Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Agent identified by Malwarebytes


  • This topic is locked This topic is locked
17 replies to this topic

#1 Glenski

Glenski

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 19 July 2010 - 12:34 AM

Here is my DDS logs as you requested as supplemental info to my Rootkit Agent. I am currently making the log of GMER and will attach it when it ready.
Thank you in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Glen at 13:29:17.40 on 2010/07/19
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1041.18.767.276 [GMT 9:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\Drivers\bwcsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NTTE\Flets\app\TangoService.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe
C:\PROGRA~1\NTTE\Flets\app\TangoManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Glen\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: ShowTangoBar Class: {603ec267-504e-4bd4-97f3-5dd71a271eaf} - c:\program files\ntte\flets\app\TangoIEBar.dll
BHO: Windows Live サインイン ヘルパー: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: フレッツ接続ツール: {831aa893-5930-4a2b-8d38-b881ad1764e2} - c:\program files\ntte\flets\app\TangoIEBar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WelcomePad]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\glen\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [NECMFK] c:\program files\necmfk\necmfk.exe
mRun: [NMFTASK] NMFTASK.EXE /RESET
mRun: [TGL] c:\windows\tcstart.exe
mRun: [TangoManager] c:\progra~1\ntte\flets\app\TANGOM~1.EXE
mRun: [NTTE_OSA_AUS] "c:\program files\ntte\osa_supporttool\aus\acs.exe" -silent
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] ctfmon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\ベター~1\プロバ~1\ベター~1\client~1.lnk - c:\program files\buffalo\client manager2\ClientMgr2.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Easy-WebPrint プレビュー - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint 印刷 - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Easy-WebPrint 印刷リストに追加 - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint 高速印刷 - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Microsoft Excel にエクスポート(&X) - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Photobucket Publisher - hxxp://s159.photobucket.com/csve/ie_plugin.php
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxps://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102772916480
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://a-gate.obihiro.ac.jp/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.217349537
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxps://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: dotnet3.exe - c:\windows\microsoft.net\framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO: dotnet3[1].exe - c:\windows\microsoft.net\framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO: dotnet3[2].exe - c:\windows\microsoft.net\framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO: dotnetfx.exe - c:\windows\microsoft.net\framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO: dotnetfx3.exe - c:\windows\microsoft.net\framework\v2.0.50727\DotNetFxInstallBlock.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\glen\applic~1\mozilla\firefox\profiles\q2242rsc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.jp/
FF - plugin: c:\documents and settings\glen\application data\mozilla\firefox\profiles\q2242rsc.default\extensions\npnelaunch@sonicwall.com\plugins\npNELaunch.dll
FF - plugin: c:\documents and settings\glen\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\glen\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\glen\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-25 28552]
R1 MFKGTKEY;MFKGTKEY;c:\windows\system32\drivers\mfkgtkey.sys [2002-8-29 10368]
R1 Ps2LedIF;Ps2LedIF;c:\windows\system32\drivers\Ps2LedIF.sys [2002-8-29 5174]
R2 bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [2003-12-21 19840]
R2 NT Meter;NT Meter;c:\windows\system32\NTMETER.EXE [2002-8-29 65536]
R2 ReadSctService;ReadSector;c:\smdata\ReadSctService.exe [2002-8-29 49152]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [2004-4-20 338048]
R3 ENETNT5;Efficient Networks, tango Access PPPoE WAN Miniport;c:\windows\system32\drivers\enetnt.sys [2006-4-20 50400]
R3 LOGNT;LOGNT;c:\progra~1\ntte\flets\app\lognt.sys [2006-4-20 6912]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-8-29 806342]
R3 NTSTPL1;NTSTPL1;c:\progra~1\ntte\flets\app\NTSTPL1.SYS [2006-4-20 18848]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;c:\windows\system32\drivers\Ps2Led.sys [2002-8-29 7456]
R3 TAPBIND;TAPBIND;c:\progra~1\ntte\flets\app\TAPBIND1.SYS [2006-4-20 51008]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 121PROCT;121PROCT;\??\c:\progra~1\gtagent\gtaction\triggers\121proct.sys --> c:\progra~1\gtagent\gtaction\triggers\121PROCT.sys [?]
S3 MFKLED;MFKLED;c:\windows\system32\drivers\mfkled.sys [2002-8-29 8229]
S3 NTSTPL2;NTSTPL2;c:\progra~1\ntte\flets\app\NTSTPL2.SYS [2006-4-20 18848]
S3 RAWESR;RAWESR;c:\progra~1\ntte\flets\app\RAWESR.SYS [2006-4-20 16316]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-24 20504]
S3 USBZC0301;MCM-01SL;c:\windows\system32\drivers\usbcam.sys [2005-10-9 111304]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-06-22 21:13:48 0 d--h--w- C:\VritualRoot
2010-06-22 21:12:13 105393 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-06-22 12:17:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader

==================== Find3M ====================

2010-06-15 12:05:40 67 ----a-w- c:\program files\rem_cdk.bat
2010-05-04 17:15:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:15:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:15:22 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 08:24:38 1850496 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 08:09:56 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-04-23 13:03:21 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:46:38 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-13 14:08:11 78160 ----a-w- c:\program files\AutoFix.exe
2007-05-03 02:08:27 654920 ----a-w- c:\program files\mtinst.exe
2007-04-24 08:47:54 468541 ----a-w- c:\program files\RegSeeker.zip
2007-04-17 14:01:32 2212 ----a-w- c:\program files\History.txt
2007-04-15 08:35:43 7943248 ----a-w- c:\program files\CFP_Setup_English_2.4.18.184.exe
2007-04-09 12:02:04 883 ----a-w- c:\program files\Options.txt
2007-03-09 18:27:52 38653 ----a-w- c:\program files\ReleaseNotes2.htm
2006-10-20 07:04:58 441 ----a-w- c:\program files\regfav.ini
2006-10-20 04:34:36 3317 ----a-w- c:\program files\RegHist.txt
2006-10-11 04:34:26 1442 ----a-w- c:\program files\README.txt
2005-12-11 14:21:10 5003 ----a-w- c:\program files\Licence.txt
2005-02-06 09:03:33 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-02-06 08:59:56 494704 ----a-w- c:\program files\ytb02_efgsip.exe
2004-08-08 14:17:29 7577658 ----a-w- c:\program files\lvsetup.exe
2009-07-12 04:17:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:31:13.68 ===============

Attached Files


Edited by Glenski, 19 July 2010 - 02:16 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 25 July 2010 - 01:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 30 July 2010 - 06:55 AM

Thank you for your reply and advice. Here are the two files you asked for from the OTL scan.
What more can I tell you about this Rootkit Agent? I have it, and it's recommended that I remove it immediately by many sites on the Internet. I tried with Malwarebytes and GMER. I don't know if any of my computer problems are related, but here's a summary of them:
slow boot of Yahoo as my default browser
inability to burn disks anymore
frequent inability to recognize my printer or a USB drive attached

OTL Extras logfile created on: 2010/07/30 20:34:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Glen\デスクトップ
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

767.00 Mb Total Physical Memory | 343.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.68 Gb Total Space | 12.73 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.87 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GLENYOSHIE
Current User Name: Glen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@niftyでインターネット" = @niftyでインターネット
"@nifty接続アシスタント" = @nifty接続アシスタント
"{0136C571-2631-448E-A367-9D79C5262590}" = ファミリーウィンドウ
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow DX Update Manager
"{0A659A56-F08E-4B58-9E73-6BF35AF5556D}" = インターネット無料体験
"{0BFFB662-7EE5-4808-8815-C8E4A556DBE0}" = 読取革命Lite
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{350C97B1-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3902A18C-E17E-45E8-A121-9EC6234E63F6}" = ドット・ゲートサービス/Web サーバー導入ガイド
"{3F9A192C-1152-48C2-9513-17CE931FC4DC}" = ホームネット簡単設定ツール
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP ドライバ 6.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEBDC4C-9C53-44D2-8C24-0545F333EEEC}" = 簡単クリック設定ツール
"{4EE2D705-1745-42F2-A236-57721E5D403B}" = はがき作家 2 Free
"{5404E185-BD7C-4A72-ABD0-91A411A05726}" = Ulead VideoStudio 6 SE Basic
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C6D8298-EC9C-49D1-AB5B-67628A618063}" = DION (KDDI)
"{7E4B224B-CD7E-4DDC-B755-589E0454455D}" = 東京電話インターネット サインアップツール
"{8653730A-683D-4C42-BB18-6471291D5DEA}" = Canon MP Navigator 1.1
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = VERITAS RecordNow DX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91330411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Personal
"{A009039D-5DD1-463F-86D2-AF2807F2BD6F}" = MCM-01SL
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6926448-9CCB-4A5B-B036-75779D492AC8}" = BIGLOBEでインターネット
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD654E00-16B7-499C-B2D1-4D11365A061D}" = プリント工房2010
"{B35900E9-F66E-472D-B8D2-5FC12E766D8F}" = ODN Signup Software
"{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}" = Microsoft .NET Framework 2.0 Client Service Pack 2
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = Vimicro USB PC Camera (ZC0301PLH)
"{CE5C74A5-F566-4E49-8A3D-7E5A05714806}" = Windows Live サインイン アシスタント
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = フォト・ナビゲーター1.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D18C3BD7-52BD-4DA4-A89C-3B23E27B88B2}" = Microsoft Outlook Plus! Version 2.0
"{D3B16DA0-1E93-11D5-A26F-009027CB933C}" = So-net簡単スターターV2.3
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D95ED581-3C67-4BB4-AA50-DDCC6A97226D}" = ArcSoft PhotoStudio 5.5
"{E1E98A6B-880A-4212-9BE0-65637D4D59F8}" = BeatJam
"{E2FC0919-4E01-4C16-B9F8-0C78D83F3368}" = Ulead DVD MovieWriter
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63BF3C0-D774-11D5-9241-444553540000}" = フレッツ接続ツール
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CDKNet" = CDK Players
"ChIntCal" = 国際電話ダイヤルアップ アラーム
"Convert Image_is1" = Convert Image
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"FileZilla" = FileZilla (remove only)
"FreshVoice" = FreshVoice for NEC
"getPlus_ocx" = getPlus_ocx
"HagakiWriter2 Free" = はがき作家 2 Free
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3902A18C-E17E-45E8-A121-9EC6234E63F6}" = ドット・ゲートサービス/Web サーバー導入ガイド
"InstallShield_{3F9A192C-1152-48C2-9513-17CE931FC4DC}" = ホームネット簡単設定ツール
"KARUGARUnet 4.0" = KARUGARUnet 4.0
"lion_ss2" = lion_ss2スクリーンセーバー
"LiquidView" = LiquidView
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"LView Pro Evaluation Version" = LView Pro Evaluation Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDDirectPrint" = らくちんCDダイレクトプリント for Canon
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OCNスタートパック" = OCNスタートパック
"Pixillion" = Pixillion Image Converter
"PROSet" = Intel PRO Ethernet Adapter and Software
"SANNET" = SANNET
"Sony Digital Voice Editor 3" = Sony Digital Voice Editor 3
"UN900104" = BUFFALO Client Manager2
"VeryPDF PDF Editor v2.2_is1" = VeryPDF PDF Editor v2.2
"WIC" = Windows Imaging Component
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Messenger" = Yahoo! Messenger
"オンラインラボ工房" = オンラインラボ工房
"しゃばけ" = しゃばけスクリーンセーバー
"診断復旧ツール_is1" = 診断復旧ツール
"生活情報ポータル アイモーニング" = 生活情報ポータル アイモーニング
"蔵衛門デジブック" = 蔵衛門デジブック (V9.0)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010/04/14 18:28:16 | Computer Name = GLENYOSHIE | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.3416.0, faulting module
winword.exe, version 10.0.3416.0, fault address 0x00486b2b.

Error - 2010/04/15 9:26:32 | Computer Name = GLENYOSHIE | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.3416.0, faulting module
winword.exe, version 10.0.3416.0, fault address 0x00486b2b.

Error - 2010/04/17 3:50:07 | Computer Name = GLENYOSHIE | Source = Google Update | ID = 20
Description =

Error - 2010/05/04 0:31:20 | Computer Name = GLENYOSHIE | Source = MsiInstaller | ID = 11706
Description = 製品 : Microsoft Office XP Personal -- エラー 1706. 必要なファイルが見つかりません。ネットワークへの接続または
CD-ROM ドライブに問題がないか確認してください。それ以外の可能性のある解決法については C:\Program Files\Microsoft Office\Office10\1041\SETUP.HLP
を参照してください。

Error - 2010/05/10 0:50:41 | Computer Name = GLENYOSHIE | Source = Google Update | ID = 20
Description =

Error - 2010/05/28 19:50:17 | Computer Name = GLENYOSHIE | Source = Google Update | ID = 20
Description =

Error - 2010/06/08 9:09:39 | Computer Name = GLENYOSHIE | Source = crypt32 | ID = 131080
Description = <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
からのサード パーティのルート一覧シーケンス番号の取得を自動更新できませんでした。エラー: タイムアウト期間が経過したため、この操作は終了しました。

Error - 2010/06/26 1:30:10 | Computer Name = GLENYOSHIE | Source = EventSystem | ID = 4609
Description = COM+ イベント システムは、内部処理中に無効なリターン コードを検出しました。HRESULT は、行 d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp
の 44 から 8007043C でした。マイクロソフト製品サポート サービスまでこのエラーについて報告してください

Error - 2010/07/18 2:12:37 | Computer Name = GLENYOSHIE | Source = MsiInstaller | ID = 11706
Description = 製品 : Microsoft Office XP Personal -- エラー 1706. 必要なファイルが見つかりません。ネットワークへの接続または
CD-ROM ドライブに問題がないか確認してください。それ以外の可能性のある解決法については C:\Program Files\Microsoft Office\Office10\1041\SETUP.HLP
を参照してください。

Error - 2010/07/18 2:49:37 | Computer Name = GLENYOSHIE | Source = MsiInstaller | ID = 11706
Description = 製品 : Microsoft Office XP Personal -- エラー 1706. 必要なファイルが見つかりません。ネットワークへの接続または
CD-ROM ドライブに問題がないか確認してください。それ以外の可能性のある解決法については C:\Program Files\Microsoft Office\Office10\1041\SETUP.HLP
を参照してください。

[ System Events ]
Error - 2010/07/26 7:58:33 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/26 17:25:07 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/27 7:33:38 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/27 17:30:54 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/27 19:42:37 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/28 7:28:10 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/28 17:42:19 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/29 9:02:00 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/29 17:40:43 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd

Error - 2010/07/30 7:27:57 | Computer Name = GLENYOSHIE | Source = Service Control Manager | ID = 7026
Description = 次のブート開始ドライバまたはシステム開始ドライバを読み込むことができませんでした: Lbd


< End of report >

OTL logfile created on: 2010/07/30 20:34:51 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Glen\デスクトップ
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

767.00 Mb Total Physical Memory | 343.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.68 Gb Total Space | 12.73 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.87 Gb Free Space | 46.30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GLENYOSHIE
Current User Name: Glen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/30 20:33:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\デスクトップ\OTL.exe
PRC - [2010/07/25 10:09:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 10:09:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/11 16:21:16 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2007/06/13 22:22:28 | 001,026,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/20 22:17:24 | 002,658,304 | ---- | M] (Efficient Networks Inc.) -- C:\Program Files\NTTE\Flets\app\TangoManager.exe
PRC - [2005/11/03 11:00:44 | 000,061,440 | ---- | M] () -- C:\Program Files\NTTE\Flets\app\TangoService.exe
PRC - [2005/06/23 11:13:44 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM303_STI.EXE
PRC - [2004/05/06 16:14:34 | 000,438,272 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe
PRC - [2004/04/20 16:48:58 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\BWCSRV.EXE
PRC - [2002/08/28 22:21:20 | 000,049,152 | ---- | M] () -- C:\Smdata\ReadSctService.exe
PRC - [2002/07/07 00:00:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\NTMETER.EXE
PRC - [2001/08/23 01:44:36 | 000,066,879 | ---- | M] (NEC) -- C:\Program Files\NECMFK\necmfk.exe


========== Modules (SafeList) ==========

MOD - [2010/07/30 20:33:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\デスクトップ\OTL.exe
MOD - [2006/08/26 00:49:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 16:55:13 | 000,811,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imjp81k.dll
MOD - [2004/08/04 16:53:06 | 000,340,023 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imjp81.ime
MOD - [2004/08/04 15:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 14:31:49 | 000,110,637 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\IMJP8_1\DICTS\imjpcd.dic


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/11/03 11:00:44 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\NTTE\Flets\app\TangoService.exe -- (TangoService)
SRV - [2004/04/20 16:48:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\drivers\BWCSRV.EXE -- (bwcsrv)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2002/08/28 22:21:20 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Smdata\ReadSctService.exe -- (ReadSctService)
SRV - [2002/07/07 00:00:04 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\NTMETER.EXE -- (NT Meter)
SRV - [2002/03/13 10:59:02 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Glen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GTAGENT\GTACTION\TRIGGERS\121PROCT.sys -- (121PROCT)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/24 06:55:34 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2006/11/01 22:18:02 | 000,067,345 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2005/10/13 13:15:12 | 000,018,848 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\NTTE\Flets\app\NTSTPL2.SYS -- (NTSTPL2)
DRV - [2005/10/13 13:15:12 | 000,018,848 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\NTTE\Flets\app\ntstpl1.sys -- (NTSTPL1)
DRV - [2005/10/13 13:15:10 | 000,051,008 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\NTTE\Flets\app\tapbind1.sys -- (TAPBIND)
DRV - [2005/10/13 13:14:58 | 000,016,316 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\NTTE\Flets\app\RAWESR.sys -- (RAWESR)
DRV - [2005/08/24 11:04:42 | 000,050,400 | ---- | M] (Siemens Subscriber Networks, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\enetnt.sys -- (ENETNT5)
DRV - [2005/07/14 12:59:06 | 000,389,788 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2005/06/24 13:46:10 | 000,006,912 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\NTTE\Flets\app\LOGNT.SYS -- (LOGNT)
DRV - [2004/08/04 15:07:55 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB オーディオ ドライバ (WDM)
DRV - [2004/04/20 11:46:28 | 000,338,048 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (CBBCM43)
DRV - [2004/01/09 05:32:45 | 000,009,600 | R--- | M] (BUFFALO INC.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)
DRV - [2003/12/21 17:21:02 | 000,019,840 | ---- | M] (BUFFALO INC.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BWCDRV.SYS -- (bwcdrv)
DRV - [2003/01/11 06:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/07/19 20:32:28 | 000,010,368 | ---- | M] (NEC Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfkgtkey.sys -- (MFKGTKEY)
DRV - [2002/07/18 10:56:12 | 000,079,137 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/05/25 02:35:44 | 000,111,304 | ---- | M] (ZSMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcam.sys -- (USBZC0301)
DRV - [2002/03/05 22:30:30 | 000,385,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/02/06 19:43:50 | 000,008,229 | ---- | M] (NEC Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfkled.sys -- (MFKLED)
DRV - [2001/08/28 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/02 15:28:06 | 000,806,342 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2001/05/16 23:06:20 | 000,005,174 | ---- | M] (NEC) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ps2ledif.sys -- (Ps2LedIF)
DRV - [2001/05/16 23:00:12 | 000,007,456 | ---- | M] (NEC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ps2Led.sys -- (Ps2Led)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-801667920-2020637620-97400744-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.jp/"
FF - prefs.js..extensions.enabledItems: mozilla-cpref@melez.com:0.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: npNELaunch@sonicwall.com:3.0.1.73
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 10:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 10:09:14 | 000,000,000 | ---D | M]

[2008/06/20 07:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions
[2010/07/29 07:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions
[2010/04/30 22:36:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/15 06:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions\foxmarks@kei.com
[2009/09/24 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions\mozilla-cpref@melez.com
[2010/02/10 21:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions\npNELaunch@sonicwall.com
[2010/06/28 23:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\q2242rsc.default\extensions\zotero@chnm.gmu.edu
[2010/07/21 23:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 22:05:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/01/09 06:48:47 | 000,027,960 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/01/09 06:48:48 | 000,126,344 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/01/09 06:48:45 | 000,060,808 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/04/23 22:03:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/09 10:23:45 | 000,319,111 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10946 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ShowTangoBar Class) - {603EC267-504E-4BD4-97F3-5DD71A271EAF} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll (Siemens Subscriber Network, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (フレッツ接続ツール) - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll (Siemens Subscriber Network, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..\Toolbar\WebBrowser: (フレッツ接続ツール) - {831AA893-5930-4A2B-8D38-B881AD1764E2} - C:\Program Files\NTTE\Flets\app\TangoIEBar.dll (Siemens Subscriber Network, Inc.)
O3 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [NECMFK] C:\Program Files\NECMFK\necmfk.exe (NEC)
O4 - HKLM..\Run: [NMFTASK] C:\WINDOWS\System32\nmftask.exe (NEC Corporation)
O4 - HKLM..\Run: [NTTE_OSA_AUS] C:\Program Files\NTTE\OSA_SupportTool\aus\acs.exe (東日本電信電話株式会社)
O4 - HKLM..\Run: [TangoManager] C:\Program Files\NTTE\Flets\app\TangoManager.exe (Efficient Networks Inc.)
O4 - HKLM..\Run: [TGL] C:\WINDOWS\TCSTART.EXE (NECカスタムテクニカ)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-801667920-2020637620-97400744-1005..\Run: [WelcomePad] File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\ClientManager2.lnk = C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/03/23 18:31:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Easy-WebPrint プレビュー - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 印刷 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 印刷リストに追加 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint 高速印刷 - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/03/23 18:31:35 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/03/23 18:31:35 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-801667920-2020637620-97400744-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.com/download/xclean_micro.exe (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/downl...lscbase5059.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1102772916480 (WUWebControl Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://a-gate.obihiro.ac.jp/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37899.217349537 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://s159.photobucket.com/csve/ie_plugin.php (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Desktop Background.bmp
O27 - HKLM IFEO\dotnet3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnet3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx30SP1setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx35setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\dotnetfx3setup[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx20SP2_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx30SP1_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_ia64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx35_x86[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64.exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[1].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O27 - HKLM IFEO\NetFx64[2].exe: Debugger - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/28 19:56:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ac3bc220-09d5-11dd-b728-54414e474f31}\Shell\AutoRun\command - "" = F:\pcsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: AtiPTA - hkey= - key= - File not found
MsConfig - StartUpReg: BigDog303 - hkey= - key= - C:\WINDOWS\VM303_STI.EXE (Vimicro)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Glen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: StorageGuard - hkey= - key= - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - ダイナミック HTML データ バインド for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - 上級オーサリング
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java クラス
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web フォルダ
ActiveX: {76C19B30-F0C8-11cf-87CC-0020AFEECF20} - Japanese Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - タスク スケジューラ
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/30 20:33:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glen\デスクトップ\OTL.exe
[2010/07/05 15:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\デスクトップ\英検2010
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/30 20:33:15 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\デスクトップ\OTL.exe
[2010/07/30 20:27:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 20:27:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/30 07:46:32 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Glen\NTUSER.DAT
[2010/07/30 07:46:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Glen\ntuser.ini
[2010/07/30 06:55:11 | 000,000,780 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-801667920-2020637620-97400744-1005UA.job
[2010/07/30 06:55:07 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-801667920-2020637620-97400744-1005Core.job
[2010/07/28 09:47:44 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Glen\デスクトップ\Microsoft Outlook.lnk
[2010/07/24 09:17:17 | 000,051,048 | ---- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 17:24:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/19 16:03:51 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 13:28:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Glen\デスクトップ\dds.scr
[2010/07/16 09:55:40 | 000,172,272 | -H-- | M] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\IconCache.db
[2010/07/04 17:02:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/19 13:31:08 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Glen\デスクトップ\dds.scr
[2010/05/19 21:09:45 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2010/05/19 21:09:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2009/07/24 20:44:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\fgacc.sys
[2009/03/22 17:27:33 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/26 17:28:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/06 18:08:29 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/08/07 22:26:43 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/12/23 10:06:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SW_Win2000X48.DLL
[2007/12/23 10:05:14 | 000,009,200 | ---- | C] () -- C:\WINDOWS\CI_SearchHistory.INI
[2006/11/01 22:18:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2006/11/01 22:18:02 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2006/08/22 23:09:12 | 000,000,243 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/23 22:41:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll
[2006/03/23 22:41:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\RunSetup.dll
[2005/10/10 17:56:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6i.DLL
[2005/10/10 16:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/10 16:54:09 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2005/05/31 17:15:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/03/05 22:36:30 | 000,000,177 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/03/05 22:36:30 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/01/06 17:49:30 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2004/03/23 11:45:18 | 000,041,564 | ---- | C] () -- C:\WINDOWS\UN900104.INI
[2004/01/11 10:41:19 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2004/01/11 10:41:18 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/11/18 01:37:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2003/02/24 22:55:52 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2003/02/24 22:55:52 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2003/02/24 22:55:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2003/01/03 17:06:35 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/03 15:39:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/30 14:06:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/08/30 14:01:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFWMP12N.DLL
[2002/08/30 12:26:05 | 000,817,152 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/08/30 12:26:05 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/08/30 12:26:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Wheel.dll
[2002/08/29 21:30:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PasoGuide.dll
[2002/08/29 21:26:10 | 000,004,738 | ---- | C] () -- C:\WINDOWS\NECFIRST.INI
[2002/08/29 21:11:20 | 000,000,566 | ---- | C] () -- C:\WINDOWS\MDMCHK.INI
[2002/08/29 15:01:28 | 000,000,967 | ---- | C] () -- C:\WINDOWS\necmfk.ini
[2002/08/29 14:51:13 | 000,000,436 | ---- | C] () -- C:\WINDOWS\WMFKBPOK.INI
[2002/08/28 20:37:03 | 000,000,840 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/28 19:39:22 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/28 19:39:05 | 000,042,841 | ---- | C] () -- C:\WINDOWS\System32\key02.sys
[2002/08/28 19:39:05 | 000,042,633 | ---- | C] () -- C:\WINDOWS\System32\keyax.sys
[2002/08/28 19:39:05 | 000,002,990 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
[2002/08/28 19:39:05 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
[2002/08/28 19:39:04 | 000,065,392 | ---- | C] () -- C:\WINDOWS\System32\msimek.sys
[2002/08/28 19:39:04 | 000,054,700 | ---- | C] () -- C:\WINDOWS\System32\$ias.sys
[2002/08/28 19:39:04 | 000,044,496 | ---- | C] () -- C:\WINDOWS\System32\msimei.sys
[2002/08/28 19:39:04 | 000,039,808 | ---- | C] () -- C:\WINDOWS\System32\msime.sys
[2002/08/28 19:39:04 | 000,027,956 | ---- | C] () -- C:\WINDOWS\System32\appsicon.dll
[2002/08/28 19:39:04 | 000,020,688 | ---- | C] () -- C:\WINDOWS\System32\$disp.sys
[2002/08/28 19:39:04 | 000,013,597 | ---- | C] () -- C:\WINDOWS\System32\msimed.sys
[2002/08/28 19:39:04 | 000,004,701 | ---- | C] () -- C:\WINDOWS\System32\kkcfunc.sys
[2002/08/28 19:39:04 | 000,004,125 | ---- | C] () -- C:\WINDOWS\System32\$prnescp.sys
[2002/08/28 19:39:04 | 000,000,901 | ---- | C] () -- C:\WINDOWS\System32\ntfont.sys
[2002/08/28 19:38:05 | 000,229,088 | ---- | C] () -- C:\WINDOWS\System32\lanman.drv
[2002/07/09 20:57:00 | 000,001,871 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/04 04:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2005/01/04 10:26:19 | 022,608,301 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005/01/04 10:26:19 | 022,608,301 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\332d2b3cb45aedf9098161883a24dd36\agp440.sys
[2004/08/04 15:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 15:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 15:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/07 11:57:36 | 012,130,502 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/01/04 10:26:19 | 022,608,301 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/07 11:57:36 | 012,130,502 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2005/01/04 10:26:19 | 022,608,301 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 17:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 03:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\332d2b3cb45aedf9098161883a24dd36\atapi.sys
[2004/08/04 14:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 14:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 14:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 16:55:11 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6013080F0A7551D5B599CDBEB72A0903 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 16:55:11 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6013080F0A7551D5B599CDBEB72A0903 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 16:55:11 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6013080F0A7551D5B599CDBEB72A0903 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 11:25:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BA772C4BE222DEA00BFDF1D63DB428CB -- C:\WINDOWS\SoftwareDistribution\Download\332d2b3cb45aedf9098161883a24dd36\eventlog.dll
[2002/09/04 02:26:48 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8077F0096B67B3512E7ECE98FEF47E6 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/09/04 02:26:52 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=11BDB3B75B8A85730AD62F6BB2A8A2D1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/07 03:46:12 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=4B16A8B121D501F30EA77EA997817F50 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 03:46:12 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=4B16A8B121D501F30EA77EA997817F50 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 16:55:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=54104E2AF7A0578E22A3F973CFE9EEEA -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 16:55:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=54104E2AF7A0578E22A3F973CFE9EEEA -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 16:55:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=54104E2AF7A0578E22A3F973CFE9EEEA -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 11:25:55 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=BF2BC608180C67A535BF07F52E5842A5 -- C:\WINDOWS\SoftwareDistribution\Download\332d2b3cb45aedf9098161883a24dd36\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/09/04 02:26:54 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=28BDA89D361CE7DFA72544C04A9BE267 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 16:55:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=394814C58864702C1988044BAB75DC06 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 16:55:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=394814C58864702C1988044BAB75DC06 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 16:55:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=394814C58864702C1988044BAB75DC06 -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 11:25:59 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=3EF97982126C0C03C7F055B5BA13360E -- C:\WINDOWS\SoftwareDistribution\Download\332d2b3cb45aedf9098161883a24dd36\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2001/08/17 14:55:56 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101.dll
[2001/08/28 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd106.dll
[2001/08/28 21:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnec.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/08/29 04:43:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/08/29 04:43:28 | 000,598,016 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/08/29 04:43:28 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Edited by Glenski, 30 July 2010 - 06:58 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 31 July 2010 - 08:32 AM

Hi,

can you please provide the log from Malwarebytes where the Rootkit Agent was discovered?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 31 July 2010 - 09:13 AM

Sure. Here are the last 2 I did. One is a quick scan, the other is a full scan. I was planning on doing another this weekend.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

2010/07/11 17:09:46
mbam-log-2010-07-11 (17-09-46).txt

Scan type: Quick scan
Objects scanned: 156764
Time elapsed: 14 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4241

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

2010/06/26 14:36:23
mbam-log-2010-06-26 (14-36-23).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 235093
Time elapsed: 4 hour(s), 31 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Glenski, 31 July 2010 - 09:14 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 01 August 2010 - 02:04 AM

Hi,

this doesn't show MBAM finding anything? Has this been the case since you removed the rootkit agent for the first time?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 01 August 2010 - 03:27 AM

When I have done a scan (4-5 times in the past couple of months), Malwarebytes finishes with an announcement window that shows one infection: a Rootkit Agent.

I take the required step and tell Malwarebytes to delete it, yet it shows up again and again. I don't know why it doesn't show up in the logs I sent you. I have noticed that peculiarity, too.

Any thoughts?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 04 August 2010 - 03:55 PM

Hi,

sorry for the delay. The logs you sent me are from June and the 11th July. Maybe they are just to old, could you try to post the logs from august?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 August 2010 - 04:14 PM

The logs are always the same. MB finishes the scan, pops up with 1 infection, and the log shows nothing. I'll give you another one, but it takes 3-4 hours to complete, and I'm really very busy right now. Give me a couple of days. No other advice in the meantime?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 06 August 2010 - 03:22 AM

Hi,

without knowing what Malwarebytes is finding I am pretty much in the dark. Do you ever see the file name? If so can you just tell me, that would give me something to go on.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 06 August 2010 - 07:07 AM

I'm sorry I can't give you more immediately. No, there has never been any further ID of the Rootkit Agent. After the MB scan and the announcement window, I click on the plus sign to try getting that info, but there is nothing except "Rootkit Agent".

I'm leaving town for 4 days starting tomorrow, and there's no time to do another scan before I get back. I hope you can wait.

Makes me uneasy knowing there is something like that on my computer in the meantime.

Another little oddity I've noticed in the past few weeks. May or may not be connected to the Rootkit Agent, as I don't recall exactly when it started. Upon startup, when I try opening Firefox, sometimes (yes, not always, but very frequently) Firefox stalls after it loads my default starting page (Yahoo.co.jp) and shows a warning about an "unresponsive script". Lately it's been the same message, but I've seen a different one from time to time. Now it says:
script: chrome://zotero/content/xpcom/translate.js:255
I have recently installed Zotero, but I do not use Google Chrome (never have), so I don't understand this. Doesn't seem to matter whether I click "continue" or "stop" or just X out the warning. Firefox seems to continue after that.

Tell you what. I'll run a MB quick scan and see what happens tonight.

Edited by Glenski, 06 August 2010 - 07:09 AM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 06 August 2010 - 07:23 AM

Hi,

a quick reply before you leave:
chrome is also the user interface of firefox. The message "chrome: some message" is a normal firefox error message you will see form time to time and has no relation to the browser from google.

Zotero seems to be related to this add on: https://addons.mozilla.org/de/firefox/addon/3504/
Maybe see if it looks familiar to you. From the logs I would think it is installed in your Firefox. Try disabling it to see if this solves the freezing.

The detection from Malwarebytes could always be a false positive. This is why I am trying to find out which file is detected. Depending on whether it correctly or falsely detects a file completely different paths need to be taken.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 06 August 2010 - 08:08 AM

I don't have the vaguest idea how to disable Zotero. I have it installed on this (my home) computer and my office laptop so I can add reference links from either location.

I understand what you want me to do with regard to finding out the name of the Rootkit Agent, and I understand the possibility of a false positive.

Ran into a snag with MB. Even last night when I tried to run a scan, a similar thing happened. During the scan itself, an error message popped up that said essentially "something happened", and I had to close MB. It was late by the time I got back to it, so I gave up resuming the scan.

Just now tried to do a scan. Got to the update stage, and I got the same "something happened" error message, and I had to close MB. When I tried to reopen it, I got a message saying it was already running, but no window opened. I uninstalled MB, shut off all other programs and downloaded a new copy. During the install, things seemed to go ok. After the final screen, it was about to open MB and perform an update, but it never got past the final install screen. Instead, that disappeared, and the "something happened" message appeared.

I rebooted. Frustrated at all of this, here I am again.

Just wanted to let you know that not only is Firefox taking longer than usual to open in the past few weeks since I uninstalled Avast (1-2 minutes now vs. 15 seconds just after the uninstall and Firefox's original install over a year ago). Moreover, gmail seems to take a while longer to open, too. Instead of 5 seconds, it can be up to 30 seconds. Not sure if any of this is related, but I thought you should know.

#14 Glenski

Glenski
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 06 August 2010 - 08:20 AM

Well, I tried running MB again anyway. It updated all right, but a few minutes into the quick scan it stopped and gave me the same message as last night ("something happened"). I have only one button to push to clear it, and after that another window came up saying drwtsn32.exe and some error message (sorry, it's in Japanese).



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:45 AM

Posted 06 August 2010 - 09:27 AM

Hi,

you can disable an add on by clicking on Tools, then Add-ons. If it is not automatically selected, select Extensions and scroll down to the add on in question. Select it and you should be able to disable it.

If you have a general slowness could you try to bring up your taskmanager and check whether a process is eating up all your CPU.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users