Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinAntiVirus Pro 2006 and Search Settings 1.2.3 [Solved]

Started by johnakain , Apr 11 2010 12:35 AM

  • This topic is locked This topic is locked

#1
johnakain
Posted 11 April 2010 - 12:35 AM

johnakain

    Member

  • Member
  • PipPip
  • 18 posts
Heya and thanks in advanced. My roommate's laptop is acting up. Using the guide, we were able to mostly get rid of WinAntiVirus Pro 2006 to the point where it doesn't hijack any more processes. IE is still getting hijacked/redirected which I believe is due to Search Settings v.1.2.3 which I'm having trouble removing. The only hitch is he's from Japan and just about everything is in Japanese. I've been able to work with it so far but some programs have problems writing logs to directories that use Japanese characters. For instance, I had to run OTL off a flash drive in order to even generate a saveable log. I hope this won't cause too much trouble. Here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3973

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2010/04/10 16:07:18
mbam-log-2010-04-10 (16-07-18).txt

Scan type: Quick scan
Objects scanned: 90390
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-11 15:16:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\uxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF6881320]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat CptPrtNT.sys (File System Copy Protect Driver/start alpha)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [3384] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3384] 0x10000000
Library C:\Documents (*** hidden *** ) @ C:\Documents [3548] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3912] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3964] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\ControlSet001\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0\16f\35g 49280
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0000y\16f\35g 16512
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0\x00b40\x00b70A0\x00af0 32896
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0000y\x00b40\x00b70A0\x00af0 128
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS \x30b4\x30b7\x30c3\x30af 41088
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS P\x30b4\x30b7\x30c3\x30af 8320
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\CheckStatus@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\MaxDPI@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\PhotoStacking@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\CheckStatus@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\MaxDPI@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\PhotoStacking@m`uQ 0x00 0x00 0x00 0x00

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 2010/04/11 15:26:19 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

991.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.63 Gb Total Space | 5.72 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
Drive D: | 16.62 Gb Total Space | 12.30 Gb Free Space | 74.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 111.79 Gb Total Space | 38.41 Gb Free Space | 34.36% Space Free | Partition Type: NTFS
Drive G: | 487.88 Mb Total Space | 471.60 Mb Free Space | 96.66% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KKIBA
Current User Name: 恭兵
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8888:TCP" = 8888:TCP:*:Enabled:COBAS

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\WINDOWS\system32\pdrtvsvr.exe" = C:\WINDOWS\system32\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control -- File not found
"C:\Program Files\BUFFALO\WLI-UC-G\SoftAP.exe" = C:\Program Files\BUFFALO\WLI-UC-G\SoftAP.exe:*:Enabled:?????????????? -- ()
"C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe" = C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe:*:Enabled:ClientMgr3 -- (BUFFALO INC.)
"C:\Program Files\BUFFALO\Client Manager3\AOSSWPS.exe" = C:\Program Files\BUFFALO\Client Manager3\AOSSWPS.exe:*:Enabled:Aoss -- (BUFFALO INC.)
"D:\iTunes.exe" = D:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015D937D-9D52-45A4-BDAA-2413938C0564}" = O2Micro MemoryCardBus Windows Driver
"{05D52705-6C1B-11D4-B932-00508B33EDFD}" = Dream Passport
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{119A629A-2BA7-45A6-9D0A-835CED55022D}" = FirstPass PCソフト
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13194684-8D6C-497A-8A05-568F809392F0}" = Cabos
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B1-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366ADAAD-D0F5-42C2-AD46-B3837D9EF0FF}" = SD-Jukeboxバックアップツール
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4612A138-0673-47F4-99C9-0E47B3B719F0}" = HDDロック
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Mini 3.0
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD46372-D6D7-4F99-A20E-4756BC9F1FC0}" = The Graphics [ドロー]
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{79CE4140-DC0C-42C2-BDC5-705CFB9D858B}" = "mora win" type1 plug-in
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82625564-5A7A-11D7-AECE-00105A5D0C38}" = SD-JukeboxV6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869A829F-7952-4825-AA1E-7F4E669162A8}" = 百年プリント@コニカミノルタ注文用ソフトウェア
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E69DEF9-CCC0-4945-9982-0F2EE2A6765F}" = ELECOM MOUSE DRIVER
"{91330411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Personal
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6926448-9CCB-4A5B-B036-75779D492AC8}" = BIGLOBEでインターネット
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1041-7B44-A70900000002}" = Adobe Reader 7.0.9 - Japanese
"{AF03A721-42E1-410E-9CAC-50FF61DEAAFE}" = グルセン
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8678AE5-340F-442E-82CF-D21C964637A7}" = ODN Signup Software
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3B16DA0-1E93-11D5-A26F-009027CB933C}" = So-net簡単スターターV2.3
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F3ED6890-F7FC-11D4-8F5E-0000C0181DFA}" = NTT DoCoMo FOMA PC設定ソフト
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"「ミセス・ジャンキー」体験版 ©BLUEGALE" = 「ミセス・ジャンキー」体験版 ©BLUEGALE
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BUFFALO WLI-UC-G" = ソフトウェアルータ設定ツール
"chorokuf" = ♪超録 - パソコン長時間録音機 フリーウェア版
"CoreAAC" = CoreAAC
"CravingExplorer_is1" = Craving Explorer Version 1.0.0 RC9a
"FFFTP" = FFFTP
"Free iPod Video Converter_is1" = Free iPod Video Converter V 2.8
"GOM ENCODER" = GOM ENCODER
"GOM Player" = GOM PLAYER
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{015D937D-9D52-45A4-BDAA-2413938C0564}" = O2Micro MemoryCardBus Windows Driver
"KARUGARUnet 4.0" = KARUGARUnet 4.0
"Lhaca" = +Lhaca
"Lhaplus" = Lhaplus
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Sleeptracker Pro 1.0.2_is1" = Sleeptracker Pro 1.0.2
"SO902WDriver" = FOMA SO902iWP+ USB
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UN900114" = BUFFALO クライアントマネージャ3
"UN900120" = BUFFALO AirStation倍速設定ツール(アンインストール)
"UN900503" = BUFFALO 親機子機切り替えツール
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo!ツールバー" = Yahoo!ツールバー
"ニヌオオカV ケフエマカフニョ_is1" = ニヌオオカV ケフエマカフニョ
"ファイルバンク アップダウンマネージャ" = ファイルバンク アップダウンマネージャ
"メルティ・メルヘン" = メルティー・メルヘン
"天気予報コム for Windows_is1" = 天気予報コム for Windows

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Hangame.com" = Hangame

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009/02/19 1:51:44 | Computer Name = KKIBA | Source = Application Hang | ID = 1002
Description = ??????????????? wmplayer.exe?????? 10.0.0.3650???? ????? hungapp??????
0.0.0.0???? ???? 0x00000000.

Error - 2009/02/19 1:51:45 | Computer Name = KKIBA | Source = Application Hang | ID = 1002
Description = ??????????????? wmplayer.exe?????? 10.0.0.3650???? ????? hungapp??????
0.0.0.0???? ???? 0x00000000.

Error - 2009/02/19 1:51:45 | Computer Name = KKIBA | Source = Application Hang | ID = 1002
Description = ??????????????? wmplayer.exe?????? 10.0.0.3650???? ????? hungapp??????
0.0.0.0???? ???? 0x00000000.

Error - 2009/03/05 9:10:21 | Computer Name = KKIBA | Source = crypt32 | ID = 131083
Description = <http://www.download....uthrootstl.cab>
??????? cab ????????? ?????????????????????????: ????????????????????????????????????????????????????


Error - 2009/03/05 9:10:21 | Computer Name = KKIBA | Source = crypt32 | ID = 131083
Description = <http://www.download....uthrootstl.cab>
??????? cab ????????? ?????????????????????????: ????????????????????????????????????????????????????


Error - 2009/03/22 10:00:41 | Computer Name = KKIBA | Source = MsiInstaller | ID = 11904
Description = ??: SolutionCenter -- Error 1904. ????? C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
???????????HRESULT -2147220473????????????????????

Error - 2009/03/26 13:29:39 | Computer Name = KKIBA | Source = Application Hang | ID = 1002
Description = ??????????????? iTunes.exe?????? 8.0.2.20???? ????? hungapp??????
0.0.0.0???? ???? 0x00000000.

Error - 2009/04/01 6:29:42 | Computer Name = KKIBA | Source = Application Error | ID = 1000
Description = ????????????? hpqtra08.exe?????? 100.0.170.0??????????? sti.dll??????
5.1.2600.5512?????????? 0x0000f06d

Error - 2009/04/06 8:02:14 | Computer Name = KKIBA | Source = Application Hang | ID = 1002
Description = ??????????????? firefox.exe?????? 1.9.0.3372???? ????? hungapp??????
0.0.0.0???? ???? 0x00000000.

Error - 2009/04/06 12:26:03 | Computer Name = KKIBA | Source = Application Error | ID = 1000
Description = ????????????? hpqtra08.exe?????? 100.0.170.0??????????? ntdll.dll??????
5.1.2600.5512?????????? 0x000109f9

[ System Events ]
Error - 2010/04/11 0:42:31 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = Bonjour ???? ??????????????????? 1 ?????????

Error - 2010/04/11 0:42:31 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = Bwsvc ??????????????????? 1 ?????????

Error - 2010/04/11 0:42:31 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7031
Description = AVG Free WatchDog ??????????????????? 1 ???????????????? 0 ???????????:
???????

Error - 2010/04/11 0:42:32 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = SDPAUMS server service ??????????????????? 1 ?????????

Error - 2010/04/11 0:42:32 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = SmartLinkService ??????????????????? 1 ?????????

Error - 2010/04/11 0:42:32 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = VcM ??????????????????? 1 ?????????

Error - 2010/04/11 0:42:32 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7034
Description = iPod ???? ??????????????????? 1 ?????????

Error - 2010/04/11 0:46:55 | Computer Name = KKIBA | Source = Server | ID = 2505
Description = ?????????????????????????????????????????? \Device\NetBT_Tcpip_{AD731749-6D1E-4FE1-8741-682AF33EE6B4}
??????????????????????????????

Error - 2010/04/11 0:48:11 | Computer Name = KKIBA | Source = Service Control Manager | ID = 7022
Description = HP CUE ???? ?????? ???? ????????????????

Error - 2010/04/11 1:00:02 | Computer Name = KKIBA | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: ?????????? (EC) ???????????????????????????????EC
??????????????????????????????????????????????????? EC ????????? BIOS ????????????????????????????
EC ?????????????????????????


< End of report >

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 2010/04/11 15:26:19 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

991.00 Mb Total Physical Memory | 439.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.63 Gb Total Space | 5.72 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
Drive D: | 16.62 Gb Total Space | 12.30 Gb Free Space | 74.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 111.79 Gb Total Space | 38.41 Gb Free Space | 34.36% Space Free | Partition Type: NTFS
Drive G: | 487.88 Mb Total Space | 471.60 Mb Free Space | 96.66% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KKIBA
Current User Name: 恭兵
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/10 14:09:09 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/10 14:09:08 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/10 14:08:58 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/10 14:08:44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/10 14:07:19 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/10 14:05:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/09 21:51:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- D:\iTunesHelper.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/06/13 01:28:50 | 000,589,312 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
PRC - [2009/06/10 02:18:26 | 000,238,592 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Client Manager3\Bwsvc.exe
PRC - [2009/04/14 12:00:00 | 000,395,264 | ---- | M] (有限会社エーシーアール) -- C:\Program Files\天気予報コム\Weather.exe
PRC - [2009/03/30 16:52:02 | 000,292,144 | ---- | M] (I-O DATA DEVICE, INC.) -- C:\Program Files\I-O DATA\HDDロック\IoSecShadow.exe
PRC - [2009/02/13 03:51:00 | 003,396,912 | ---- | M] () -- C:\Program Files\BUFFALO\WLI-UC-G\SoftAP.exe
PRC - [2008/04/14 11:26:26 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008/04/14 11:26:11 | 001,027,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 00:45:13 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/23 13:54:36 | 000,056,128 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2005/03/08 18:11:56 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2005/03/04 02:48:30 | 000,266,240 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/02/28 00:00:00 | 000,385,078 | ---- | M] () -- C:\Program Files\FOMA PC設定ソフト\FomaTaskTray.exe
PRC - [2005/01/24 22:01:00 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/30 19:34:00 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2003/06/08 18:23:56 | 000,286,720 | ---- | M] () -- C:\Program Files\SAi\Gurusen\vcM.exe
PRC - [2001/08/07 14:27:44 | 000,049,152 | R--- | M] ( Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\sdpasvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 21:51:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2008/04/14 11:25:53 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 11:25:52 | 000,811,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imjp81k.dll
MOD - [2008/04/14 11:24:11 | 000,340,023 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imjp81.ime
MOD - [2005/04/06 17:58:50 | 000,065,536 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\SiSHook.dll
MOD - [2005/01/24 22:01:00 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/05 21:00:00 | 000,110,637 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\IMJP8_1\DICTS\imjpcd.dic
MOD - [2004/08/05 21:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/10 14:05:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/06/10 02:18:26 | 000,238,592 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe -- (Bwsvc)
SRV - [2008/04/14 11:26:26 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/06/08 18:23:56 | 000,286,720 | ---- | M] () [Auto | Running] -- C:\Program Files\SAi\Gurusen\vcM.exe -- (VcM)
SRV - [2001/08/07 14:27:44 | 000,049,152 | R--- | M] ( Matsushita Electric Industrial Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\System32\sdpasvc.exe -- (SDPASVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sotec.co.jp/top.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword....g={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.....google.co.jp/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/10 14:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 13:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 17:22:08 | 000,000,000 | ---D | M]

[2009/02/22 13:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\恭兵\Application Data\Mozilla\Extensions
[2010/04/11 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\恭兵\Application Data\Mozilla\Firefox\Profiles\6464pvw7.default\extensions
[2010/03/13 12:20:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\恭兵\Application Data\Mozilla\Firefox\Profiles\6464pvw7.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/03/10 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\恭兵\Application Data\Mozilla\Firefox\Profiles\6464pvw7.default\extensions\[email protected]
[2010/04/11 14:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/11 00:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2010/03/12 22:36:16 | 000,001,842 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-jp.xml
[2010/03/13 12:20:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/03/12 22:36:16 | 000,002,630 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-jp.xml
[2010/03/12 22:36:16 | 000,001,269 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\oshiete-goo.xml
[2010/03/12 22:36:16 | 000,000,814 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rakuten.xml
[2010/03/12 22:36:16 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ja.xml
[2010/03/12 22:36:16 | 000,000,889 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-auctions.xml
[2010/03/12 22:36:16 | 000,000,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp.xml

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FPPIN2Reg] C:\Program Files\NTT DoCoMo\FirstPass PCソフト\F-PassPCPIN2Regist.exe File not found
O4 - HKLM..\Run: [FPPIN2Save] C:\Program Files\NTT DoCoMo\FirstPass PCソフト\F-PassPCPIN2.exe File not found
O4 - HKLM..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IoSecShadow] C:\Program Files\I-O DATA\HDDロック\IoSecShadow.exe (I-O DATA DEVICE, INC.)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Lucy32.exe] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MsgCenterExe] C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe File not found
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\InterVideo WinCinema Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Utility Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\W-TCP設定.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\クライアントマネージャ3.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\ソフトウェアルータ設定ツール.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\天気予報コム for Windows.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Google サイドウィキ... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - D:\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP スマート セレクト - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1DEA6922-E71F-4588-AFF4-EB4E5D2DF22D} http://202.177.209.7...ex/pbdgkick.cab (Pbdgkick Control)
O16 - DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} http://www.sanstream...AcQVPlayerX.cab (AcqVPlayer Control)
O16 - DPF: {56C66EFC-58BF-40D6-8941-5C8880C8D832} http://update1.maru-...pluginsetup.cab (CINSTALL Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} http://down.hangame....GPluginJP21.cab (HgPluginJP21 Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} http://down.hangame....GPluginJP23.cab (HGPluginJP23 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} http://app.filebank....up/win/fbx2.cab (ファイルバンクランチャー)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (現在のホーム ページ) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\恭兵\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\恭兵\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {C60A0B68-1F3A-A1D2-C909-9A11A016D21A} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/24 14:59:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7240c354-7b9c-11da-8bde-00022daa280b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/24 14:58:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/10 16:09:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/10 14:12:49 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 14:12:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/10 14:12:28 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 14:12:21 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 14:12:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/10 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/10 14:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/10 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/10 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/10 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/10 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/10 13:29:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/10 13:29:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/10 13:29:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/10 13:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/10 13:29:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/10 13:22:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2010/04/10 13:22:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\History
[2010/04/10 13:22:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2010/04/10 12:23:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/10 12:23:37 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/10 12:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/10 12:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/14 17:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/13 11:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/25 21:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/06/14 09:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

========== Files - Modified Within 14 Days ==========

[2010/04/11 14:49:02 | 000,000,692 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 13:48:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 13:46:46 | 000,000,688 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/11 13:46:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 13:46:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/11 13:46:22 | 1039,585,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 11:13:07 | 058,796,899 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/10 14:13:03 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 14:12:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/10 14:12:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 14:12:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 14:12:21 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/10 12:32:59 | 000,147,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/10 12:32:13 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 21:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/11 13:39:16 | 1039,585,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/10 14:56:01 | 000,001,317 | ---- | C] () -- C:\Documents and Settings\All Users\VBG.TXT
[2010/04/10 14:12:21 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/10 14:12:14 | 058,796,899 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/10 13:29:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/10 13:29:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/10 13:29:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/10 13:29:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/16 15:28:16 | 000,172,032 | ---- | C] () -- C:\WINDOWS\lame_enc.dll
[2009/12/30 20:46:29 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\bwsvc_event.dll
[2009/12/30 20:30:21 | 000,008,952 | R--- | C] () -- C:\WINDOWS\System32\drivers\APAIFILT.SYS
[2009/12/11 13:43:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/10/02 13:57:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/09/11 17:53:08 | 000,007,687 | ---- | C] () -- C:\WINDOWS\UN900503.INI
[2009/09/11 17:52:25 | 000,026,666 | ---- | C] () -- C:\WINDOWS\UN900114.INI
[2009/09/11 17:50:12 | 000,006,388 | ---- | C] () -- C:\WINDOWS\UN900120.INI
[2009/08/14 22:47:35 | 000,000,246 | ---- | C] () -- C:\WINDOWS\mrsjs.ini
[2009/03/22 22:54:33 | 000,001,444 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/16 16:52:40 | 000,124,432 | ---- | C] () -- C:\WINDOWS\System32\PanInstaller.dll
[2007/11/16 16:52:38 | 000,083,480 | ---- | C] () -- C:\WINDOWS\System32\FirstLoad.dll
[2007/05/12 23:27:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/01 23:52:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/12 07:43:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/03/08 00:10:23 | 000,254,065 | ---- | C] () -- C:\WINDOWS\System32\GurusenInstall.dll
[2006/01/15 18:31:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/02 20:10:13 | 000,000,490 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/02 19:43:27 | 000,000,433 | ---- | C] () -- C:\WINDOWS\Lhaca.ini
[2006/01/02 18:58:32 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/01/02 18:58:32 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2005/09/08 17:52:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/13 06:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/16 15:19:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/16 15:19:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/16 15:19:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/16 15:19:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/16 15:19:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/16 15:19:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/26 10:11:34 | 000,000,334 | R--- | C] () -- C:\WINDOWS\System32\oemlink.ini
[2005/05/25 15:43:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/05/25 15:24:42 | 000,073,959 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005/05/25 15:24:02 | 000,074,908 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005/05/25 15:22:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/05/24 15:06:39 | 000,000,911 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/24 14:33:07 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/24 14:32:40 | 000,042,841 | ---- | C] () -- C:\WINDOWS\System32\key02.sys
[2005/05/24 14:32:40 | 000,042,633 | ---- | C] () -- C:\WINDOWS\System32\keyax.sys
[2005/05/24 14:32:40 | 000,002,990 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
[2005/05/24 14:32:40 | 000,000,901 | ---- | C] () -- C:\WINDOWS\System32\ntfont.sys
[2005/05/24 14:32:40 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
[2005/05/24 14:32:39 | 000,065,392 | ---- | C] () -- C:\WINDOWS\System32\msimek.sys
[2005/05/24 14:32:39 | 000,054,700 | ---- | C] () -- C:\WINDOWS\System32\$ias.sys
[2005/05/24 14:32:39 | 000,044,496 | ---- | C] () -- C:\WINDOWS\System32\msimei.sys
[2005/05/24 14:32:39 | 000,039,808 | ---- | C] () -- C:\WINDOWS\System32\msime.sys
[2005/05/24 14:32:39 | 000,027,956 | ---- | C] () -- C:\WINDOWS\System32\appsicon.dll
[2005/05/24 14:32:39 | 000,020,688 | ---- | C] () -- C:\WINDOWS\System32\$disp.sys
[2005/05/24 14:32:39 | 000,013,597 | ---- | C] () -- C:\WINDOWS\System32\msimed.sys
[2005/05/24 14:32:39 | 000,004,701 | ---- | C] () -- C:\WINDOWS\System32\kkcfunc.sys
[2005/05/24 14:32:39 | 000,004,125 | ---- | C] () -- C:\WINDOWS\System32\$prnescp.sys
[2005/05/24 14:31:46 | 000,229,088 | ---- | C] () -- C:\WINDOWS\System32\lanman.drv
[2005/01/17 22:59:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/10/01 16:51:12 | 000,000,729 | ---- | C] () -- C:\WINDOWS\UserCache.ini

========== LOP Check ==========

[2008/06/14 09:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/04/10 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/15 20:09:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/04/11 13:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/06 11:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 21:00:00 | 018,991,292 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/22 21:18:14 | 024,446,289 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/05 21:00:00 | 018,991,292 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/02/22 21:18:14 | 024,446,289 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 03:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 21:00:00 | 018,991,292 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/22 21:18:14 | 024,446,289 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/05 21:00:00 | 018,991,292 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/02/22 21:18:14 | 024,446,289 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 03:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 03:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 21:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6013080F0A7551D5B599CDBEB72A0903 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 11:25:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BA772C4BE222DEA00BFDF1D63DB428CB -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:25:50 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BA772C4BE222DEA00BFDF1D63DB428CB -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/05 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=54104E2AF7A0578E22A3F973CFE9EEEA -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 11:25:55 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=BF2BC608180C67A535BF07F52E5842A5 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:25:55 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=BF2BC608180C67A535BF07F52E5842A5 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/05 21:00:00 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=394814C58864702C1988044BAB75DC06 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:25:59 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=3EF97982126C0C03C7F055B5BA13360E -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:25:59 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=3EF97982126C0C03C7F055B5BA13360E -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 11:24:19 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101.dll
[2008/04/14 11:24:19 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd106.dll
[2008/04/14 11:24:19 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbdnec.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/05/24 23:44:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/05/24 23:44:13 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/24 23:44:13 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/10 14:12:30 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/10 14:12:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/10 14:12:48 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Files - Unicode (All) ==========
[2010/04/11 15:26:17 | 000,001,024 | -H-- | M] ()(C:\Documents and Settings\??\ntuser.dat.LOG) -- C:\Documents and Settings\恭兵\ntuser.dat.LOG
[2010/04/11 15:17:09 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\Recent) -- C:\Documents and Settings\恭兵\Recent
[2010/04/11 15:17:09 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\Recent) -- C:\Documents and Settings\恭兵\Recent
[2010/04/11 14:02:45 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\HPAppData) -- C:\Documents and Settings\恭兵\Application Data\HPAppData
[2010/04/11 14:02:45 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\HPAppData) -- C:\Documents and Settings\恭兵\Application Data\HPAppData
[2010/04/11 14:01:26 | 000,000,000 | ---D | M](C:\Documents and Settings\??\??????) -- C:\Documents and Settings\恭兵\デスクトップ
[2010/04/11 14:01:26 | 000,000,000 | ---D | M](C:\Documents and Settings\??\??????) -- C:\Documents and Settings\恭兵\デスクトップ
[2010/04/11 14:00:22 | 009,175,040 | -H-- | M] ()(C:\Documents and Settings\??\NTUSER.DAT) -- C:\Documents and Settings\恭兵\NTUSER.DAT
[2010/04/11 13:45:24 | 000,000,278 | -HS- | M] ()(C:\Documents and Settings\??\ntuser.ini) -- C:\Documents and Settings\恭兵\ntuser.ini
[2010/04/11 13:42:16 | 000,561,664 | ---- | C] (OldTimer Tools)(C:\Documents and Settings\??\??????\OTL.exe) -- C:\Documents and Settings\恭兵\デスクトップ\OTL.exe
[2010/04/11 13:42:10 | 000,293,376 | ---- | C] ()(C:\Documents and Settings\??\??????\gmer.exe) -- C:\Documents and Settings\恭兵\デスクトップ\gmer.exe
[2010/04/11 12:48:59 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Search Settings) -- C:\Documents and Settings\恭兵\Application Data\Search Settings
[2010/04/11 12:48:59 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Search Settings) -- C:\Documents and Settings\恭兵\Application Data\Search Settings
[2010/04/11 12:30:02 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\Application Data) -- C:\Documents and Settings\恭兵\Application Data
[2010/04/11 12:30:02 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\Application Data) -- C:\Documents and Settings\恭兵\Application Data
[2010/04/11 12:09:59 | 004,310,652 | -H-- | M] ()(C:\Documents and Settings\??\Local Settings\Application Data\IconCache.db) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\IconCache.db
[2010/04/11 11:26:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\uapjbdabx) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\uapjbdabx
[2010/04/11 11:26:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\uapjbdabx) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\uapjbdabx
[2010/04/11 11:04:24 | 000,002,302 | ---- | M] ()(C:\Documents and Settings\??\avgrep.txt) -- C:\Documents and Settings\恭兵\avgrep.txt
[2010/04/11 08:03:56 | 000,002,302 | ---- | C] ()(C:\Documents and Settings\??\avgrep.txt) -- C:\Documents and Settings\恭兵\avgrep.txt
[2010/04/11 06:05:01 | 000,002,407 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Skype.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Skype.lnk
[2010/04/11 06:05:01 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\??????) -- C:\Documents and Settings\All Users\デスクトップ
[2010/04/11 06:05:01 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\??????) -- C:\Documents and Settings\All Users\デスクトップ
[2010/04/10 16:07:18 | 000,001,361 | ---- | M] ()(C:\Documents and Settings\??\??????\mbam-log-2010-04-10 (16-07-18).txt) -- C:\Documents and Settings\恭兵\デスクトップ\mbam-log-2010-04-10 (16-07-18).txt
[2010/04/10 16:07:18 | 000,001,361 | ---- | C] ()(C:\Documents and Settings\??\??????\mbam-log-2010-04-10 (16-07-18).txt) -- C:\Documents and Settings\恭兵\デスクトップ\mbam-log-2010-04-10 (16-07-18).txt
[2010/04/10 14:13:03 | 000,001,507 | ---- | M] ()(C:\Documents and Settings\All Users\??????\AVG Free 9.0.lnk) -- C:\Documents and Settings\All Users\デスクトップ\AVG Free 9.0.lnk
[2010/04/10 14:13:03 | 000,001,507 | ---- | C] ()(C:\Documents and Settings\All Users\??????\AVG Free 9.0.lnk) -- C:\Documents and Settings\All Users\デスクトップ\AVG Free 9.0.lnk
[2010/04/10 13:23:49 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\NetHood) -- C:\Documents and Settings\恭兵\NetHood
[2010/04/10 13:23:49 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\NetHood) -- C:\Documents and Settings\恭兵\NetHood
[2010/04/10 13:22:13 | 000,038,144 | ---- | M] ()(C:\Documents and Settings\??\Local Settings\Application Data\GDIPFONTCACHEV1.DAT) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/10 12:23:43 | 000,000,696 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Malwarebytes' Anti-Malware.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Malwarebytes' Anti-Malware.lnk
[2010/04/10 12:23:43 | 000,000,696 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Malwarebytes' Anti-Malware.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Malwarebytes' Anti-Malware.lnk
[2010/04/10 12:03:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Skype) -- C:\Documents and Settings\恭兵\Application Data\Skype
[2010/04/10 12:03:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Skype) -- C:\Documents and Settings\恭兵\Application Data\Skype
[2010/04/10 11:55:37 | 000,000,000 | --SD | M](C:\Documents and Settings\??\Cookies) -- C:\Documents and Settings\恭兵\Cookies
[2010/04/10 11:55:37 | 000,000,000 | --SD | M](C:\Documents and Settings\??\Cookies) -- C:\Documents and Settings\恭兵\Cookies
[2010/04/10 10:36:33 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\skypePM) -- C:\Documents and Settings\恭兵\Application Data\skypePM
[2010/04/10 10:36:33 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\skypePM) -- C:\Documents and Settings\恭兵\Application Data\skypePM
[2010/04/10 09:53:33 | 000,000,000 | ---D | C](C:\Documents and Settings\??\Local Settings\Application Data\uapjbdabx) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\uapjbdabx
[2010/04/10 05:34:41 | 000,001,923 | ---- | M] ()(C:\Documents and Settings\All Users\??????\iTunes.lnk) -- C:\Documents and Settings\All Users\デスクトップ\iTunes.lnk
[2010/04/09 21:51:12 | 000,561,664 | ---- | M] (OldTimer Tools)(C:\Documents and Settings\??\??????\OTL.exe) -- C:\Documents and Settings\恭兵\デスクトップ\OTL.exe
[2010/04/09 16:38:56 | 000,172,032 | ---- | M] ()(C:\Documents and Settings\??\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 15:43:43 | 000,002,131 | ---- | M] ()(C:\Documents and Settings\??\??????\Microsoft Word.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Microsoft Word.lnk
[2010/04/08 15:37:01 | 000,000,000 | ---D | M](F:\my ??????\study) -- F:\my ドキュメント\study
[2010/04/08 15:36:20 | 000,000,000 | ---D | C](F:\my ??????\study) -- F:\my ドキュメント\study
[2010/04/08 09:27:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple Computer
[2010/04/08 09:27:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple Computer
[2010/04/06 07:27:29 | 000,000,000 | R--D | M](F:\my ??????\My Pictures) -- F:\my ドキュメント\My Pictures
[2010/04/03 20:58:50 | 000,000,000 | ---D | M](F:\my ??????\??????) -- F:\my ドキュメント\ダウンロード
[2010/04/03 19:29:10 | 000,015,416 | ---- | M] ()(C:\Documents and Settings\??\Application Data\Cabos.plist) -- C:\Documents and Settings\恭兵\Application Data\Cabos.plist
[2010/04/03 19:17:27 | 000,000,780 | ---- | M] ()(C:\Documents and Settings\All Users\??????\GOM Player.lnk) -- C:\Documents and Settings\All Users\デスクトップ\GOM Player.lnk
[2010/04/03 18:49:06 | 000,000,000 | ---D | M](F:\my ??????\Downloads) -- F:\my ドキュメント\Downloads
[2010/03/27 03:19:12 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\BDL+D) -- C:\Documents and Settings\恭兵\Application Data\BDL+D
[2010/03/27 03:19:12 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\BDL+D) -- C:\Documents and Settings\恭兵\Application Data\BDL+D
[2010/03/26 14:45:15 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\GRETECH) -- C:\Documents and Settings\恭兵\Application Data\GRETECH
[2010/03/26 14:45:15 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\GRETECH) -- C:\Documents and Settings\恭兵\Application Data\GRETECH
[2010/03/26 14:44:27 | 000,000,780 | ---- | C] ()(C:\Documents and Settings\All Users\??????\GOM Player.lnk) -- C:\Documents and Settings\All Users\デスクトップ\GOM Player.lnk
[2010/03/26 14:44:27 | 000,000,000 | R--D | M](C:\Documents and Settings\??\???? ????) -- C:\Documents and Settings\恭兵\スタート メニュー
[2010/03/26 14:44:27 | 000,000,000 | R--D | M](C:\Documents and Settings\??\???? ????) -- C:\Documents and Settings\恭兵\スタート メニュー
[2010/03/24 01:15:23 | 000,000,000 | ---D | M](F:\my ??????\CravingExplorer) -- F:\my ドキュメント\CravingExplorer
[2010/03/24 01:14:41 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\CravingExplorer) -- C:\Documents and Settings\恭兵\Application Data\CravingExplorer
[2010/03/24 01:14:41 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\CravingExplorer) -- C:\Documents and Settings\恭兵\Application Data\CravingExplorer
[2010/03/24 01:13:16 | 000,000,495 | ---- | M] ()(C:\Documents and Settings\??\??????\Craving Explorer.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Craving Explorer.lnk
[2010/03/24 01:13:16 | 000,000,495 | ---- | C] ()(C:\Documents and Settings\??\??????\Craving Explorer.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Craving Explorer.lnk
[2010/03/24 01:13:13 | 000,000,000 | ---D | C](F:\my ??????\CravingExplorer) -- F:\my ドキュメント\CravingExplorer
[2010/03/18 11:44:36 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Temp) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Temp
[2010/03/18 11:44:36 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Temp) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Temp
[2010/03/16 15:36:41 | 000,000,000 | ---D | M](F:\my ??????\ChoRokuF) -- F:\my ドキュメント\ChoRokuF
[2010/03/16 15:36:17 | 000,000,000 | ---D | C](F:\my ??????\ChoRokuF) -- F:\my ドキュメント\ChoRokuF
[2010/03/16 15:26:51 | 000,000,000 | R--D | M](F:\my ??????\My Music) -- F:\my ドキュメント\My Music
[2010/03/13 12:24:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Google) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Google
[2010/03/13 12:24:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Google) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Google
[2010/03/13 11:32:37 | 000,000,000 | ---D | C](F:\my ??????\??????) -- F:\my ドキュメント\ダウンロード
[2010/02/24 13:09:20 | 000,002,187 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Safari.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Safari.lnk
[2010/02/24 03:55:26 | 000,000,000 | ---D | M](F:\my ??????\BandiCam) -- F:\my ドキュメント\BandiCam
[2010/02/02 15:04:11 | 000,001,923 | ---- | C] ()(C:\Documents and Settings\All Users\??????\iTunes.lnk) -- C:\Documents and Settings\All Users\デスクトップ\iTunes.lnk
[2010/01/25 21:56:47 | 000,000,666 | ---- | M] ()(C:\Documents and Settings\??\??????\Lhaplus.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Lhaplus.lnk
[2010/01/25 21:56:46 | 000,000,666 | ---- | C] ()(C:\Documents and Settings\??\??????\Lhaplus.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Lhaplus.lnk
[2009/12/30 21:12:21 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Microsoft
[2009/12/30 21:12:21 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Microsoft
[2009/12/30 20:49:58 | 000,000,750 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\??????????????.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\ソフトウェアルータ設定ツール.lnk
[2009/12/30 20:46:27 | 000,000,843 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\???????????3.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\クライアントマネージャ3.lnk
[2009/12/30 20:46:27 | 000,000,843 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\???????????3.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\クライアントマネージャ3.lnk
[2009/12/30 20:31:23 | 000,000,750 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\??????????????.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\ソフトウェアルータ設定ツール.lnk
[2009/12/27 00:46:33 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\SendTo) -- C:\Documents and Settings\恭兵\SendTo
[2009/12/27 00:46:33 | 000,000,000 | RH-D | M](C:\Documents and Settings\??\SendTo) -- C:\Documents and Settings\恭兵\SendTo
[2009/12/27 00:46:32 | 000,002,407 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Skype.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Skype.lnk
[2009/12/27 00:19:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\BANDISOFT) -- C:\Documents and Settings\恭兵\Application Data\BANDISOFT
[2009/12/27 00:19:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\BANDISOFT) -- C:\Documents and Settings\恭兵\Application Data\BANDISOFT
[2009/12/27 00:19:18 | 000,000,000 | ---D | C](F:\my ??????\BandiCam) -- F:\my ドキュメント\BandiCam
[2009/12/27 00:19:15 | 000,000,663 | ---- | M] ()(C:\Documents and Settings\??\??????\Bandicam.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Bandicam.lnk
[2009/12/27 00:19:15 | 000,000,663 | ---- | C] ()(C:\Documents and Settings\??\??????\Bandicam.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Bandicam.lnk
[2009/12/27 00:19:11 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Local Settings) -- C:\Documents and Settings\恭兵\Local Settings
[2009/12/27 00:19:11 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Local Settings) -- C:\Documents and Settings\恭兵\Local Settings
[2009/12/15 11:24:48 | 000,293,376 | ---- | M] ()(C:\Documents and Settings\??\??????\gmer.exe) -- C:\Documents and Settings\恭兵\デスクトップ\gmer.exe
[2009/12/14 03:29:02 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\AdobeUM) -- C:\Documents and Settings\恭兵\Application Data\AdobeUM
[2009/12/14 03:29:02 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\AdobeUM) -- C:\Documents and Settings\恭兵\Application Data\AdobeUM
[2009/12/09 22:00:24 | 000,001,604 | ---- | M] ()(C:\Documents and Settings\All Users\??????\QuickTime Player.lnk) -- C:\Documents and Settings\All Users\デスクトップ\QuickTime Player.lnk
[2009/12/09 22:00:24 | 000,001,604 | ---- | C] ()(C:\Documents and Settings\All Users\??????\QuickTime Player.lnk) -- C:\Documents and Settings\All Users\デスクトップ\QuickTime Player.lnk
[2009/12/08 18:03:05 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Dayz) -- C:\Documents and Settings\恭兵\Application Data\Dayz
[2009/12/08 18:03:05 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Dayz) -- C:\Documents and Settings\恭兵\Application Data\Dayz
[2009/12/08 18:03:04 | 000,000,633 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\?????? for Windows.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\天気予報コム for Windows.lnk
[2009/12/08 18:03:04 | 000,000,633 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\?????? for Windows.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\天気予報コム for Windows.lnk
[2009/12/08 18:03:04 | 000,000,621 | ---- | M] ()(C:\Documents and Settings\All Users\??????\?????? for Windows.lnk) -- C:\Documents and Settings\All Users\デスクトップ\天気予報コム for Windows.lnk
[2009/12/08 18:03:04 | 000,000,621 | ---- | C] ()(C:\Documents and Settings\All Users\??????\?????? for Windows.lnk) -- C:\Documents and Settings\All Users\デスクトップ\天気予報コム for Windows.lnk
[2009/12/08 18:03:04 | 000,000,000 | ---D | M](C:\Program Files\??????) -- C:\Program Files\天気予報コム
[2009/12/08 18:03:04 | 000,000,000 | ---D | M](C:\Program Files\??????) -- C:\Program Files\天気予報コム
[2009/12/07 17:10:54 | 000,089,680 | ---- | M] (Microsoft Corporation)(C:\Documents and Settings\??\MSSSerif120.fon) -- C:\Documents and Settings\恭兵\MSSSerif120.fon
[2009/11/24 20:27:27 | 000,000,000 | R--D | M](F:\my ??????\My Videos) -- F:\my ドキュメント\My Videos
[2009/10/20 05:21:55 | 000,000,000 | ---D | M](C:\Documents and Settings\??\??????\machusbhdd107) -- C:\Documents and Settings\恭兵\デスクトップ\machusbhdd107
[2009/10/20 05:21:55 | 000,000,000 | ---D | C](C:\Documents and Settings\??\??????\machusbhdd107) -- C:\Documents and Settings\恭兵\デスクトップ\machusbhdd107
[2009/10/19 19:42:01 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\InstallShield) -- C:\Documents and Settings\恭兵\Application Data\InstallShield
[2009/10/19 19:42:01 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\InstallShield) -- C:\Documents and Settings\恭兵\Application Data\InstallShield
[2009/10/14 17:51:57 | 000,000,638 | ---- | M] ()(C:\Documents and Settings\All Users\??????\FFFTP.lnk) -- C:\Documents and Settings\All Users\デスクトップ\FFFTP.lnk
[2009/10/14 17:51:57 | 000,000,638 | ---- | C] ()(C:\Documents and Settings\All Users\??????\FFFTP.lnk) -- C:\Documents and Settings\All Users\デスクトップ\FFFTP.lnk
[2009/10/09 02:18:03 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Application Data\Microsoft
[2009/10/09 02:18:03 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Application Data\Microsoft
[2009/10/09 01:58:37 | 000,000,791 | ---- | M] ()(C:\Documents and Settings\??\??????\Free iPod Video Converter.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Free iPod Video Converter.lnk
[2009/10/09 01:58:37 | 000,000,791 | ---- | C] ()(C:\Documents and Settings\??\??????\Free iPod Video Converter.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Free iPod Video Converter.lnk
[2009/10/09 01:58:21 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\FreeIPODConverter) -- C:\Documents and Settings\恭兵\Application Data\FreeIPODConverter
[2009/10/09 01:58:21 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\FreeIPODConverter) -- C:\Documents and Settings\恭兵\Application Data\FreeIPODConverter
[2009/10/08 04:41:45 | 000,000,000 | ---D | M](F:\my ??????\GomEncoder) -- F:\my ドキュメント\GomEncoder
[2009/10/07 15:29:50 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Application Data\Apple Computer
[2009/10/07 15:29:50 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Application Data\Apple Computer
[2009/10/06 10:43:05 | 000,002,187 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Safari.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Safari.lnk
[2009/09/12 20:25:52 | 000,000,499 | ---- | M] ()(C:\Documents and Settings\??\??????\GOM ENCODER.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\GOM ENCODER.lnk
[2009/09/12 20:25:52 | 000,000,499 | ---- | C] ()(C:\Documents and Settings\??\??????\GOM ENCODER.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\GOM ENCODER.lnk
[2009/09/12 20:24:42 | 000,000,000 | ---D | C](F:\my ??????\GomEncoder) -- F:\my ドキュメント\GomEncoder
[2009/09/08 15:14:37 | 000,001,870 | ---- | M] ()(C:\Documents and Settings\All Users\??????\HP Photosmart Essential 3.5.lnk) -- C:\Documents and Settings\All Users\デスクトップ\HP Photosmart Essential 3.5.lnk
[2009/09/08 15:14:37 | 000,001,870 | ---- | C] ()(C:\Documents and Settings\All Users\??????\HP Photosmart Essential 3.5.lnk) -- C:\Documents and Settings\All Users\デスクトップ\HP Photosmart Essential 3.5.lnk
[2009/09/08 15:10:03 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\HP) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\HP
[2009/09/08 15:10:03 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\HP) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\HP
[2009/07/27 18:14:21 | 000,000,000 | ---D | M](C:\Documents and Settings\??\??????\???????) -- C:\Documents and Settings\恭兵\デスクトップ\新しいフォルダ
[2009/07/27 18:09:05 | 000,002,111 | ---- | M] ()(C:\Documents and Settings\??\??????\Microsoft Excel.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Microsoft Excel.lnk
[2009/07/27 18:03:02 | 000,001,403 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Microsoft Office.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Office.lnk
[2009/07/27 18:02:59 | 000,001,403 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Microsoft Office.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Microsoft Office.lnk
[2009/07/27 18:02:55 | 000,002,131 | ---- | C] ()(C:\Documents and Settings\??\??????\Microsoft Word.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Microsoft Word.lnk
[2009/07/27 18:02:55 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\???? ????) -- C:\Documents and Settings\All Users\スタート メニュー
[2009/07/27 18:02:55 | 000,000,000 | R--D | M](C:\Documents and Settings\All Users\???? ????) -- C:\Documents and Settings\All Users\スタート メニュー
[2009/07/27 18:02:53 | 000,002,111 | ---- | C] ()(C:\Documents and Settings\??\??????\Microsoft Excel.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Microsoft Excel.lnk
[2009/07/08 21:02:16 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Apple) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple
[2009/07/08 21:02:16 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Apple) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple
[2009/06/24 14:27:06 | 000,001,602 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Mozilla Firefox.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Mozilla Firefox.lnk
[2009/06/24 14:27:06 | 000,001,602 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Mozilla Firefox.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Mozilla Firefox.lnk
[2009/06/23 23:08:20 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\WMTools Downloaded Files) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\WMTools Downloaded Files
[2009/06/23 23:08:20 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\WMTools Downloaded Files) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\WMTools Downloaded Files
[2009/05/12 19:23:57 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\OpenOffice.org) -- C:\Documents and Settings\恭兵\Application Data\OpenOffice.org
[2009/05/12 19:23:57 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\OpenOffice.org) -- C:\Documents and Settings\恭兵\Application Data\OpenOffice.org
[2009/03/23 00:06:40 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\HP) -- C:\Documents and Settings\恭兵\Application Data\HP
[2009/03/23 00:06:40 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\HP) -- C:\Documents and Settings\恭兵\Application Data\HP
[2009/03/22 23:01:18 | 000,001,808 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\HP Digital Imaging Monitor.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\HP Digital Imaging Monitor.lnk
[2009/03/22 23:01:18 | 000,001,808 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\HP Digital Imaging Monitor.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\HP Digital Imaging Monitor.lnk
[2009/03/05 22:11:04 | 000,000,782 | ---- | M] ()(C:\Documents and Settings\??\??????\Windows Media Player.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Windows Media Player.lnk
[2009/03/03 19:56:25 | 000,000,927 | ---- | M] ()(C:\Documents and Settings\??\??????\3GP_Converter ?????????.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\3GP_Converter へのショートカット.lnk
[2009/03/03 19:55:00 | 000,000,927 | ---- | C] ()(C:\Documents and Settings\??\??????\3GP_Converter ?????????.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\3GP_Converter へのショートカット.lnk
[2009/02/22 21:47:36 | 000,000,139 | -HS- | M] ()(F:\my ??????\desktop.ini) -- F:\my ドキュメント\desktop.ini
[2009/02/22 21:47:36 | 000,000,000 | R--D | M](C:\Documents and Settings\??\Favorites) -- C:\Documents and Settings\恭兵\Favorites
[2009/02/22 21:47:36 | 000,000,000 | R--D | M](C:\Documents and Settings\??\Favorites) -- C:\Documents and Settings\恭兵\Favorites
[2009/02/22 13:10:43 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Application Data\Mozilla
[2009/02/22 13:10:43 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Application Data\Mozilla
[2009/02/22 13:10:34 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Mozilla
[2009/02/22 13:10:34 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Mozilla
[2009/02/18 11:36:49 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Real) -- C:\Documents and Settings\恭兵\Application Data\Real
[2009/02/18 11:36:49 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Real) -- C:\Documents and Settings\恭兵\Application Data\Real
[2009/02/14 05:08:30 | 000,000,000 | R--D | C](F:\my ??????\My Videos) -- F:\my ドキュメント\My Videos
[2008/11/24 14:25:23 | 000,039,936 | -HS- | M] ()(F:\my ??????\Thumbs.db) -- F:\my ドキュメント\Thumbs.db
[2008/11/10 00:28:20 | 000,039,936 | -HS- | C] ()(F:\my ??????\Thumbs.db) -- F:\my ドキュメント\Thumbs.db
[2008/10/11 20:29:41 | 000,000,285 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\????? (F) ?????????.lnk) -- C:\Documents and Settings\All Users\Documents\ボリューム (F) へのショートカット.lnk
[2008/10/11 20:29:40 | 000,000,285 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\????? (F) ?????????.lnk) -- C:\Documents and Settings\All Users\Documents\ボリューム (F) へのショートカット.lnk
[2008/09/01 17:44:03 | 000,000,584 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Sleeptracker Pro 1.0.2.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Sleeptracker Pro 1.0.2.lnk
[2008/09/01 17:44:03 | 000,000,584 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Sleeptracker Pro 1.0.2.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Sleeptracker Pro 1.0.2.lnk
[2008/05/15 15:25:35 | 000,000,000 | ---D | M](C:\Documents and Settings\??\My Documents) -- C:\Documents and Settings\恭兵\My Documents
[2008/05/15 15:25:35 | 000,000,000 | ---D | M](C:\Documents and Settings\??\My Documents) -- C:\Documents and Settings\恭兵\My Documents
[2008/05/14 22:31:52 | 000,000,000 | R--D | C](F:\my ??????\My Music) -- F:\my ドキュメント\My Music
[2008/05/13 20:21:51 | 000,000,139 | -HS- | C] ()(F:\my ??????\desktop.ini) -- F:\my ドキュメント\desktop.ini
[2008/05/13 20:21:51 | 000,000,064 | -HS- | M] ()(F:\my ??????\??? ~ desktop.ini) -- F:\my ドキュメント\コピー ~ desktop.ini
[2008/05/13 17:05:33 | 000,000,064 | -HS- | M] ()(F:\my ??????\??? ~ ??? ~ desktop.ini) -- F:\my ドキュメント\コピー ~ コピー ~ desktop.ini
[2008/05/13 17:05:33 | 000,000,064 | -HS- | C] ()(F:\my ??????\??? ~ desktop.ini) -- F:\my ドキュメント\コピー ~ desktop.ini
[2008/05/13 17:05:17 | 000,000,064 | -HS- | C] ()(F:\my ??????\??? ~ ??? ~ desktop.ini) -- F:\my ドキュメント\コピー ~ コピー ~ desktop.ini
[2008/05/13 17:04:43 | 000,000,000 | ---D | M](F:\my ??????\download) -- F:\my ドキュメント\download
[2008/05/13 16:50:11 | 000,000,000 | ---D | C](F:\my ??????\download) -- F:\my ドキュメント\download
[2008/05/13 16:49:22 | 000,000,000 | ---D | C](F:\my ??????\Downloads) -- F:\my ドキュメント\Downloads
[2008/05/13 16:49:21 | 000,000,000 | R--D | C](F:\my ??????\My Pictures) -- F:\my ドキュメント\My Pictures
[2008/04/14 20:47:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Cabos) -- C:\Documents and Settings\恭兵\Application Data\Cabos
[2008/04/14 20:47:19 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Cabos) -- C:\Documents and Settings\恭兵\Application Data\Cabos
[2008/03/20 21:40:13 | 000,015,416 | ---- | C] ()(C:\Documents and Settings\??\Application Data\Cabos.plist) -- C:\Documents and Settings\恭兵\Application Data\Cabos.plist
[2008/03/20 20:39:50 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Shared) -- C:\Documents and Settings\恭兵\Shared
[2008/03/20 20:39:50 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Shared) -- C:\Documents and Settings\恭兵\Shared
[2008/03/20 20:38:24 | 000,001,572 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Cabos.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Cabos.lnk
[2008/03/20 20:38:24 | 000,001,572 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Cabos.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Cabos.lnk
[2008/02/29 16:53:58 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Application Data\Adobe
[2008/02/29 16:53:58 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Application Data\Adobe
[2008/02/18 07:34:39 | 000,000,000 | ---D | C](C:\Documents and Settings\??\??????\???????) -- C:\Documents and Settings\恭兵\デスクトップ\新しいフォルダ
[2008/01/08 18:31:33 | 000,001,757 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Adobe Reader Speed Launch.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
[2008/01/08 18:31:33 | 000,001,740 | ---- | M] ()(C:\Documents and Settings\All Users\??????\Adobe Reader 7.0.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Adobe Reader 7.0.lnk
[2008/01/08 18:31:33 | 000,001,740 | ---- | C] ()(C:\Documents and Settings\All Users\??????\Adobe Reader 7.0.lnk) -- C:\Documents and Settings\All Users\デスクトップ\Adobe Reader 7.0.lnk
[2008/01/08 18:31:32 | 000,001,757 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Adobe Reader Speed Launch.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
[2007/12/09 21:43:45 | 000,001,734 | ---- | C] ()(C:\Documents and Settings\??\??????\SD-Jukebox V6.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\SD-Jukebox V6.lnk
[2007/12/09 19:45:50 | 000,001,734 | ---- | M] ()(C:\Documents and Settings\??\??????\SD-Jukebox V6.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\SD-Jukebox V6.lnk
[2007/09/20 16:51:43 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\GRETECH JAPAN) -- C:\Documents and Settings\恭兵\Application Data\GRETECH JAPAN
[2007/09/20 16:51:43 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\GRETECH JAPAN) -- C:\Documents and Settings\恭兵\Application Data\GRETECH JAPAN
[2007/08/28 02:11:39 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Application Data\Hangame) -- C:\Documents and Settings\恭兵\Application Data\Hangame
[2007/08/28 02:11:39 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Application Data\Hangame) -- C:\Documents and Settings\恭兵\Application Data\Hangame
[2007/08/25 21:29:59 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Application Data\SDJukebox) -- C:\Documents and Settings\恭兵\Application Data\SDJukebox
[2007/08/25 21:29:59 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Application Data\SDJukebox) -- C:\Documents and Settings\恭兵\Application Data\SDJukebox
[2007/04/17 03:07:52 | 004,310,652 | -H-- | C] ()(C:\Documents and Settings\??\Local Settings\Application Data\IconCache.db) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\IconCache.db
[2007/04/16 00:57:01 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Trinity) -- C:\Documents and Settings\恭兵\Application Data\Trinity
[2007/04/16 00:57:01 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Trinity) -- C:\Documents and Settings\恭兵\Application Data\Trinity
[2007/03/10 21:18:09 | 000,000,000 | ---D | M](C:\Program Files\FOMA PC?????) -- C:\Program Files\FOMA PC設定ソフト
[2007/03/10 21:18:09 | 000,000,000 | ---D | M](C:\Program Files\FOMA PC?????) -- C:\Program Files\FOMA PC設定ソフト
[2007/03/10 21:13:40 | 000,001,569 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\W-TCP??.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\W-TCP設定.lnk
[2007/03/10 21:13:40 | 000,001,569 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\W-TCP??.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\W-TCP設定.lnk
[2006/09/12 23:13:48 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Google) -- C:\Documents and Settings\恭兵\Application Data\Google
[2006/09/12 23:13:48 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Google) -- C:\Documents and Settings\恭兵\Application Data\Google
[2006/09/05 23:30:23 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\i4) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\i4
[2006/09/05 23:30:23 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\i4) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\i4
[2006/08/04 20:19:34 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\AVG7) -- C:\Documents and Settings\恭兵\Application Data\AVG7
[2006/08/04 20:19:34 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\AVG7) -- C:\Documents and Settings\恭兵\Application Data\AVG7
[2006/08/04 20:06:39 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Lavasoft) -- C:\Documents and Settings\恭兵\Application Data\Lavasoft
[2006/08/04 20:06:39 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Lavasoft) -- C:\Documents and Settings\恭兵\Application Data\Lavasoft
[2006/08/02 22:34:22 | 000,000,877 | ---- | M] ()(C:\Documents and Settings\??\FileAccess.log) -- C:\Documents and Settings\恭兵\FileAccess.log
[2006/08/02 22:34:22 | 000,000,877 | ---- | C] ()(C:\Documents and Settings\??\FileAccess.log) -- C:\Documents and Settings\恭兵\FileAccess.log
[2006/08/02 22:24:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\WinAntiVirus Pro 2006) -- C:\Documents and Settings\恭兵\Application Data\WinAntiVirus Pro 2006
[2006/08/02 22:24:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\WinAntiVirus Pro 2006) -- C:\Documents and Settings\恭兵\Application Data\WinAntiVirus Pro 2006
[2006/03/29 19:22:42 | 000,002,012 | ---- | M] ()(C:\Documents and Settings\??\??????\Adobe Photoshop Album Mini 3.0.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Adobe Photoshop Album Mini 3.0.lnk
[2006/03/29 19:22:42 | 000,002,012 | ---- | C] ()(C:\Documents and Settings\??\??????\Adobe Photoshop Album Mini 3.0.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Adobe Photoshop Album Mini 3.0.lnk
[2006/02/02 22:14:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Help) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Help
[2006/02/02 22:14:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Help) -- C:\Documents and Settings\恭兵\Application Data\Help
[2006/02/02 22:14:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Help) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Help
[2006/02/02 22:14:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Help) -- C:\Documents and Settings\恭兵\Application Data\Help
[2006/01/29 23:05:13 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Fanfare) -- C:\Documents and Settings\恭兵\Application Data\Fanfare
[2006/01/29 23:05:13 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Fanfare) -- C:\Documents and Settings\恭兵\Application Data\Fanfare
[2006/01/17 20:51:20 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Adobe
[2006/01/17 20:51:20 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Adobe
[2006/01/04 16:30:51 | 000,172,032 | ---- | C] ()(C:\Documents and Settings\??\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/03 01:38:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Sonic) -- C:\Documents and Settings\恭兵\Application Data\Sonic
[2006/01/03 01:38:06 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Sonic) -- C:\Documents and Settings\恭兵\Application Data\Sonic
[2006/01/03 01:37:31 | 000,089,680 | ---- | C] (Microsoft Corporation)(C:\Documents and Settings\??\MSSSerif120.fon) -- C:\Documents and Settings\恭兵\MSSSerif120.fon
[2006/01/03 01:37:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Leadertech) -- C:\Documents and Settings\恭兵\Application Data\Leadertech
[2006/01/03 01:37:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Leadertech) -- C:\Documents and Settings\恭兵\Application Data\Leadertech
[2006/01/02 21:44:22 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Macromedia) -- C:\Documents and Settings\恭兵\Application Data\Macromedia
[2006/01/02 21:44:22 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Macromedia) -- C:\Documents and Settings\恭兵\Application Data\Macromedia
[2006/01/02 21:34:41 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Identities) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Identities
[2006/01/02 21:34:41 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\Identities) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Identities
[2006/01/02 20:22:07 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\i4) -- C:\Documents and Settings\恭兵\Application Data\i4
[2006/01/02 20:22:07 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\i4) -- C:\Documents and Settings\恭兵\Application Data\i4
[2006/01/02 19:43:26 | 000,000,652 | ---- | M] ()(C:\Documents and Settings\??\??????\+Lhaca.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\+Lhaca.lnk
[2006/01/02 19:43:26 | 000,000,652 | ---- | C] ()(C:\Documents and Settings\??\??????\+Lhaca.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\+Lhaca.lnk
[2006/01/02 19:11:48 | 000,038,144 | ---- | C] ()(C:\Documents and Settings\??\Local Settings\Application Data\GDIPFONTCACHEV1.DAT) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/01/02 19:01:30 | 000,000,000 | --SD | M](C:\Documents and Settings\??\UserData) -- C:\Documents and Settings\恭兵\UserData
[2006/01/02 19:01:30 | 000,000,000 | --SD | M](C:\Documents and Settings\??\UserData) -- C:\Documents and Settings\恭兵\UserData
[2006/01/02 18:59:17 | 000,000,782 | ---- | C] ()(C:\Documents and Settings\??\??????\Windows Media Player.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\Windows Media Player.lnk
[2006/01/02 18:58:59 | 000,000,062 | -HS- | C] ()(C:\Documents and Settings\??\Application Data\desktop.ini) -- C:\Documents and Settings\恭兵\Application Data\desktop.ini
[2006/01/02 18:58:58 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\??\???? ????\?????\???????\desktop.ini) -- C:\Documents and Settings\恭兵\スタート メニュー\プログラム\スタートアップ\desktop.ini
[2006/01/02 18:58:57 | 000,001,024 | -H-- | C] ()(C:\Documents and Settings\??\ntuser.dat.LOG) -- C:\Documents and Settings\恭兵\ntuser.dat.LOG
[2006/01/02 18:58:57 | 000,000,278 | -HS- | C] ()(C:\Documents and Settings\??\ntuser.ini) -- C:\Documents and Settings\恭兵\ntuser.ini
[2006/01/02 18:58:56 | 009,175,040 | -H-- | C] ()(C:\Documents and Settings\??\NTUSER.DAT) -- C:\Documents and Settings\恭兵\NTUSER.DAT
[2005/09/12 16:19:09 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\InterVideo) -- C:\Documents and Settings\恭兵\Application Data\InterVideo
[2005/09/12 16:19:09 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\InterVideo) -- C:\Documents and Settings\恭兵\Application Data\InterVideo
[2005/06/16 15:36:33 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Super Mapple) -- C:\Documents and Settings\恭兵\Application Data\Super Mapple
[2005/06/16 15:36:33 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Super Mapple) -- C:\Documents and Settings\恭兵\Application Data\Super Mapple
[2005/06/16 15:24:46 | 000,001,829 | ---- | C] ()(C:\Documents and Settings\All Users\??????\RecordNow!.lnk) -- C:\Documents and Settings\All Users\デスクトップ\RecordNow!.lnk
[2005/06/16 15:24:04 | 000,001,829 | ---- | M] ()(C:\Documents and Settings\All Users\??????\RecordNow!.lnk) -- C:\Documents and Settings\All Users\デスクトップ\RecordNow!.lnk
[2005/06/16 15:19:30 | 000,001,781 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\InterVideo WinCinema Manager.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\InterVideo WinCinema Manager.lnk
[2005/06/16 15:19:30 | 000,001,781 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\InterVideo WinCinema Manager.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\InterVideo WinCinema Manager.lnk
[2005/06/16 15:19:30 | 000,001,657 | ---- | M] ()(C:\Documents and Settings\All Users\??????\InterVideo WinDVD.lnk) -- C:\Documents and Settings\All Users\デスクトップ\InterVideo WinDVD.lnk
[2005/06/16 15:19:30 | 000,001,657 | ---- | C] ()(C:\Documents and Settings\All Users\??????\InterVideo WinDVD.lnk) -- C:\Documents and Settings\All Users\デスクトップ\InterVideo WinDVD.lnk
[2005/06/16 15:14:54 | 000,000,000 | ---D | M](C:\Program Files\The Graphics [???]) -- C:\Program Files\The Graphics [ドロー]
[2005/06/16 15:14:54 | 000,000,000 | ---D | M](C:\Program Files\The Graphics [???]) -- C:\Program Files\The Graphics [ドロー]
[2005/05/26 10:14:51 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Sun) -- C:\Documents and Settings\恭兵\Application Data\Sun
[2005/05/26 10:14:51 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Sun) -- C:\Documents and Settings\恭兵\Application Data\Sun
[2005/05/26 10:14:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2005/05/26 10:14:31 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
[2005/05/25 15:25:22 | 000,001,513 | ---- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Utility Tray.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Utility Tray.lnk
[2005/05/25 15:25:22 | 000,001,513 | ---- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\Utility Tray.lnk) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Utility Tray.lnk
[2005/05/25 15:21:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\WINDOWS) -- C:\Documents and Settings\恭兵\WINDOWS
[2005/05/25 15:21:04 | 000,000,000 | ---D | M](C:\Documents and Settings\??\WINDOWS) -- C:\Documents and Settings\恭兵\WINDOWS
[2005/05/24 14:59:45 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Identities) -- C:\Documents and Settings\恭兵\Application Data\Identities
[2005/05/24 14:59:45 | 000,000,000 | ---D | M](C:\Documents and Settings\??\Application Data\Identities) -- C:\Documents and Settings\恭兵\Application Data\Identities
[2005/05/24 14:59:43 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\desktop.ini) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\desktop.ini
[2005/05/24 14:59:43 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\??\???? ????\?????\???????\desktop.ini) -- C:\Documents and Settings\恭兵\スタート メニュー\プログラム\スタートアップ\desktop.ini
[2005/05/24 14:54:26 | 000,000,879 | ---- | M] ()(C:\Documents and Settings\??\??????\??????.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\ワードパッド.lnk
[2005/05/24 14:54:26 | 000,000,879 | ---- | C] ()(C:\Documents and Settings\??\??????\??????.lnk) -- C:\Documents and Settings\恭兵\デスクトップ\ワードパッド.lnk
[2005/05/24 14:54:10 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Templates) -- C:\Documents and Settings\恭兵\Templates
[2005/05/24 14:54:10 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\Templates) -- C:\Documents and Settings\恭兵\Templates
[2005/05/24 14:54:07 | 000,065,978 | ---- | C] ()(C:\WINDOWS\????.bmp) -- C:\WINDOWS\シャボン.bmp
[2005/05/24 14:54:07 | 000,065,954 | ---- | C] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\大草原の風.bmp
[2005/05/24 14:54:07 | 000,065,832 | ---- | C] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\サンタフェ.bmp
[2005/05/24 14:54:07 | 000,026,680 | ---- | C] ()(C:\WINDOWS\???.bmp) -- C:\WINDOWS\隅田川.bmp
[2005/05/24 14:54:07 | 000,026,582 | ---- | C] ()(C:\WINDOWS\???? ????.bmp) -- C:\WINDOWS\グリーン ストーン.bmp
[2005/05/24 14:54:07 | 000,017,362 | ---- | C] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\しゃくなげ.bmp
[2005/05/24 14:54:07 | 000,017,336 | ---- | C] ()(C:\WINDOWS\??????.bmp) -- C:\WINDOWS\フィッシング.bmp
[2005/05/24 14:54:07 | 000,017,062 | ---- | C] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\珈琲カップ.bmp
[2005/05/24 14:54:07 | 000,016,730 | ---- | C] ()(C:\WINDOWS\??.bmp) -- C:\WINDOWS\羽毛.bmp
[2005/05/24 14:54:07 | 000,009,522 | ---- | C] ()(C:\WINDOWS\???????.bmp) -- C:\WINDOWS\サポテック織り.bmp
[2005/05/24 14:54:07 | 000,001,272 | ---- | C] ()(C:\WINDOWS\??????? 16.bmp) -- C:\WINDOWS\青いレース編み 16.bmp
[2005/05/24 14:45:38 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\All Users\???? ????\?????\???????\desktop.ini) -- C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\desktop.ini
[2005/05/24 14:45:38 | 000,000,062 | -HS- | M] ()(C:\Documents and Settings\??\Application Data\desktop.ini) -- C:\Documents and Settings\恭兵\Application Data\desktop.ini
[2005/05/24 14:45:38 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\PrintHood) -- C:\Documents and Settings\恭兵\PrintHood
[2005/05/24 14:45:38 | 000,000,000 | -H-D | M](C:\Documents and Settings\??\PrintHood) -- C:\Documents and Settings\恭兵\PrintHood
[2005/05/24 14:31:17 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\????????.scf) -- C:\WINDOWS\System32\チャンネルの表示.scf
[2004/08/05 21:00:00 | 000,065,978 | ---- | M] ()(C:\WINDOWS\????.bmp) -- C:\WINDOWS\シャボン.bmp
[2004/08/05 21:00:00 | 000,065,954 | ---- | M] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\大草原の風.bmp
[2004/08/05 21:00:00 | 000,065,832 | ---- | M] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\サンタフェ.bmp
[2004/08/05 21:00:00 | 000,026,680 | ---- | M] ()(C:\WINDOWS\???.bmp) -- C:\WINDOWS\隅田川.bmp
[2004/08/05 21:00:00 | 000,026,582 | ---- | M] ()(C:\WINDOWS\???? ????.bmp) -- C:\WINDOWS\グリーン ストーン.bmp
[2004/08/05 21:00:00 | 000,017,362 | ---- | M] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\しゃくなげ.bmp
[2004/08/05 21:00:00 | 000,017,336 | ---- | M] ()(C:\WINDOWS\??????.bmp) -- C:\WINDOWS\フィッシング.bmp
[2004/08/05 21:00:00 | 000,017,062 | ---- | M] ()(C:\WINDOWS\?????.bmp) -- C:\WINDOWS\珈琲カップ.bmp
[2004/08/05 21:00:00 | 000,016,730 | ---- | M] ()(C:\WINDOWS\??.bmp) -- C:\WINDOWS\羽毛.bmp
[2004/08/05 21:00:00 | 000,009,522 | ---- | M] ()(C:\WINDOWS\???????.bmp) -- C:\WINDOWS\サポテック織り.bmp
[2004/08/05 21:00:00 | 000,001,272 | ---- | M] ()(C:\WINDOWS\??????? 16.bmp) -- C:\WINDOWS\青いレース編み 16.bmp
[2004/08/05 21:00:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\????????.scf) -- C:\WINDOWS\System32\チャンネルの表示.scf
(C:\Program Files\The Graphics [???]) -- C:\Program Files\The Graphics [ドロー]
(C:\Program Files\FOMA PC?????) -- C:\Program Files\FOMA PC設定ソフト
(C:\Program Files\??????) -- C:\Program Files\天気予報コム
(C:\Documents and Settings\All Users\??????) -- C:\Documents and Settings\All Users\デスクトップ
(C:\Documents and Settings\All Users\???? ????) -- C:\Documents and Settings\All Users\スタート メニュー
(C:\Documents and Settings\??\WINDOWS) -- C:\Documents and Settings\恭兵\WINDOWS
(C:\Documents and Settings\??\UserData) -- C:\Documents and Settings\恭兵\UserData
(C:\Documents and Settings\??\Templates) -- C:\Documents and Settings\恭兵\Templates
(C:\Documents and Settings\??\Shared) -- C:\Documents and Settings\恭兵\Shared
(C:\Documents and Settings\??\SendTo) -- C:\Documents and Settings\恭兵\SendTo
(C:\Documents and Settings\??\Recent) -- C:\Documents and Settings\恭兵\Recent
(C:\Documents and Settings\??\PrintHood) -- C:\Documents and Settings\恭兵\PrintHood
(C:\Documents and Settings\??\NetHood) -- C:\Documents and Settings\恭兵\NetHood
(C:\Documents and Settings\??\My Documents) -- C:\Documents and Settings\恭兵\My Documents
(C:\Documents and Settings\??\Local Settings\Application Data\WMTools Downloaded Files) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\WMTools Downloaded Files
(C:\Documents and Settings\??\Local Settings\Application Data\Temp) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Temp
(C:\Documents and Settings\??\Local Settings\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Mozilla
(C:\Documents and Settings\??\Local Settings\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Microsoft
(C:\Documents and Settings\??\Local Settings\Application Data\Identities) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Identities
(C:\Documents and Settings\??\Local Settings\Application Data\i4) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\i4
(C:\Documents and Settings\??\Local Settings\Application Data\HP) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\HP
(C:\Documents and Settings\??\Local Settings\Application Data\Help) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Help
(C:\Documents and Settings\??\Local Settings\Application Data\Google) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Google
(C:\Documents and Settings\??\Local Settings\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple Computer
(C:\Documents and Settings\??\Local Settings\Application Data\Apple) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Apple
(C:\Documents and Settings\??\Local Settings\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\Adobe
(C:\Documents and Settings\??\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}) -- C:\Documents and Settings\恭兵\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
(C:\Documents and Settings\??\Local Settings) -- C:\Documents and Settings\恭兵\Local Settings
(C:\Documents and Settings\??\Favorites) -- C:\Documents and Settings\恭兵\Favorites
(C:\Documents and Settings\??\Cookies) -- C:\Documents and Settings\恭兵\Cookies
(C:\Documents and Settings\??\Application Data\WinAntiVirus Pro 2006) -- C:\Documents and Settings\恭兵\Application Data\WinAntiVirus Pro 2006
(C:\Documents and Settings\??\Application Data\Trinity) -- C:\Documents and Settings\恭兵\Application Data\Trinity
(C:\Documents and Settings\??\Application Data\Super Mapple) -- C:\Documents and Settings\恭兵\Application Data\Super Mapple
(C:\Documents and Settings\??\Application Data\Sun) -- C:\Documents and Settings\恭兵\Application Data\Sun
(C:\Documents and Settings\??\Application Data\Sonic) -- C:\Documents and Settings\恭兵\Application Data\Sonic
(C:\Documents and Settings\??\Application Data\skypePM) -- C:\Documents and Settings\恭兵\Application Data\skypePM
(C:\Documents and Settings\??\Application Data\Skype) -- C:\Documents and Settings\恭兵\Application Data\Skype
(C:\Documents and Settings\??\Application Data\Search Settings) -- C:\Documents and Settings\恭兵\Application Data\Search Settings
(C:\Documents and Settings\??\Application Data\SDJukebox) -- C:\Documents and Settings\恭兵\Application Data\SDJukebox
(C:\Documents and Settings\??\Application Data\Real) -- C:\Documents and Settings\恭兵\Application Data\Real
(C:\Documents and Settings\??\Application Data\OpenOffice.org) -- C:\Documents and Settings\恭兵\Application Data\OpenOffice.org
(C:\Documents and Settings\??\Application Data\Mozilla) -- C:\Documents and Settings\恭兵\Application Data\Mozilla
(C:\Documents and Settings\??\Application Data\Microsoft) -- C:\Documents and Settings\恭兵\Application Data\Microsoft
(C:\Documents and Settings\??\Application Data\Macromedia) -- C:\Documents and Settings\恭兵\Application Data\Macromedia
(C:\Documents and Settings\??\Application Data\Leadertech) -- C:\Documents and Settings\恭兵\Application Data\Leadertech
(C:\Documents and Settings\??\Application Data\Lavasoft) -- C:\Documents and Settings\恭兵\Application Data\Lavasoft
(C:\Documents and Settings\??\Application Data\InterVideo) -- C:\Documents and Settings\恭兵\Application Data\InterVideo
(C:\Documents and Settings\??\Application Data\InstallShield) -- C:\Documents and Settings\恭兵\Application Data\InstallShield
(C:\Documents and Settings\??\Application Data\Identities) -- C:\Documents and Settings\恭兵\Application Data\Identities
(C:\Documents and Settings\??\Application Data\i4) -- C:\Documents and Settings\恭兵\Application Data\i4
(C:\Documents and Settings\??\Application Data\HPAppData) -- C:\Documents and Settings\恭兵\Application Data\HPAppData
(C:\Documents and Settings\??\Application Data\HP) -- C:\Documents and Settings\恭兵\Application Data\HP
(C:\Documents and Settings\??\Application Data\Help) -- C:\Documents and Settings\恭兵\Application Data\Help
(C:\Documents and Settings\??\Application Data\Hangame) -- C:\Documents and Settings\恭兵\Application Data\Hangame
(C:\Documents and Settings\??\Application Data\GRETECH JAPAN) -- C:\Documents and Settings\恭兵\Application Data\GRETECH JAPAN
(C:\Documents and Settings\??\Application Data\GRETECH) -- C:\Documents and Settings\恭兵\Application Data\GRETECH
(C:\Documents and Settings\??\Application Data\Google) -- C:\Documents and Settings\恭兵\Application Data\Google
(C:\Documents and Settings\??\Application Data\FreeIPODConverter) -- C:\Documents and Settings\恭兵\Application Data\FreeIPODConverter
(C:\Documents and Settings\??\Application Data\Fanfare) -- C:\Documents and Settings\恭兵\Application Data\Fanfare
(C:\Documents and Settings\??\Application Data\Dayz) -- C:\Documents and Settings\恭兵\Application Data\Dayz
(C:\Documents and Settings\??\Application Data\CravingExplorer) -- C:\Documents and Settings\恭兵\Application Data\CravingExplorer
(C:\Documents and Settings\??\Application Data\Cabos) -- C:\Documents and Settings\恭兵\Application Data\Cabos
(C:\Documents and Settings\??\Application Data\BDL+D) -- C:\Documents and Settings\恭兵\Application Data\BDL+D
(C:\Documents and Settings\??\Application Data\BANDISOFT) -- C:\Documents and Settings\恭兵\Application Data\BANDISOFT
(C:\Documents and Settings\??\Application Data\AVG7) -- C:\Documents and Settings\恭兵\Application Data\AVG7
(C:\Documents and Settings\??\Application Data\Apple Computer) -- C:\Documents and Settings\恭兵\Application Data\Apple Computer
(C:\Documents and Settings\??\Application Data\AdobeUM) -- C:\Documents and Settings\恭兵\Application Data\AdobeUM
(C:\Documents and Settings\??\Application Data\Adobe) -- C:\Documents and Settings\恭兵\Application Data\Adobe
(C:\Documents and Settings\??\Application Data) -- C:\Documents and Settings\恭兵\Application Data
(C:\Documents and Settings\??\??????) -- C:\Documents and Settings\恭兵\デスクトップ
(C:\Documents and Settings\??\???? ????) -- C:\Documents and Settings\恭兵\スタート メニュー

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B1147D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888EAF11
< End of report >



Thank you!
  • 0

Advertisements

#2
Cruise475
Posted 15 April 2010 - 09:42 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Greetings, johnakain. Welcome to GeeksToGo. My name is Cruise475 and I am here to help you with your malware troubles.

Before we get started, I would like to mention a few things :)
  • Please stick with your topic, a lack of symptoms does not mean a clean system!
  • Please follow my instructions step by step, if something does not work, or you get confused just ask for clarification :)
  • Please do not attach any logs unless I specifically ask for it, it makes it easier for us to check your logs! Just post them right into the topic. If it requires more than one post, feel free to spread them over multiple posts!
  • While we are working together, please do not run any tools without being directed to do so. Running some of our tools unsupervised can be very dangerous!
  • Lastly, You may find it beneficial to print my instructions, or save them to a text file. As some of my instructions may require you to reboot into safe mode :)

I will need to get a current look at your system, can you also please explain any issues you are currently having.


Step 1:
Please delete your current copy of GMER and download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.


Step 2:

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.


Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under custom scans copy and paste the following:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



Thanks
Cruise
  • 0

#3
johnakain
Posted 16 April 2010 - 07:49 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Heya, thanks for the help :)

When I run OTS from the desktop, I get an error after scanning saying "Directory does not exist". I'm thinking this is due to the computer being Japanese and having Japanese characters in the directory path. I was able to run OTS from a flash drive and it completed successfully; that log is attached.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 10:26:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\uxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF6A05320]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat CptPrtNT.sys (File System Copy Protect Driver/start alpha)
---- Processes - GMER 1.0.15 ----

Library C:\Documents (*** hidden *** ) @ C:\Documents [520] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3404] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3404] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [3768] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [3800] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\ControlSet001\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\ControlSet002\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@1394 \x30cd\x30c3\x30c8 \x30a2\x30c0\x30d7\x30bf 1?2?3?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@RAS 非同期\x30a2\x30c0\x30d7\x30bf 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@N0\x00b10A0E0 \0\x00b90\x00b10\x00b80a0u0e0 \0s0E0Y0u0E0 1?2?3?4?5?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (L2TP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPTP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (PPPOE) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@ov\x00a5cN0e0i0e0 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@WAN \x30df\x30cb\x30dd\x30fc\x30c8 (IP) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Microsoft TV/\x30d3\x30c7\x30aa接続 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares@\x00d70e0o0\x00bf0 CSCFlags=0?MaxUses=4294967295?Path=HP Photosmart C4400 series,LocalsplOnly?Permissions=0?Remark=HP Photosmart C4400 series?Type=1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{5dc5026e-9357-49a8-bf4b-83a46d2e63dc}@C0u0\x00bf0 \0\x00b90E0\x00a20^\'` 33
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0\16f\35g 49280
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0000y\16f\35g 16512
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0\x00b40\x00b70A0\x00af0 32896
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@-y3y \0000y\x00b40\x00b70A0\x00af0 128
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS \x30b4\x30b7\x30c3\x30af 41088
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@@MS P\x30b4\x30b7\x30c3\x30af 8320
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\CheckStatus@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\MaxDPI@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4400 series\HPWarningMsg\PhotoStacking@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\CheckStatus@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\MaxDPI@m`uQ 0x00 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\自動 HP Photosmart C4400 series (K1 上)\HPWarningMsg\PhotoStacking@m`uQ 0x00 0x00 0x00 0x00

---- EOF - GMER 1.0.15 ----
Attached File  OTS.Txt   242.59KB   161 downloads
  • 0

#4
Cruise475
Posted 16 April 2010 - 08:25 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi There,

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Lucy32.exe" -> [Lucy32.exe]
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{5D73EE86-05F1-49ed-B850-E423120EC338}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{5D73EE86-05F1-49ed-B850-E423120EC338}" [HKLM] -> [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\] > -> HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{5D73EE86-05F1-49ed-B850-E423120EC338}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {1DEA6922-E71F-4588-AFF4-EB4E5D2DF22D} [HKLM] -> http://202.177.209.7...ex/pbdgkick.cab [Pbdgkick Control]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> "{C60A0B68-1F3A-A1D2-C909-9A11A016D21A}" [HKLM] -> Reg Error: Key error. []
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{7240c354-7b9c-11da-8bde-00022daa280b} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7240c354-7b9c-11da-8bde-00022daa280b}\Shell\AutoRun\command ->
YN -> \{7240c354-7b9c-11da-8bde-00022daa280b}\Shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe]
[Files - No Company Name]
NY -> MBR.exe -> C:\WINDOWS\MBR.exe
NY -> zip.exe -> C:\WINDOWS\zip.exe
NY -> lame_enc.dll -> C:\WINDOWS\lame_enc.dll
NY -> bwsvc_event.dll -> C:\WINDOWS\System32\bwsvc_event.dll
NY -> APAIFILT.SYS -> C:\WINDOWS\System32\drivers\APAIFILT.SYS
NY -> bdmpegv.dll -> C:\WINDOWS\System32\bdmpegv.dll
NY -> ActiveSkin.INI -> C:\WINDOWS\ActiveSkin.INI
NY -> UN900503.INI -> C:\WINDOWS\UN900503.INI
NY -> UN900114.INI -> C:\WINDOWS\UN900114.INI
NY -> UN900120.INI -> C:\WINDOWS\UN900120.INI
NY -> mrsjs.ini -> C:\WINDOWS\mrsjs.ini
NY -> PanInstaller.dll -> C:\WINDOWS\System32\PanInstaller.dll
NY -> FirstLoad.dll -> C:\WINDOWS\System32\FirstLoad.dll
NY -> liveup.ini -> C:\WINDOWS\liveup.ini
NY -> cdplayer.ini -> C:\WINDOWS\cdplayer.ini
NY -> WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI
NY -> GurusenInstall.dll -> C:\WINDOWS\System32\GurusenInstall.dll
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.


Please let me know if anything has changed with your computer!

Thanks
Cruise
  • 0

#5
johnakain
Posted 16 April 2010 - 11:03 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Heya again, thanks for the quick reply. I don't seem to be able to connect to the internet using IE but Firefox is working okay. And I noticed Search Settings 1.2.3 is still listed on the add/remove programs list. Here's the log:

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lucy32.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5D73EE86-05F1-49ed-B850-E423120EC338} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D73EE86-05F1-49ed-B850-E423120EC338}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5D73EE86-05F1-49ed-B850-E423120EC338} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D73EE86-05F1-49ed-B850-E423120EC338}\ not found.
Registry value HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry value HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381F73A9-29D0-45B6-88D7-F82C4BCED5D3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{5D73EE86-05F1-49ed-B850-E423120EC338} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D73EE86-05F1-49ed-B850-E423120EC338}\ not found.
Registry value HKEY_USERS\S-1-5-21-1344738459-2530014499-3104361729-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Starting removal of ActiveX control {1DEA6922-E71F-4588-AFF4-EB4E5D2DF22D}
C:\WINDOWS\Downloaded Program Files\pbdgkick.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DEA6922-E71F-4588-AFF4-EB4E5D2DF22D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C60A0B68-1F3A-A1D2-C909-9A11A016D21A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C60A0B68-1F3A-A1D2-C909-9A11A016D21A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7240c354-7b9c-11da-8bde-00022daa280b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7240c354-7b9c-11da-8bde-00022daa280b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7240c354-7b9c-11da-8bde-00022daa280b}\Shell\AutoRun\command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7240c354-7b9c-11da-8bde-00022daa280b}\Shell\AutoRun\command not found.
[Files - No Company Name]
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\lame_enc.dll
C:\WINDOWS\lame_enc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bwsvc_event.dll
C:\WINDOWS\System32\bwsvc_event.dll moved successfully.
C:\WINDOWS\System32\drivers\APAIFILT.SYS moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bdmpegv.dll
C:\WINDOWS\System32\bdmpegv.dll moved successfully.
C:\WINDOWS\ActiveSkin.INI moved successfully.
C:\WINDOWS\UN900503.INI moved successfully.
C:\WINDOWS\UN900114.INI moved successfully.
C:\WINDOWS\UN900120.INI moved successfully.
C:\WINDOWS\mrsjs.ini moved successfully.
C:\WINDOWS\System32\PanInstaller.dll moved successfully.
C:\WINDOWS\System32\FirstLoad.dll moved successfully.
C:\WINDOWS\liveup.ini moved successfully.
C:\WINDOWS\cdplayer.ini moved successfully.
C:\WINDOWS\WORDPAD.INI moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\GurusenInstall.dll
C:\WINDOWS\System32\GurusenInstall.dll moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pc
->Temp folder emptied: 130580 bytes
->Temporary Internet Files folder emptied: 19091309 bytes
->FireFox cache emptied: 86182051 bytes
->Flash cache emptied: 14588 bytes

User: 恭兵

User: 恭兵
->Temp folder emptied: 200 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25604289 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 638 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151052 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 293376 bytes

Total Files Cleaned = 126.00 mb

Restore point Set: OTS Restore Point (64424509440)
< End of fix log >
OTS by OldTimer - Version 3.1.28.1 fix logfile created on 04172010_134636

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by johnakain, 16 April 2010 - 11:08 PM.

  • 0

#6
Cruise475
Posted 17 April 2010 - 01:26 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi There,

Can you give me another OTS Scan please :)

Thanks
Cruise
  • 0

#7
johnakain
Posted 17 April 2010 - 03:33 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi There,

Can you give me another OTS Scan please :)

Thanks
Cruise


Heya. Using default settings or the settings you gave earlier? Thanks.
  • 0

#8
Cruise475
Posted 17 April 2010 - 04:09 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hey,

The same settings would be fine.

~Cruise
  • 0

#9
johnakain
Posted 17 April 2010 - 04:29 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here's a log using the above settingsAttached File  OTS.Txt   218.77KB   187 downloads
  • 0

#10
Cruise475
Posted 17 April 2010 - 05:00 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi There,

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.



Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Processes - Safe List]
YY -> applicationupdater.exe -> C:\Program Files\Application Updater\ApplicationUpdater.exe
[Win32 Services - Safe List]
YY -> (Application Updater) Application Updater [Auto | Running] -> C:\Program Files\Application Updater\ApplicationUpdater.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://search.jword....g={SUB_RFC1766}
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Extensions [Program Folders] > ->
YN -> Hosts file not found ->
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SearchSettings" -> C:\Program Files\Search Settings\SearchSettings.exe [C:\Program Files\Search Settings\SearchSettings.exe]
[Files/Folders - Created Within 30 Days]
NY -> eiunin21.exe -> C:\WINDOWS\eiunin21.exe
[Purity]
[Empty Temp Folders]
[CreateRestorePoint]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Also, Please let me know of how things are running after this fix.

Thanks
Cruise
  • 0

Advertisements

#11
johnakain
Posted 17 April 2010 - 05:26 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Heya again. As far as I can tell, everything seems to be okay. Everything runs fine and there are no popups or errors that appear. We'll get started on changing passwords on another computer ASAP. Here's the latest OTS log:

All Processes Killed
[Processes - Safe List]
No active process named applicationupdater.exe was found!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
[Win32 Services - Safe List]
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
File C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\eiunin21.exe moved successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pc
->Temp folder emptied: 2939 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: 恭兵

User: 恭兵
->Temp folder emptied: 261 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1785590 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16660 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

Restore point Set: OTS Restore Point (64424509440)
< End of fix log >
OTS by OldTimer - Version 3.1.28.1 fix logfile created on 04182010_081048

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#12
johnakain
Posted 17 April 2010 - 05:38 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Actually it appears that IE is not able to connect to the internet. Firefox on the same user account is able to run and IE on the guest account is able to run. It's just on the main account where it has problems.
  • 0

#13
Cruise475
Posted 17 April 2010 - 07:36 PM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi There,

I want to make sure nothing is still lurking, then we will tackle the Internet Explorer Issue (if its not malware related).

What version of IE are you running?


Step 1:
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 2:
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Thanks
Cruise
  • 0

#14
johnakain
Posted 17 April 2010 - 11:11 PM

johnakain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The version installed is IE6. The only reason I bring it up is because it won't run Windows Update. I suppose I could try installing IE8 over it to see if that would do anything.

As far as Kaspersky goes, I'm having problems getting it to finish updating. Most of the time it comes back with an error: 0 [ERROR; File operation failure]
  • 0

#15
Cruise475
Posted 18 April 2010 - 08:50 AM

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi,

See how this one works,

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



~Cruise
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP