suspicious objects found: 3
Scan duration: 03:26:30

File name / Threat / Threats count
C:\Program Files\ESET\infected\A51NEZCA.NQF Infected: not-a-virus:AdWare.Win32.TimeSink 1
C:\Program Files\ESET\infected\MANPAXDA.NQF Infected: Trojan.Win32.Agent.dt 1
C:\System Volume Information\_restore{E1E83692-B7DD-40D7-9FC3-AE365857C43E}\RP1\A0000125.sys Infected: Rootkit.Win32.Agent.abmh 1
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 3
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx Infected: Email-Worm.Win32.Klez.h 1
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx Infected: Email-Worm.Win32.Sobig.f.dam 1
E:\Paomians\emailBK\Outlook ExpressAln\刪除的郵件.dbx Infected: Email-Worm.Win32.Bagle.g 1
E:\Paomians\emailBK\Outlook ExpressAln\刪除的郵件.dbx Infected: Email-Worm.Win32.NetSky.j 1
E:\Paomians\NetWork\FTP\CuteFtp3.0(正式版\cute3032.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\Paomians\NetWork\serv-u2.5i\serv-u2.5i\Setup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i 1
E:\Paomians\NetWork\serv-u2.5i\susetup.zip Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i 1

Selected area has been scanned.

**Broni** · January 17th, 2010, 05:39 PM

What is drive E?

**digo** · January 17th, 2010, 05:42 PM

just a backup hard drive containing some freewares

**Broni** · January 17th, 2010, 05:49 PM

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

Code:

:OTL

:Services

:Reg

:Files
C:\Program Files\ESET\infected\A51NEZCA.NQF 
C:\Program Files\ESET\infected\MANPAXDA.NQF 
C:\System Volume Information\_restore{E1E83692-B7DD-40D7-9FC3-AE365857C43E}\RP1\A0000125.sys 
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx 
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx 
E:\Paomians\emailBK\Outlook ExpressAln\old mails.dbx 
E:\Paomians\emailBK\Outlook ExpressAln\刪除的郵件.dbx 
E:\Paomians\emailBK\Outlook ExpressAln\刪除的郵件.dbx 
E:\Paomians\NetWork\FTP\CuteFtp3.0(正式版\cute3032.exe 
E:\Paomians\NetWork\serv-u2.5i\serv-u2.5i\Setup.exe 
E:\Paomians\NetWork\serv-u2.5i\susetup.zip

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**digo** · January 17th, 2010, 06:14 PM

OTL logfile created on: 2010/1/17 下午 04:02:06 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\digo\桌面\anti virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 640 1024D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.69 Gb Free Space | 34.28% Space Free | Partition Type: NTFS
Drive D: | 152.66 Gb Total Space | 90.38 Gb Free Space | 59.20% Space Free | Partition Type: NTFS
Drive E: | 17.73 Gb Total Space | 8.74 Gb Free Space | 49.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQPC
Current User Name: digo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/17 15:56:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\digo\桌面\anti virus\OTL.exe
PRC - [2009/12/21 21:18:20 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009/12/21 21:18:20 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/18 20:53:27 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 10:30:31 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 10:54:50 | 00,061,440 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\WINDOWS\system32\PCCMFLPD.EXE
PRC - [2007/06/15 10:52:06 | 00,147,456 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
PRC - [2007/05/21 12:46:52 | 00,126,976 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
PRC - [2006/12/20 17:30:02 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2006/11/22 07:10:06 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2006/11/02 14:54:28 | 00,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
PRC - [2006/08/21 11:00:20 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2005/12/07 08:57:00 | 00,030,208 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/10/06 02:15:32 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/09/22 02:42:00 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/11/30 21:05:10 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/11/30 10:19:42 | 00,032,768 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/08/03 04:33:14 | 00,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE
PRC - [2004/06/28 20:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/02/24 15:15:58 | 00,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
PRC - [2003/10/23 22:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/12/10 03:54:04 | 00,127,022 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
PRC - [2002/10/15 05:05:30 | 00,102,400 | ---- | M] (DataFocus, Inc.) -- C:\Program Files\MKS Toolkit\bin\snmptrapd.exe
PRC - [2002/10/15 03:42:54 | 00,301,996 | ---- | M] (DataFocus, Inc.) -- C:\WINDOWS\system32\nutsrv4.exe
PRC - [2001/12/12 16:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE

========== Modules (SafeList) ==========

MOD - [2010/01/17 15:56:02 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\digo\桌面\anti virus\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ROXAR License Service)
SRV - File not found [On_Demand | Stopped] -- -- (HRS License Service)
SRV - [2009/12/21 21:18:20 | 00,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009/11/23 23:35:20 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/12/20 17:30:02 | 00,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006/08/21 11:00:20 | 00,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2005/11/13 11:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 02:15:32 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2004/11/30 21:05:10 | 00,425,984 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/11/30 07:10:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2004/08/03 04:33:14 | 00,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service)
SRV - [2004/07/14 11:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/02/24 15:15:58 | 00,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)
SRV - [2003/08/27 16:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2003/07/07 19:20:10 | 00,659,456 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\EarthDecision\Licenses\lmgrd.exe -- (GOCAD)
SRV - [2002/10/15 05:05:30 | 00,102,400 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\Program Files\MKS Toolkit\bin\snmptrapd.exe -- (MKSSNMPTRAPD)
SRV - [2002/10/15 03:42:54 | 00,301,996 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\WINDOWS\system32\nutsrv4.exe -- (NuTCRACKERService)

**digo** · January 17th, 2010, 06:15 PM

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{C8940192-9FB4-4E0E-89DD-DC62E4E81B0B}: C:\Documents and Settings\digo\Local Settings\Application Data\{C8940192-9FB4-4E0E-89DD-DC62E4E81B0B} [2009/12/13 00:05:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0EAF14B0-DD9B-4B08-BBBA-DD64BA95CC54}: C:\Documents and Settings\digo\Local Settings\Application Data\{0EAF14B0-DD9B-4B08-BBBA-DD64BA95CC54}\ [2009/12/21 20:59:18 | 00,000,000 | ---D | M]

O1 HOSTS File: ([2010/01/17 15:59:11 | 00,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NuTCSetupEnviron] C:\Program Files\MKS Toolkit\bin\ncoeenv.exe ()
O4 - HKLM..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Panasonic Communications Co.,Ltd.)
O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe (Panasonic Communications Co., Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\Ringz Studio\Storm Codec\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google 網頁註解... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: com.tw ([*.wintan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([*.wintan] https in Trusted sites)
O15 - HKCU\..Trusted Domains: entrust.com.tw ([etrade] https in Trusted sites)
O15 - HKCU\..Trusted Domains: entrust.com.tw ([ftrade] https in Trusted sites)
O15 - HKCU\..Trusted Domains: entrust.com.tw ([trade] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tachan.com.tw ([etrade] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://houstoncitrix.ryderscott.com...a32/wficac.cab (Citrix ICA Client)
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB (ICBC XCsp)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/micr...?1199976159475 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1199976138694 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} https://www.ris.gov.tw/AS2/AS2WebCOM.CAB (AS2WebCOM.AS2COM002)
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB (XMSStockPen Class)
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} http://www.cwb.gov.tw/V5/information...xVideoShow.cab (XVideoShow Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.77.0.11 207.200.7.21 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\digo\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\digo\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/12 06:27:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/22 10:19:02 | 00,028,160 | ---- | M] () - D:\Auto Bill of Sale.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[File Corrupted - Detail Data unreadable] -- C:\WINDOWS\System32\bc450rtl.dll
[2010/01/17 15:58:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/17 10:22:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/16 23:59:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/16 23:57:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/16 23:38:36 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/16 09:46:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\digo\Application Data\Malwarebytes
[2010/01/16 09:46:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/16 09:46:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/16 09:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/16 09:46:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/15 22:58:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/15 22:57:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\digo\Application Data\SUPERAntiSpyware.com
[2010/01/15 22:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/15 22:56:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/25 19:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/15 20:38:23 | 27,848,064 | ---- | C] ( ) -- C:\Program Files\AdbeRdr709_zh_TW.exe
[2007/03/13 07:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/03/13 07:03:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/02/24 08:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/24 08:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/24 08:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2005/10/12 06:26:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\Documents and Settings\digo\*.tmp files -> C:\Documents and Settings\digo\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/17 16:01:30 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/17 16:00:36 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/01/17 16:00:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 16:00:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 15:59:32 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\digo\NTUSER.DAT
[2010/01/17 15:59:27 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\digo\ntuser.ini
[2010/01/17 15:59:11 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/01/17 15:19:01 | 00,000,632 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007UA.job
[2010/01/17 10:02:11 | 00,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{607240A0-582B-4F5F-8209-4A2702C92443}.job
[2010/01/17 01:07:10 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\digo\桌面\HiJackThis.lnk
[2010/01/17 01:04:09 | 00,380,902 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/17 01:04:08 | 00,053,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/17 01:00:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/16 23:59:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/16 21:19:00 | 00,000,580 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007Core.job
[2010/01/16 09:48:38 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2010/01/15 22:57:51 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\SUPERAntiSpyware Free Edition.lnk
[2010/01/11 22:05:30 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\digo\桌面\Stock inventory 10062009.xls
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\Documents and Settings\digo\*.tmp files -> C:\Documents and Settings\digo\*.tmp -> ]

**digo** · January 17th, 2010, 06:16 PM

========== Files Created - No Company Name ==========

[2010/01/16 23:59:41 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/16 23:59:38 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/16 09:46:20 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2010/01/15 22:57:51 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\SUPERAntiSpyware Free Edition.lnk
[2009/12/21 21:18:23 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009/05/29 20:29:50 | 00,000,099 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/05/05 19:37:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\DsWarpper.dll
[2009/04/28 22:42:08 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/03 16:56:28 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/01/03 16:56:27 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/12/25 15:44:14 | 00,012,208 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/23 00:03:43 | 00,000,396 | ---- | C] () -- C:\WINDOWS\KmPcFax.INI
[2008/11/22 23:51:31 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iris.ini
[2008/11/22 23:51:26 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/11/22 23:12:49 | 00,000,258 | ---- | C] () -- C:\WINDOWS\PanaFLB881.ini
[2008/11/15 15:47:27 | 00,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008/11/15 15:47:27 | 00,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/11/15 15:47:27 | 00,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2008/11/15 15:47:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2008/11/15 15:47:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/11/15 15:47:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/15 15:47:11 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/11/08 21:08:22 | 00,000,509 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/09/30 22:33:33 | 00,001,534 | ---- | C] () -- C:\Program Files\launch.asp
[2008/07/23 22:20:18 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\DreyeSkinCtrls.dll
[2008/07/23 22:20:18 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DictInfo.dll
[2008/07/23 22:20:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\exeProc.dll
[2008/07/23 22:20:18 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DreyeMT.dll
[2007/09/18 02:37:19 | 00,000,058 | ---- | C] () -- C:\WINDOWS\PlfTextImportDll.INI
[2007/08/11 19:46:44 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/06/02 10:07:10 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/19 08:34:01 | 00,143,872 | ---- | C] () -- C:\Documents and Settings\digo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/15 02:13:13 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\digo\Local Settings\Application Data\fusioncache.dat
[2007/04/02 06:27:32 | 00,177,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\XRNBO.sys
[2007/03/17 02:43:29 | 00,000,240 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/09 08:40:36 | 00,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/03/05 08:36:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\KeyUtil.INI
[2007/03/05 08:34:58 | 00,000,010 | ---- | C] () -- C:\WINDOWS\ibmio.drv
[2007/03/02 08:36:20 | 00,000,844 | ---- | C] () -- C:\WINDOWS\Petrel 2005.INI
[2007/02/25 00:16:38 | 00,057,888 | ---- | C] () -- C:\WINDOWS\System32\golibw.dll
[2006/11/27 01:26:36 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MSSignOCX.dll
[2006/09/01 08:19:42 | 00,000,158 | ---- | C] () -- C:\WINDOWS\cpmagi6.INI
[2006/08/29 17:22:24 | 00,000,359 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/08/29 17:21:10 | 00,000,042 | ---- | C] () -- C:\WINDOWS\PowerPlayer.ini
[2006/08/09 06:58:01 | 00,000,086 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/01 23:24:37 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3k.DLL
[2006/07/31 08:47:17 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2006/07/30 23:47:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/09 07:49:46 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006/05/09 09:20:07 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMPASS.sys
[2006/05/09 08:29:55 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/05/09 08:12:44 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2006/05/09 08:12:44 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\mshcmd.sys
[2006/03/16 10:22:21 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/03/16 10:22:21 | 00,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/02/28 09:43:34 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/02/28 09:43:34 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/18 22:21:16 | 00,000,175 | ---- | C] () -- C:\WINDOWS\adslx2.ini
[2005/11/19 11:08:43 | 00,000,195 | ---- | C] () -- C:\WINDOWS\DREYE20.INI
[2005/11/18 12:11:13 | 00,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2005/11/18 11:58:57 | 00,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2005/11/18 11:58:43 | 00,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/11/17 07:27:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Text32.dll
[2005/11/17 07:27:04 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\LevelApi.dll
[2005/11/16 10:17:59 | 00,000,040 | ---- | C] () -- C:\WINDOWS\gsview32.ini
[2005/11/07 08:05:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/12 08:49:30 | 00,000,609 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/12 08:49:29 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/10/12 08:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/10/12 08:16:54 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/10/12 08:13:49 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/24 12:39:16 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/02/24 10:56:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/01/20 01:09:20 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2005/01/20 00:53:44 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/12/24 02:12:36 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\MSStockOcx.dll
[2004/12/24 00:50:00 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\MSStoreImEx.dll
[2004/04/23 01:34:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\MSGenKey.dll
[2004/03/17 18:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/29 22:39:56 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FISCOcx.dll
[2004/01/20 01:57:12 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\AS2GCA50.dll
[2003/09/30 03:47:47 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003/09/30 03:47:47 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/09/30 03:47:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/30 03:47:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003/09/30 03:47:46 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/05/07 20:16:28 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\NILogView.dll
[2002/12/03 17:27:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\TEQ1.dll
[2002/10/15 03:48:38 | 00,106,610 | ---- | C] () -- C:\WINDOWS\System32\nutsh4.DLL
[2001/08/29 05:57:40 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2001/04/16 08:39:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\RegCerts.dll
[2000/10/12 03:26:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\UCSBFive.dll
[2000/10/12 03:26:08 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\BfiveUcs.dll
[1999/01/26 23:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/12 17:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2007/04/04 07:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering
[2008/11/22 23:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/11/22 12:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/11/20 23:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/07/29 04:39:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/15 03:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\Decisioneering
[2008/11/11 23:04:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\ICAClient
[2008/07/23 22:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\Inventec
[2007/06/26 08:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\NCH Swift Sound
[2008/11/23 00:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\Panasonic
[2009/04/28 22:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\pdf995
[2005/10/15 23:09:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\VanDyke
[2009/09/04 13:47:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\digo\Application Data\Vso
[2010/01/17 10:02:11 | 00,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{607240A0-582B-4F5F-8209-4A2702C92443}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

**Broni** · January 17th, 2010, 06:27 PM

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
- O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
- O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
- O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

**digo** · January 17th, 2010, 06:38 PM

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 下午 04:37:46, on 2010/1/17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O1 - Hosts: ?27.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://*.wintan.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://houstoncitrix.ryderscott.com...a32/wficac.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1199976159475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199976138694
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} (AS2WebCOM.AS2COM002) - https://www.ris.gov.tw/AS2/AS2WebCOM.CAB
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} (XMSStockPen Class) - https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://www.cwb.gov.tw/V5/information...xVideoShow.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GOCAD - Macrovision Corporation - C:\Program Files\EarthDecision\Licenses\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HRS License Service - Unknown owner - C:\Program Files\HRS\license manager\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ROXAR License Service - Unknown owner - C:\Program Files\ROXAR\FLEXlm 9.2\lmgrd.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 10535 bytes

**Broni** · January 17th, 2010, 06:40 PM

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

**digo** · January 17th, 2010, 11:04 PM

Thanks a lot! Really appreciate your patient help! Will follow your advise!

**Broni** · January 17th, 2010, 11:25 PM

You're very welcome

Is the computer doing fine?

Thread: Got infected, WIN32/Agent.DT trojan, please see hijackThis

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions