Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opachki.ru infection, also FunWebProducts present


  • This topic is locked This topic is locked
18 replies to this topic

#1 headmotty

headmotty

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 26 October 2010 - 03:27 AM

My browser is almost at a dead standstill. SpyBot found 6 entries of Opachki, and 2 a bunch of FWP. Could not do anyting with Opachki, but could delete most of FWP entries - still left with two directories in my C:\. Maybe could just delete those and be done with that...anyway, help with Opachki please! Thanks! Below are my scan results:


DDS (Ver_10-10-21.02) - NTFSx86
Run by John XXXXXXX at 3:08:53.54 on 火 2010/10/26
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.932.81.1041.18.1023.332 [GMT -4:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\frxhser.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\frxhapp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\imejpmgr.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John XXXXXXX\デスクトップ\dds.scr
C:\WINNT\System32\WBEM\WinMgmt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
uRun: [ctfmon.exe] ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\winnt\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [frxmxins] frxmxins
mRun: [POINTER] point32.exe
mRun: [CreateCD50] "c:\program files\common files\adaptec shared\createcd\CreateCD50.exe" -r
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [NeroFilterCheck] c:\winnt\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Internat.exe] internat.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: Microsoft Excel にエクスポート(&X) - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/60.14/uploader2.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-10-25 22:33:05 -------- d-----w- c:\winnt\DSL
2010-10-25 22:33:05 -------- d-----w- c:\program files\common files\SupportSoft

==================== Find3M ====================

2010-09-28 22:32:15 398744 ----a-r- c:\winnt\system32\cpnprt2.cid

============= FINISH: 3:23:12.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 04 November 2010 - 03:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 04 November 2010 - 12:26 PM

Hi myrti. Thanks for helping me out. Here are my scan results:

OTL logfile created on: 2010/11/04 12:17:17 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\John XXXXXX\デスクトップ
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

1,023.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 13.10 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 26.81 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive G: | 279.47 Gb Total Space | 84.38 Gb Free Space | 30.19% Space Free | Partition Type: NTFS

Computer Name: JOHN | User Name: John XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 12:15:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John XXXXXX\デスクトップ\OTL.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/09/24 03:20:31 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2005/09/24 03:20:31 | 000,131,157 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
PRC - [2005/06/03 01:46:36 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\mstask.exe
PRC - [2004/12/21 18:21:48 | 000,823,296 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\regsvc.exe
PRC - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\stisvc.exe
PRC - [2003/06/19 14:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\hidserv.exe
PRC - [2002/09/30 23:32:38 | 000,040,960 | ---- | M] (ATI Technologies, Inc.) -- C:\WINNT\SYSTEM32\frxhapp.exe
PRC - [2002/09/30 23:32:30 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) -- C:\WINNT\SYSTEM32\frxhser.exe
PRC - [2002/08/07 12:34:26 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe
PRC - [2002/07/29 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\IMEJPMGR.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/04 12:15:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John XXXXXX\デスクトップ\OTL.exe
MOD - [2003/06/19 14:05:04 | 000,575,517 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\imejpknl.dll
MOD - [2003/06/19 14:05:04 | 000,254,880 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\imejp.ime
MOD - [2003/06/19 14:05:04 | 000,030,480 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\wsock32.dll
MOD - [2003/06/19 14:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\lz32.dll
MOD - [2002/09/30 23:32:40 | 000,057,344 | ---- | M] (ATI Technologies, Inc.) -- C:\WINNT\SYSTEM32\frxhdll.dll
MOD - [2002/07/29 14:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\NETRAP.DLL
MOD - [2001/03/10 01:42:32 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\MUI\fallback\0411\msctf.dll.mui


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (Isapddnt)
SRV - File not found [Disabled | Stopped] -- -- (Bitsidu)
SRV - File not found [On_Demand | Start_Pending] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/06/03 01:46:36 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\mstask.exe -- (Schedule)
SRV - [2003/06/19 14:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 14:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 14:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 14:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 14:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\hidserv.exe -- (HidServ)
SRV - [2002/09/30 23:32:30 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) [Auto | Running] -- C:\WINNT\SYSTEM32\frxhser.exe -- (FGLRXUtil)
SRV - [2002/08/07 12:34:26 | 000,221,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/07/30 23:15:24 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOHNMO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/18 20:04:14 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2009/11/24 18:51:09 | 000,093,424 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon.sys -- (aswMon)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/08/06 15:16:00 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2005/09/24 03:20:31 | 000,363,927 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\cdudf.sys -- (cdudf)
DRV - [2005/09/24 03:20:31 | 000,227,298 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2005/09/24 03:20:31 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2005/09/24 03:20:31 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/24 03:20:31 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2005/09/24 03:20:30 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/05/31 22:52:56 | 000,057,088 | R--- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\tsbvfatc.sys -- (tsbvfatc)
DRV - [2005/05/31 22:52:50 | 000,057,472 | R--- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\tsbvfobe.sys -- (tsbvfobe)
DRV - [2005/05/31 22:52:44 | 000,056,960 | R--- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\tsbvfmdm.sys -- (tsbvfmdm)
DRV - [2005/02/14 01:02:00 | 000,037,056 | R--- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\tsbenum.sys -- (tsbenum)
DRV - [2004/10/06 20:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2004/07/08 12:58:14 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2004/07/08 12:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\mpe.sys -- (MPE)
DRV - [2003/10/09 14:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/06/19 14:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2003/06/19 14:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 14:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\parallel.sys -- (Parallel)
DRV - [2003/06/19 14:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 14:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2003/06/19 14:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 14:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 14:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/06/11 01:00:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\P1130Vid.sys -- (P1130VID)
DRV - [2002/11/11 19:56:58 | 000,104,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000) Intel®
DRV - [2002/11/08 20:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/30 23:30:40 | 000,421,030 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\fglrxm.sys -- (atifglrx)
DRV - [2002/08/20 20:03:30 | 000,064,418 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\fasttrak.sys -- (fasttrak)
DRV - [2002/08/20 20:03:30 | 000,046,848 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (Ultra)
DRV - [2002/08/20 20:03:30 | 000,017,258 | ---- | M] (American Megatrends, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\mraid2k.sys -- (mraid2k)
DRV - [2002/07/30 23:15:40 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/07/29 14:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS -- (RCA)
DRV - [2002/07/29 14:00:00 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\FSVGA.SYS -- (FsVga)
DRV - [2002/07/29 14:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2002/05/22 22:24:32 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/05/07 23:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002/05/07 23:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002/04/02 02:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\cvspydr2.sys -- (cvspydr2)
DRV - [2001/08/23 07:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [1999/11/06 04:23:34 | 000,009,488 | ---- | M] (American MegaTrends Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [1999/10/27 22:23:38 | 000,345,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [1999/10/23 19:22:20 | 000,061,712 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90BC)
DRV - [1999/09/28 22:14:04 | 000,019,376 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [1999/09/25 18:11:42 | 000,011,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\fd16_700.sys -- (Fd16_700)
DRV - [1999/09/24 20:36:06 | 000,010,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\scsiscan.sys -- (scsiscan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/jp/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/07/05 21:05:15 | 000,000,027 | ---- | M]) - C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1041,ラジオ(&R)) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
O4 - HKLM..\Run: [frxmxins] C:\WINNT\System32\frxmxins.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKU\.DEFAULT..\Run: [Internat.exe] C:\WINNT\System32\INTERNAT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\OptiCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\OptiCAL\OptiCAL.exe (ColorVision Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\SYSTEM32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-585108594-1656566194-1614163512-1001\..Trusted Domains: // ([]msbsj in イントラネット)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\SYSTEM32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (現在のホーム ページ) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\John XXXXXX\My Documents\My Pictures\2004\06月\2004.6.17 by the door #2.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/15 19:51:42 | 000,000,031 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - C:\WINNT\SYSTEM32\DRIVERS\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {16f41c69-09f5-41d2-8cd8-3c08c47bc8a8} - Background copy queue manager
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {28023b22-f71e-43e8-8ea4-de315462878d} - KB933566
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28FD0F82-4A73-4453-84A6-2F4F62702A3F} - Background copy downloader
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - ダイナミック HTML データ バインド for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - オフライン ブラウズ パック
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - 上級オーサリング
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer ヘルプ
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java クラス
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer セットアップ ツール
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - ブラウズ追加機能
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN サイト アクセス
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76C19B30-F0C8-11cf-87CC-0020AFEECF20} - Japanese Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {90b0bef8-22d6-40a8-92c8-155434fc112f} - KB938127
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - ダイナミック HTML データ バインド
ActiveX: {95177e6d-aaa9-44d1-bebd-b380bce3be79} - KB937143
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {a5653fdf-8d3a-451b-937f-6c7534804953} - KB923694
ActiveX: {AD0DDEC6-4798-4DE5-87DC-4367D694ED06} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer コア フォント
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - タスク スケジューラ
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML ヘルプ
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA1ADAF5-B0BB-43BB-AA47-4810A446EB3C} - Internet Explorer アクセス
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f4de1058-dafc-4d16-b294-6ea1125bf3d3} - KB929969
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\MMDRV.DLL (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi1 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.ac3acm - C:\WINNT\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINNT\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINNT\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINNT\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINNT\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINNT\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINNT\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINNT\System32\IR32_32.DLL ()
Drivers32: vidc.iv50 - C:\WINNT\System32\IR50_32.DLL (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINNT\System32\iyuv_32.dll (Intel® Corporation)
Drivers32: vidc.xvid - C:\WINNT\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\WINNT\System32\tsbyuv.dll (Toshiba Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 12:15:19 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John XXXXXX\デスクトップ\OTL.exe
[2010/10/25 17:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2010/10/25 17:33:05 | 000,000,000 | ---D | C] -- C:\WINNT\DSL

========== Files - Modified Within 30 Days ==========

[2010/11/04 12:15:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John XXXXXX\デスクトップ\OTL.exe
[2010/11/04 11:57:51 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_218.dat
[2010/11/03 11:39:54 | 000,000,116 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2010/10/26 22:32:32 | 000,000,192 | -HS- | M] () -- C:\BOOT.INI
[2010/10/26 02:34:28 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\gmer.zip
[2010/10/26 02:07:37 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\dds.scr
[2010/10/24 23:37:13 | 001,966,844 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\juliemovie.avi
[2010/10/24 23:07:32 | 000,505,409 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\julie01.jpg
[2010/10/24 23:02:02 | 000,457,330 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\julie02.jpg
[2010/10/19 15:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\gmer.exe
[2010/10/16 16:03:01 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_23c.dat

========== Files Created - No Company Name ==========

[2010/11/04 11:57:51 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_218.dat
[2010/10/26 02:34:26 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\gmer.zip
[2010/10/26 02:07:35 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\dds.scr
[2010/10/24 23:23:47 | 001,966,844 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\juliemovie.avi
[2010/10/24 23:07:28 | 000,505,409 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\julie01.jpg
[2010/10/24 23:01:12 | 000,457,330 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\julie02.jpg
[2010/10/19 15:00:08 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\デスクトップ\gmer.exe
[2010/10/16 16:03:01 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_23c.dat
[2008/05/12 12:55:12 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2007/07/02 23:20:05 | 001,009,411 | -HS- | C] () -- C:\WINNT\System32\ikcmriwk.ini
[2007/07/01 23:26:42 | 000,960,106 | -HS- | C] () -- C:\WINNT\System32\ybdrmdmp.ini
[2007/05/07 20:05:15 | 000,000,038 | ---- | C] () -- C:\WINNT\AviSplitter.INI
[2007/05/04 05:20:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/04 01:46:39 | 000,003,082 | ---- | C] () -- C:\WINNT\System32\affv9869p2now.sys
[2007/04/23 09:45:54 | 000,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2007/04/18 09:07:35 | 000,000,029 | ---- | C] () -- C:\WINNT\DEBUGSM.INI
[2007/04/18 08:16:01 | 000,290,919 | ---- | C] () -- C:\WINNT\System32\pythoncom21.dll
[2007/04/18 08:16:01 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\PyWinTypes21.dll
[2007/04/18 08:15:04 | 000,096,768 | ---- | C] () -- C:\WINNT\SlantAdj.dll
[2007/04/18 08:15:04 | 000,000,072 | ---- | C] () -- C:\WINNT\System32\epDPE.ini
[2007/04/12 03:06:59 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2007/03/04 23:34:28 | 000,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
[2005/01/12 11:25:26 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\Local Settings\Application Data\fusioncache.dat
[2004/12/30 06:53:53 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2004/12/29 01:21:18 | 000,000,081 | ---- | C] () -- C:\WINNT\QTW.INI
[2004/11/03 08:46:18 | 000,000,023 | ---- | C] () -- C:\WINNT\kodakpcd.ini
[2004/08/17 03:35:28 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
[2004/07/03 08:08:04 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2004/07/03 07:59:06 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2004/06/10 11:26:50 | 000,000,714 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2003/07/15 11:11:39 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\cpuinf32.dll
[2003/03/18 11:02:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\John XXXXXX\Application Data\mpauth.dat
[2002/12/31 00:20:50 | 000,000,454 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/12/30 23:51:58 | 000,000,908 | ---- | C] () -- C:\WINNT\lrun32.ini
[2002/12/30 23:49:50 | 000,001,032 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/08/20 20:31:00 | 000,004,375 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2002/08/20 20:30:32 | 000,022,322 | -H-- | C] () -- C:\Program Files\FOLDER.HTT
[2002/07/29 14:00:00 | 000,229,088 | ---- | C] () -- C:\WINNT\System32\LANMAN.DRV
[2002/07/29 14:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\QCUT.DLL
[2002/07/29 14:00:00 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\LVCAM.SYS
[2002/07/29 14:00:00 | 000,065,392 | ---- | C] () -- C:\WINNT\System32\MSIMEK.SYS
[2002/07/29 14:00:00 | 000,054,700 | ---- | C] () -- C:\WINNT\System32\$IAS.SYS
[2002/07/29 14:00:00 | 000,044,496 | ---- | C] () -- C:\WINNT\System32\MSIMEI.SYS
[2002/07/29 14:00:00 | 000,042,825 | ---- | C] () -- C:\WINNT\System32\KEY02.SYS
[2002/07/29 14:00:00 | 000,042,617 | ---- | C] () -- C:\WINNT\System32\KEYAX.SYS
[2002/07/29 14:00:00 | 000,039,808 | ---- | C] () -- C:\WINNT\System32\MSIME.SYS
[2002/07/29 14:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\EFSADU.DLL
[2002/07/29 14:00:00 | 000,027,956 | ---- | C] () -- C:\WINNT\System32\APPSICON.DLL
[2002/07/29 14:00:00 | 000,020,688 | ---- | C] () -- C:\WINNT\System32\$DISP.SYS
[2002/07/29 14:00:00 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\LVSOUND.SYS
[2002/07/29 14:00:00 | 000,013,597 | ---- | C] () -- C:\WINNT\System32\MSIMED.SYS
[2002/07/29 14:00:00 | 000,013,072 | ---- | C] () -- C:\WINNT\System32\IASPERF.INI
[2002/07/29 14:00:00 | 000,004,701 | ---- | C] () -- C:\WINNT\System32\KKCFUNC.SYS
[2002/07/29 14:00:00 | 000,004,125 | ---- | C] () -- C:\WINNT\System32\$PRNESCP.SYS
[2002/07/29 14:00:00 | 000,003,080 | ---- | C] () -- C:\WINNT\System32\FAXPERF.INI
[2002/07/29 14:00:00 | 000,002,990 | ---- | C] () -- C:\WINNT\System32\DISP_WIN.SYS
[2002/07/29 14:00:00 | 000,000,901 | ---- | C] () -- C:\WINNT\System32\NTFONT.SYS
[2002/07/29 14:00:00 | 000,000,852 | ---- | C] () -- C:\WINNT\System32\FONT_WIN.SYS
[2002/07/29 14:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\WELCOME.INI
[2002/07/05 16:35:46 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\CddbLangJA.dll
[2002/05/07 23:06:36 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\platmsg.dll
[2002/05/07 23:06:16 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\netamsg.dll
[2002/04/16 23:57:28 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\aolninst.dll
[2002/02/06 16:04:14 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/01/21 22:17:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\PROInst.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2002/07/29 14:00:00 | 000,242,960 | ---- | M] (Microsoft Corporation) MD5=08526CC78B86AF50E6FBCD0AB51DA8CC -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
[2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=72F2EAC2033A528DF92C5FE4ADC639E1 -- C:\WINNT\explorer.exe
[2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=72F2EAC2033A528DF92C5FE4ADC639E1 -- C:\WINNT\ServicePackFiles\i386\explorer.exe
[2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=72F2EAC2033A528DF92C5FE4ADC639E1 -- C:\WINNT\SYSTEM32\DLLCACHE\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/03/23 20:44:46 | 000,181,520 | ---- | M] (Microsoft Corporation) MD5=4244463A66A8CE79BB847544E2E4B3FE -- C:\WINNT\$NtUninstallKB840987$\winlogon.exe
[2005/06/03 01:47:14 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=6599B3BD45265C942C97A608E36B8438 -- C:\WINNT\SYSTEM32\DLLCACHE\winlogon.exe
[2005/06/03 01:47:14 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=6599B3BD45265C942C97A608E36B8438 -- C:\WINNT\SYSTEM32\WINLOGON.EXE
[2003/08/05 01:19:40 | 000,182,032 | ---- | M] (Microsoft Corporation) MD5=C99327E1AF65F7321F293BB320B270D8 -- C:\WINNT\$NtUninstallKB835732$\winlogon.exe
[2002/07/29 14:00:00 | 000,178,960 | ---- | M] (Microsoft Corporation) MD5=ED637A1EA00268507F50E13220227A96 -- C:\I386\WINLOGON.EXE
[2002/07/29 14:00:00 | 000,178,960 | ---- | M] (Microsoft Corporation) MD5=ED637A1EA00268507F50E13220227A96 -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2004/08/25 02:18:39 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=F300B5D3244E9170774E7391D97A0BD2 -- C:\WINNT\$NtUninstallKB841533$\winlogon.exe
[2004/08/25 01:44:36 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=F300B5D3244E9170774E7391D97A0BD2 -- C:\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe
[2003/06/19 14:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=F8A126E16933A3CAA8B088F74D61B2B2 -- C:\WINNT\$NtUninstallKB824141$\winlogon.exe
[2003/06/19 14:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=F8A126E16933A3CAA8B088F74D61B2B2 -- C:\WINNT\ServicePackFiles\i386\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/08/20 20:23:04 | 000,086,016 | ---- | M] () -- C:\WINNT\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/08/20 20:23:04 | 000,524,288 | ---- | M] () -- C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/08/20 20:23:04 | 000,352,256 | ---- | M] () -- C:\WINNT\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >




OTL Extras logfile created on: 2010/11/04 12:17:17 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\John XXXXXX\デスクトップ
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

1,023.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 13.10 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 26.81 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
Drive G: | 279.47 Gb Total Space | 84.38 Gb Free Space | 30.19% Space Free | Partition Type: NTFS

Computer Name: JOHN | User Name: John XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{2EDEDFC4-B837-406C-B5D5-EB807EBBDD5A}" = Toshiba File Browser
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{3B24D251-448E-11D4-A499-0050DA6E827C}" = DVDit! SE
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal ビューア
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intelョ PRO Network Adapters WMI Provider (2.0)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = ユーザーズガイド
"{5E539FC3-A792-11D5-8049-00A0B014202B}" = EPSON GT-シリーズ ユーザーズガイド
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64C2F3F8-D02D-4BA0-B7E2-B4192AB4F621}" = Toshiba Phone Monitor
"{66B4F24C-BE5D-423A-B56B-4013481F6801}" = Intel® Pro Alerting Agent, Version 3.2.0
"{66E045C8-69E7-4540-9E12-66C4DFEF2EDB}" = Toshiba Capability Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6F716D8E-398F-11D3-85E1-005004838609}" = WebFldrs
"{7621C6DE-928C-45B0-B071-BAA4B81BEC0A}" = Toshiba Backup and Restore
"{8CF62AD0-5FA3-4FE9-B7F1-14EBB28718D1}" = My Mobile
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{A7210F58-1080-4E90-AD34-D996A0B63733}" = Toshiba OCS
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD0DDEC6-4798-4DE5-87DC-4367D694ED06}" = Microsoft .NET Framework 1.1 Japanese Language Pack
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSONコピーユーティリティ
"{B9341528-F758-4798-BD01-476206FF6B55}" = ZoomBrowser EX Guide
"{B990C066-68E5-4373-A73C-2B72E78DF460}" = SyncML Desktop Server
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{EA103421-E29D-4443-9889-95D65889B48A}" = Vodafone USB Driver
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F913F8A1-0220-4C29-B413-9298940ABDD0}" = Canon Camera TWAIN Driver
"{FFE7DC2A-20B2-4FA1-9021-A8EF50EE737C}" = Toshiba Mobile Networking Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"ATI.fglrx" = ダイアモンド コンポーネント・アンインストールの表示
"avast!" = avast! Antivirus
"Avi2Dvd" = Avi2Dvd 0.4.4 beta
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"CDKNet" = CDK Players
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1130" = Creative WebCam NX Pro Driver (1.03.03.0326)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro Manual English" = Creative WebCam NX Pro Manual (English)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Easy Photo Print" = EPSON Easy Photo Print
"F-CDテンプレートダウンロードソフト" = F-CDテンプレートダウンロードソフト
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{B9341528-F758-4798-BD01-476206FF6B55}" = Canon Utilities ZoomBrowser EX ガイド
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F913F8A1-0220-4C29-B413-9298940ABDD0}" = Canon Camera TWAIN Driver 6.4
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"MediaNavigation.LabelProducer" = ラベルプロデューサー
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Press Interactive Training" = Microsoft インタラクティブ トレーニング
"Money2006a" = MSN Money Investment Toolbox
"MXOFX" = USB Storage Adapter FX (MXO)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"OptiCAL" = OptiCAL
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Q324096" = Windows 2000 Hotfix (Pre-SP4) [See Q324096 for more information]
"Q329115" = Windows 2000 Hotfix (Pre-SP4) [See Q329115 for more information]
"Q329834" = Windows 2000 Hotfix (Pre-SP4) [See Q329834 for more information]
"Q818043" = Windows 2000 ホットフィックス (SP5) Q818043
"Q828026" = Windows Media Player Hotfix [詳細については、wm828026 を参照してください]
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Update Rollup 1" = Windows 2000 SP4 対応の更新プログラム ロールアップ 1
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMP7" = Windows Media Player 9 シリーズ (システム更新)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2010/02/22 13:38:54 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:39:12 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:39:12 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:39:15 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:39:16 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:42:06 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:42:07 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:44:47 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:44:58 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

Error - 2010/02/22 13:44:59 | Computer Name = JOHN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\DCIM\100NIKON\DSCN2270.JPG failed, 0000001E.

[ Application Events ]
Error - 2010/10/26 23:09:24 | Computer Name = JOHN | Source = Perflib | ID = 1015
Description = "C:\WINNT\system32\perfproc.dll" ライブラリのパフォーマンス データ コレクション関数 "PerfProc"
の終了待ちの タイムアウトが期限切れになりました。この拡張可能カウンタまたはデータを収集している サービスに問題があるか、このコールが試行されるときに、システムがビジー状態だった
可能性があります。


Error - 2010/10/26 23:09:47 | Computer Name = JOHN | Source = Perflib | ID = 1015
Description = "C:\WINNT\system32\perfproc.dll" ライブラリのパフォーマンス データ コレクション関数 "PerfProc"
の終了待ちの タイムアウトが期限切れになりました。この拡張可能カウンタまたはデータを収集している サービスに問題があるか、このコールが試行されるときに、システムがビジー状態だった
可能性があります。


Error - 2010/10/26 23:20:54 | Computer Name = JOHN | Source = MsiInstaller | ID = 11921
Description = Product: Ad-Aware -- Error 1921. Service 'Lavasoft Ad-Aware Service'
(aawservice) could not be stopped. Verify that you have sufficient privileges
to stop system services.

Error - 2010/10/26 23:25:15 | Computer Name = JOHN | Source = MsiInstaller | ID = 11921
Description = Product: Ad-Aware -- Error 1921. Service 'Lavasoft Ad-Aware Service'
(aawservice) could not be stopped. Verify that you have sufficient privileges
to stop system services.

Error - 2010/10/26 23:37:14 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

Error - 2010/10/27 3:14:52 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

Error - 2010/10/29 3:02:36 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

Error - 2010/11/02 16:08:55 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

Error - 2010/11/03 3:33:15 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

Error - 2010/11/04 4:08:30 | Computer Name = JOHN | Source = Userenv | ID = 1000
Description = レジストリ クラス ファイルをアンロードできません。移動ファイルがある場合は、設定は複製されません。管理者に問い合わせてください。 詳細
アクセスが拒否されました。 、ビルド番号は ((2195)) です。

[ System Events ]
Error - 2010/10/26 18:06:28 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/10/26 18:10:17 | Computer Name = JOHN | Source = Service Control Manager | ID = 7009
Description = avast! Web Scanner サービスへの接続中にタイムアウト (30000 ミリ秒) になりました。

Error - 2010/10/26 18:10:17 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = avast! Web Scanner サービスは次のエラーのため開始できませんでした: %%1053

Error - 2010/10/26 22:51:31 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/10/26 23:39:05 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/10/28 0:22:16 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/10/29 22:11:12 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/11/02 22:27:24 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/11/03 12:23:17 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3

Error - 2010/11/04 12:57:39 | Computer Name = JOHN | Source = Service Control Manager | ID = 7000
Description = Isapddnt サービスは次のエラーのため開始できませんでした: %%3


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 05 November 2010 - 03:53 AM

Hi,

please run a scan with Rooktit Unhooker next:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


In what files did it find opachki?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 05 November 2010 - 03:11 PM

I couldn't run Rootkit Unhooker. I got an unsupported Windows version message (I'm running W2K on this computer). When I clicked Try to Run Anyway? I got an error loading driver message. Is there another utility that I can try?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 08 November 2010 - 04:51 AM

Hi,

please try to run rootrepeal instead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

Please also answer this question:

In what files did it find opachki?


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 08 November 2010 - 10:48 AM

Well, this is not going well. When trying to run RootRepeal, I immediately get an error message "Exception Address: 0x004eca19"

As for the question "in which files did it find opachki?" do you mean RootRepeal or my original SpyBot scan that found it?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 09 November 2010 - 02:47 AM

Hi,

I meant in the spybot scan.

Please try this and see if you can get Rootrepeal to run like that:

Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 November 2010 - 07:08 PM

Hi myrti,

I've discovered that apparently the spybot results were false positives. I uninstalled spybot completely and have installed Malwarebytes Anti-Malware. Ran a scan, and it didn't find opachki. Found a couple other things, but fixed them successfully. So I don't think you'll need to help me any further here.

Just for your information, I couldn't try changing the disk access level in RootRepeal. As soon as I would double click to run, the error message would come up and it wouldn't even initialize.

Thanks for all your efforts to help though - much appreciated!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 11 November 2010 - 03:47 AM

Hi,

yes I was suspecting a false positive too, that is why I was enquiring about the files that were supposed to be infected.

Please run a scan with Kaspersky to check for possible other leftovers:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 November 2010 - 09:10 PM

I tried to run Kaspersky. Went through the downloading of updates, then at the end, it says updating failed. It won't start. It tells me "ERROR: License expired". Also tells me to close the Online Scanner 7.0 window and restart the program from the website of Kaspersky Lab. When I try to go that site, I get an error message - "Can't open the website".

#12 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 November 2010 - 09:17 PM

I just succeeded in reaching the Kaspersky Lab site, and it states that the current online scanner is unavailable, and that an improved version is coming soon. So I guess that is why it would not run for me. I'll have to wait until it is available again....Thanks for your continued help.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 14 November 2010 - 06:17 PM

Hi,

please try Eset instead:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 headmotty

headmotty
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 15 November 2010 - 02:03 AM

OK, ESET ran and found Virtumonde, which it deleted. Here is the report:

C:\WINNT\SYSTEM32\ikcmriwk.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINNT\SYSTEM32\ybdrmdmp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:13 PM

Posted 15 November 2010 - 04:23 AM

Hi,

those were inactive leftovers of a previous infection. If everything else is fine, I think we are almost done. Please update your adobe reader:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version 9.4. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users