1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Firefox Google/Yahoo searches redirecting plus random pop-ups

Discussion in 'Malware and Virus Removal Archive' started by Celmak1, 2010/11/19.

Page 1 of 2
  1. 2010/11/19
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    [Resolved] Firefox Google/Yahoo searches redirecting plus random pop-ups

    Hello there,
    Beginning yesterday (Nov 18), google and yahoo searches in all my browsers (firefox and IE8) have been redirecting to unrelated sites that automatically open in new tabs. After closing the first tab, second click on same link has always been successful. I have also noticed that non-english characters appeared distorted/misspelled in google search results in firefox. Furthermore, random pop-up windows (not taps) are appearing more and more frequently.

    I am posting all 5 logs as instructed.

    Please help:)

    LOG-1: Malwarebytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/19/2010 9:34:53 AM
    mbam-log-2010-11-19 (09-34-53).txt

    Scan type: Quick scan
    Objects scanned: 128594
    Time elapsed: 10 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    LOG-2: GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-19 10:50:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH_PL rev.00000029
    Running: 68c1o9vk.exe; Driver: C:\DOCUME~1\CEMTHE~1\LOCALS~1\Temp\fgtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 82D7F8E0 ZwConnectPort

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7AFBEBF]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1708] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
    Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----

    LOG-3: MBRCheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 164):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF8AC3000 \WINDOWS\system32\KDCOM.DLL
    0xF89D3000 \WINDOWS\system32\BOOTVID.dll
    0xF8574000 ACPI.sys
    0xF8AC5000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF8563000 pci.sys
    0xF85C3000 isapnp.sys
    0xF85D3000 ohci1394.sys
    0xF85E3000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF89D7000 compbatt.sys
    0xF89DB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF8B8B000 pciide.sys
    0xF8843000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8545000 pcmcia.sys
    0xF85F3000 MountMgr.sys
    0xF8526000 ftdisk.sys
    0xF8AC7000 dmload.sys
    0xF8500000 dmio.sys
    0xF89DF000 ACPIEC.sys
    0xF8B8C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF884B000 PartMgr.sys
    0xF8603000 VolSnap.sys
    0xF84E8000 atapi.sys
    0xF84B6000 KR10N.sys
    0xF849E000 \WINDOWS\system32\drivers\SCSIPORT.SYS
    0xF8613000 disk.sys
    0xF8623000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF847E000 fltmgr.sys
    0xF846C000 sr.sys
    0xF8456000 DRVMCDB.SYS
    0xF8633000 PxHelp20.sys
    0xF843F000 KSecDD.sys
    0xF842C000 WudfPf.sys
    0xF839F000 Ntfs.sys
    0xF8372000 NDIS.sys
    0xF8358000 Mup.sys
    0xF8653000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF8803000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8A93000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7B5F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF7B4B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7B23000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF88FB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF7AFF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8903000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7AD7000 \SystemRoot\system32\drivers\tifm21.sys
    0xF7AC3000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF8813000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF890B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7A8A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF8AE1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF891B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8823000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8923000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF8A97000 \SystemRoot\system32\drivers\pfc.sys
    0xF8AE3000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xF8833000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8663000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7A67000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF8C10000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF86C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8ABB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF7A50000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF86D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF86E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF89AB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7A3F000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF86F3000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF89B3000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF89BB000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7A0F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF8703000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8AED000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF79B1000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8303000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF82FF000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
    0xF8AEF000 \SystemRoot\system32\DRIVERS\NBSMI.sys
    0xF8713000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA3B3000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xAA38F000 \SystemRoot\system32\drivers\portcls.sys
    0xF8743000 \SystemRoot\system32\drivers\drmk.sys
    0xF8753000 \SystemRoot\system32\DRIVERS\Tvs.sys
    0xF8853000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
    0xF887B000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
    0xF8763000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
    0xAA27C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF8883000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF87B3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xAA227000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
    0xAA20A000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
    0xAA1CE000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    0xF79A5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF87F3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF88BB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF8B3F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF88CB000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
    0xF7EE3000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF8C62000 \SystemRoot\System32\Drivers\Null.SYS
    0xA9F51000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF8B59000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7CAE000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF88DB000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xF88E3000 \SystemRoot\system32\DRIVERS\point32.sys
    0xF88EB000 \SystemRoot\System32\drivers\vga.sys
    0xF8B5F000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8B61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA9F18000 \SystemRoot\System32\Drivers\meiudf.sys
    0xA9F07000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xF892B000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF8933000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF8A77000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9EF4000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA9E9B000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA9E5B000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xA9E35000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7EB3000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA9E0D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA9DEB000 \SystemRoot\System32\drivers\afd.sys
    0xF7EA3000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF7E93000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA9DC0000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9D28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7E83000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA9CCA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xA9CB2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF8B6D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF79A1000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF893B000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8D16000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9FFC000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xF8C9A000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xA9B5C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xA9BE6000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xF8B03000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xF899B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xA9B44000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xA9B2E000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xF8993000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA9B0E000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA9AC6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9ABE000 \SystemRoot\system32\DRIVERS\netdevio.sys
    0xA9629000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA95EC000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA97C6000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA92DB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA93D4000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xA9193000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA9B8A000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xA8726000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
    0xA8585000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101118.002\navex15.sys
    0xA8571000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101118.002\naveng.sys
    0xA9766000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA990A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA8360000 \??\C:\DOCUME~1\CEMTHE~1\LOCALS~1\Temp\fgtdqpow.sys
    0xA8335000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    428 C:\WINDOWS\system32\smss.exe
    488 csrss.exe
    516 C:\WINDOWS\system32\winlogon.exe
    560 C:\WINDOWS\system32\services.exe
    572 C:\WINDOWS\system32\lsass.exe
    748 C:\WINDOWS\system32\svchost.exe
    828 svchost.exe
    868 C:\WINDOWS\system32\svchost.exe
    912 C:\WINDOWS\system32\svchost.exe
    1052 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1188 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1224 C:\WINDOWS\explorer.exe
    1276 svchost.exe
    1300 svchost.exe
    1416 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    1456 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    1584 C:\WINDOWS\system32\spoolsv.exe
    1656 svchost.exe
    1812 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    1832 C:\Program Files\Symantec AntiVirus\DefWatch.exe
    1856 C:\WINDOWS\system32\DVDRAMSV.exe
    1876 C:\WINDOWS\ehome\ehrecvr.exe
    1896 C:\WINDOWS\ehome\ehSched.exe
    184 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    344 svchost.exe
    396 C:\WINDOWS\system32\svchost.exe
    464 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    756 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    896 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    1040 mcrdsvc.exe
    1708 C:\WINDOWS\system32\searchindexer.exe
    2660 C:\WINDOWS\system32\dllhost.exe
    2712 alg.exe
    3156 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    3168 C:\WINDOWS\system32\TDispVol.exe
    3204 C:\WINDOWS\system32\hkcmd.exe
    3220 C:\WINDOWS\system32\igfxpers.exe
    3236 C:\WINDOWS\ehome\ehtray.exe
    3260 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    3332 C:\WINDOWS\ehome\ehmsas.exe
    3380 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3388 C:\WINDOWS\agrsmmsg.exe
    3400 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    3492 C:\WINDOWS\system32\TPSMain.exe
    3504 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    3512 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3540 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    3544 C:\WINDOWS\system32\TPSBattM.exe
    3584 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    3700 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3724 C:\PROGRA~1\SYMANT~1\VPTray.exe
    3776 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3852 C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
    3872 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    3892 C:\WINDOWS\system32\ctfmon.exe
    4080 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    152 C:\WINDOWS\system32\RAMASST.exe
    340 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    3372 C:\WINDOWS\system32\wscntfy.exe
    3008 C:\WINDOWS\system32\searchprotocolhost.exe
    2132 searchfilterhost.exe
    3424 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    3268 C:\Documents and Settings\Cem the Greywolf\Desktop\Fix\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2080BHPL, Rev: 00000029

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


    Done!

    LOG-4: DDS


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Cem the Greywolf at 10:54:51.82 on Fri 11/19/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.86 [GMT 0:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\dla\DLACTRLW.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Cem the Greywolf\Desktop\Fix\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = hxxp://www.toshiba.com/search
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [TFncKy] TFncKy.exe
    mRun: [TDispVol] TDispVol.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - hxxp://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157673358311
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254596490216
    DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\cemthe~1\applic~1\mozilla\firefox\profiles\rvlbc31j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.lse.ac.uk/
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-5 324232]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-5 53896]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-24 1715904]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101118.002\naveng.sys [2010-11-18 86064]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101118.002\navex15.sys [2010-11-18 1371184]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-31 136176]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-24 124608]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-11-1 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-11-1 398720]

    =============== Created Last 30 ================

    2010-11-19 02:22:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-19 02:21:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-19 02:21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-18 23:11:03 -------- d-----w- c:\docume~1\cemthe~1\applic~1\Malwarebytes
    2010-11-18 23:10:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-01 22:57:20 -------- d-----w- c:\windows\VMUVC
    2010-11-01 22:56:51 73728 ----a-w- c:\windows\system32\exvmuvc.ax
    2010-11-01 22:56:50 252416 ----a-w- c:\windows\system32\drivers\VMUVC.sys
    2010-11-01 22:56:49 188416 ----a-w- c:\windows\system32\vvftUVC.ax
    2010-11-01 22:56:46 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
    2010-11-01 22:56:44 516096 ----a-w- c:\windows\system32\VMUVC.ax
    2010-11-01 22:56:43 98304 ----a-w- c:\windows\system32\VMCtrl.ax
    2010-11-01 22:56:43 11776 ----a-w- c:\windows\system32\VMUVC.dll
    2010-11-01 22:56:42 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
    2010-11-01 22:56:03 -------- d-----w- c:\program files\Vimicro Corporation
    2010-11-01 22:50:18 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2010-11-01 22:50:18 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2010-11-01 22:50:12 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2010-11-01 22:50:12 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2010-11-01 22:50:09 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
    2010-11-01 22:50:09 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2010-11-01 22:50:08 16384 ----a-w- c:\windows\system32\ipsink.ax
    2010-11-01 22:50:06 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
    2010-11-01 22:50:06 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2010-11-01 22:50:02 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-11-01 22:50:02 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2010-11-01 22:49:56 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2010-11-01 22:49:56 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2010-11-01 22:49:47 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
    2010-11-01 22:49:47 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2010-11-01 22:49:31 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-11-01 22:49:31 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-11-01 22:49:31 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-11-01 22:49:31 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-11-01 22:49:31 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-11-01 22:49:31 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-11-01 22:49:22 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-11-01 22:49:22 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-10-31 01:00:19 -------- d-----w- c:\docume~1\cemthe~1\locals~1\applic~1\Temp

    ==================== Find3M ====================

    2010-09-18 09:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

    ============= FINISH: 10:56:41.07 ===============

    LOG-5: Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/7/2006 11:21:00 PM
    System Uptime: 11/19/2010 9:15:28 AM (1 hours ago)

    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U1 | 1862/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 44.864 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Service: w39n51

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02\4&6B16D5B&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_FF101179&REV_02\4&6B16D5B&0&40F0
    Service: E100B

    ==== System Restore Points ===================

    RP649: 8/16/2010 9:29:12 PM - System Checkpoint
    RP650: 8/18/2010 8:11:24 PM - System Checkpoint
    RP651: 8/20/2010 12:14:00 PM - Installed Stronghold 2 Deluxe
    RP652: 8/22/2010 4:08:51 PM - System Checkpoint
    RP653: 8/23/2010 10:06:58 PM - Installed DirectX
    RP654: 8/23/2010 10:10:14 PM - Removed Stronghold 2 Deluxe
    RP655: 8/25/2010 4:42:07 PM - System Checkpoint
    RP656: 8/27/2010 9:37:54 PM - System Checkpoint
    RP657: 8/29/2010 2:38:12 PM - System Checkpoint
    RP658: 8/30/2010 8:02:22 PM - System Checkpoint
    RP659: 9/1/2010 5:29:05 AM - System Checkpoint
    RP660: 9/2/2010 9:05:37 PM - Software Distribution Service 3.0
    RP661: 9/3/2010 10:13:15 PM - System Checkpoint
    RP662: 9/4/2010 10:21:00 PM - System Checkpoint
    RP663: 9/6/2010 12:13:19 PM - System Checkpoint
    RP664: 9/7/2010 2:06:38 PM - System Checkpoint
    RP665: 9/9/2010 1:11:39 AM - System Checkpoint
    RP666: 9/10/2010 10:43:49 PM - System Checkpoint
    RP667: 9/13/2010 11:14:23 AM - System Checkpoint
    RP668: 9/15/2010 7:51:10 PM - Software Distribution Service 3.0
    RP669: 9/17/2010 10:07:17 AM - System Checkpoint
    RP670: 9/18/2010 10:40:10 AM - System Checkpoint
    RP671: 9/19/2010 7:33:37 PM - System Checkpoint
    RP672: 9/22/2010 10:30:15 AM - System Checkpoint
    RP673: 9/23/2010 12:20:01 PM - System Checkpoint
    RP674: 9/24/2010 12:50:15 PM - System Checkpoint
    RP675: 9/25/2010 2:44:18 PM - System Checkpoint
    RP676: 9/27/2010 3:40:01 PM - System Checkpoint
    RP677: 9/29/2010 12:08:26 AM - Software Distribution Service 3.0
    RP678: 9/30/2010 1:22:01 PM - System Checkpoint
    RP679: 10/4/2010 2:47:26 PM - System Checkpoint
    RP680: 10/5/2010 11:20:19 PM - System Checkpoint
    RP681: 10/6/2010 11:12:48 AM - Software Distribution Service 3.0
    RP682: 10/8/2010 12:32:59 AM - System Checkpoint
    RP683: 10/9/2010 2:23:40 AM - System Checkpoint
    RP684: 10/10/2010 12:26:52 PM - System Checkpoint
    RP685: 10/11/2010 11:44:49 PM - System Checkpoint
    RP686: 10/13/2010 3:52:43 PM - System Checkpoint
    RP687: 10/14/2010 1:00:26 AM - Software Distribution Service 3.0
    RP688: 10/14/2010 8:31:03 PM - Software Distribution Service 3.0
    RP689: 10/15/2010 1:00:43 AM - Software Distribution Service 3.0
    RP690: 10/16/2010 7:26:47 PM - System Checkpoint
    RP691: 10/18/2010 7:19:29 PM - System Checkpoint
    RP692: 10/20/2010 11:46:44 AM - System Checkpoint
    RP693: 10/21/2010 6:17:42 PM - System Checkpoint
    RP694: 10/25/2010 6:50:15 PM - System Checkpoint
    RP695: 10/27/2010 7:31:59 PM - System Checkpoint
    RP696: 10/29/2010 6:39:45 PM - System Checkpoint
    RP697: 10/31/2010 6:11:01 PM - System Checkpoint
    RP698: 11/1/2010 9:13:08 PM - System Checkpoint
    RP699: 11/1/2010 10:55:59 PM - Installed Vimicro USB2.0 UVC PC Camera
    RP700: 11/2/2010 3:01:03 AM - Software Distribution Service 3.0
    RP701: 11/3/2010 8:49:50 PM - System Checkpoint
    RP702: 11/4/2010 10:22:13 PM - System Checkpoint
    RP703: 11/6/2010 3:29:07 PM - System Checkpoint
    RP704: 11/10/2010 8:49:08 PM - System Checkpoint
    RP705: 11/11/2010 3:01:15 AM - Software Distribution Service 3.0
    RP706: 11/12/2010 2:18:57 PM - System Checkpoint
    RP707: 11/13/2010 5:21:51 PM - System Checkpoint
    RP708: 11/15/2010 9:32:02 PM - System Checkpoint
    RP709: 11/17/2010 6:24:05 PM - System Checkpoint
    RP710: 11/19/2010 1:06:59 AM - Removed Adobe® Photoshop® Album Starter Edition 3.0

    ==== Installed Programs ======================

    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.9
    Age of Mythology Gold
    AutoUpdate
    Bluetooth Stack for Windows by Toshiba
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DVD-RAM Driver
    EAX Unified
    ESPNMotion
    Full Tilt Poker
    GemMaster Mystic
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 4
    LiveUpdate 2.6 (Symantec Corporation)
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Rise Of Nations
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    mIWA
    mLogView
    mMHouse
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6.12)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MSXML4 Parser
    mWlsSafe
    mXML
    mZConfig
    Office 2003 Trial Assistant
    Otto
    Realtek High Definition Audio Driver
    Rise of Nations Thrones and Patriots
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype Toolbars
    Skypeâ„¢ 5.0
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Symantec AntiVirus
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Vimicro USB2.0 UVC PC Camera
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    11/19/2010 9:53:11 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    11/19/2010 9:11:57 AM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:56 AM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:56 AM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:56 AM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:56 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:56 AM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:55 AM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:55 AM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:54 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 9:11:54 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    11/18/2010 4:56:57 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/14/2010 11:13:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

    ==== End Of File ===========================
     
    Celmak1,
    #1
  2. 2010/11/19
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/11/19
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Thanks for the heads up :)
    I just want to add something i missed in my first post. Malwarebytes did not allow me to update. The reported error is "MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest).
     
    Celmak1,
    #3
  5. 2010/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Hello Broni,
    Thank you for your help :) Here is the combo fix log file you requested. Interestingly, redirecting in google has stopped but i am still experiencing redirecting problems with yahoo search and pop ups are still present.


    ComboFix 10-11-19.01 - Cem the Greywolf 11/20/2010 11:46:57.1.1 - x86
    Running from: c:\documents and settings\Cem the Greywolf\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Cem the Greywolf\Application Data\Ulbotu
    c:\documents and settings\Cem the Greywolf\Application Data\Ulbotu\pezu.exe
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
    .

    2010-11-19 02:22 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-19 02:21 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-19 02:21 . 2010-11-19 02:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-19 01:06 . 2010-11-19 01:06 -------- d-----w- c:\documents and settings\Cem the Greywolf\Application Data\Leadertech
    2010-11-18 23:11 . 2010-11-18 23:11 -------- d-----w- c:\documents and settings\Cem the Greywolf\Application Data\Malwarebytes
    2010-11-18 23:10 . 2010-11-18 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-01 22:57 . 2010-11-01 22:57 -------- d-----w- c:\windows\VMUVC
    2010-11-01 22:56 . 2007-04-12 22:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
    2010-11-01 22:56 . 2009-05-25 17:31 252416 ----a-w- c:\windows\system32\drivers\VMUVC.sys
    2010-11-01 22:56 . 2008-07-01 11:16 188416 ----a-w- c:\windows\system32\vvftUVC.ax
    2010-11-01 22:56 . 2008-09-02 17:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
    2010-11-01 22:56 . 2009-04-29 16:01 516096 ----a-w- c:\windows\system32\VMUVC.ax
    2010-11-01 22:56 . 2008-09-18 16:28 98304 ----a-w- c:\windows\system32\VMCtrl.ax
    2010-11-01 22:56 . 2008-02-29 10:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
    2010-11-01 22:56 . 2008-07-01 11:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
    2010-11-01 22:56 . 2010-11-01 22:56 -------- d-----w- c:\program files\Vimicro Corporation
    2010-11-01 22:55 . 2010-11-01 22:55 -------- d-----w- c:\documents and settings\Cem the Greywolf\Application Data\InstallShield
    2010-11-01 22:50 . 2008-04-13 19:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2010-11-01 22:50 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2010-11-01 22:50 . 2008-04-13 19:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2010-11-01 22:50 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2010-11-01 22:50 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
    2010-11-01 22:50 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2010-11-01 22:50 . 2008-04-14 01:12 16384 ----a-w- c:\windows\system32\ipsink.ax
    2010-11-01 22:50 . 2008-04-13 19:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
    2010-11-01 22:50 . 2008-04-13 19:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2010-11-01 22:50 . 2008-04-13 19:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2010-11-01 22:50 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2010-11-01 22:49 . 2008-04-13 19:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2010-11-01 22:49 . 2008-04-13 19:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2010-11-01 22:49 . 2008-04-13 19:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
    2010-11-01 22:49 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2010-11-01 22:49 . 2008-04-14 01:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2010-11-01 22:49 . 2008-04-14 01:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2010-11-01 22:49 . 2008-04-14 01:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2010-11-01 22:49 . 2008-04-14 01:12 20992 ----a-w- c:\windows\system32\dshowext.ax
    2010-11-01 22:49 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2010-11-01 22:49 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2010-11-01 22:49 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-11-01 22:49 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-10-31 01:05 . 2010-10-31 01:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-10-31 01:00 . 2010-10-31 02:05 -------- d-----w- c:\documents and settings\Cem the Greywolf\Local Settings\Application Data\Temp
    2010-10-31 01:00 . 2010-10-31 01:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-10-31 00:56 . 2010-10-31 00:56 -------- d-----w- c:\program files\Common Files\Skype

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 09:23 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2006-02-15 14:03 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-02-15 14:03 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-02-15 14:03 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2006-02-15 14:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-02-15 14:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-02-15 14:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2006-02-15 14:02 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-02-15 14:04 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2006-02-15 14:04 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2006-02-15 14:04 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-15 04:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2006-02-15 14:02 617472 ----a-w- c:\windows\system32\comctl32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe "= "CFSServ.exe -NoClient" [X]
    "TFncKy "= "TFncKy.exe" [BU]
    "TDispVol "= "TDispVol.exe" [2005-03-11 73728]
    "igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "THotkey "= "c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
    "SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]
    "AGRSMMSG "= "AGRSMMSG.exe" [2005-10-15 88203]
    "Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
    "TPSMain "= "TPSMain.exe" [2005-06-01 282624]
    "SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
    "dla "= "c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
    "Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
    "vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "VMonitorVMUVC "= "c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD "=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/31/2010 1:00 AM 136176]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11/1/2010 10:56 PM 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11/1/2010 10:56 PM 398720]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - EraserUtilDrvI10
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 00:59]

    2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 00:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
    FF - ProfilePath - c:\documents and settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.lse.ac.uk/
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-{5BB16A31-C3D6-D79F-EE1F-24CF40241B47} - c:\documents and settings\Cem the Greywolf\Application Data\Ulbotu\pezu.exe
    HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
    HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-20 11:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-11-20 12:05:21
    ComboFix-quarantined-files.txt 2010-11-20 12:04

    Pre-Run: 48,008,519,680 bytes free
    Post-Run: 47,967,186,944 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 502428768B7E64D583639381DA0DBD9B
     
    Celmak1,
    #5
  7. 2010/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks good :)
    We'll keep checking....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #6
  8. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    hi broni,
    i am trying to download OTL but the speed is awful (425 bytes/sec). Do you have an alternative route for downloading OTL? should i check out OTL links in your other posts?
     
    Celmak1,
    #7
  9. 2010/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #8
  10. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Broni,
    thanks once more but it says :[#10869] You do not have access to this section of the site. Should i register and download it?
     
    Celmak1,
    #9
  11. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    Broni it is done:) i registered and downloaded otl. Log is coming soon:)
     
    Celmak1,
    #10
  12. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    LOG No.1 OTL.txt


    OTL logfile created on: 11/20/2010 8:53:25 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Cem the Greywolf\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 31.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.28 Gb Total Space | 44.69 Gb Free Space | 60.17% Space Free | Partition Type: NTFS

    Computer Name: CEM | User Name: Cem the Greywolf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/20 19:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2005/11/28 18:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/11/28 18:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/11/28 18:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/06/24 02:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2005/06/24 02:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2005/06/02 16:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2005/06/02 16:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/08/28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
    PRC - [2002/08/21 10:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2005/12/20 19:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2005/11/28 18:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/11/28 18:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/11/28 18:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/07/13 01:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2005/06/24 02:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2005/06/24 02:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2005/06/24 02:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2005/06/02 16:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2005/06/02 16:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2005/06/02 16:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/04/22 19:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/03/31 04:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/08/28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\CEMTHE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/18 08:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101119.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/18 08:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101119.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
    DRV - [2008/08/14 10:01:06 | 000,231,424 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
    DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005/12/10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/12/04 17:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/30 19:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
    DRV - [2005/11/30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/11/28 19:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/11/15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/10/20 22:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
    DRV - [2005/10/06 13:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/10/06 13:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/10/06 13:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/10/06 13:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/10/06 13:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/10/06 13:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/10/06 13:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/14 10:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2005/09/12 11:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/09 22:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/08/25 20:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 20:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/24 23:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
    DRV - [2005/08/12 13:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/06/02 11:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005/05/14 02:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/04/22 19:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/22 19:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/03/31 04:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/02/05 03:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/02/05 03:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2005/01/12 08:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
    DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2003/01/10 20:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.lse.ac.uk/ "
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 04:54:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 00:59:04 | 000,000,000 | ---D | M]

    [2008/08/26 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Extensions
    [2010/11/20 17:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions
    [2010/09/20 11:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/08/26 19:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions\moveplayer@movenetworks.com
    [2010/11/20 17:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/31 00:59:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    O1 HOSTS File: ([2010/11/20 11:59:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CFSServ.exe] File not found
    O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll (IEPlayInterface Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157673358311 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254596490216 (MUWebControl Class)
    O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///D:/win/setup/iamce.dll (IAMCE Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.138 213.109.75.31
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/02/15 15:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/20 20:52:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    [2010/11/20 12:09:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/20 12:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/20 11:37:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/20 11:34:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/20 11:34:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/20 11:34:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/20 11:34:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/20 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/20 11:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/19 02:22:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/19 02:21:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/19 02:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/19 02:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Desktop\Fix
    [2010/11/19 01:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Leadertech
    [2010/11/18 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Malwarebytes
    [2010/11/18 23:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/01 22:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\VMUVC
    [2010/11/01 22:56:51 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\exvmuvc.ax
    [2010/11/01 22:56:50 | 000,252,416 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\VMUVC.sys
    [2010/11/01 22:56:49 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\vvftUVC.ax
    [2010/11/01 22:56:46 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\WINDOWS\System32\VvFtCtrl.dll
    [2010/11/01 22:56:44 | 000,516,096 | ---- | C] (vimicro) -- C:\WINDOWS\System32\VMUVC.ax
    [2010/11/01 22:56:43 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMCtrl.ax
    [2010/11/01 22:56:43 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMUVC.dll
    [2010/11/01 22:56:42 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\vvftUVC.sys
    [2010/11/01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
    [2010/11/01 22:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\InstallShield
    [2010/10/31 01:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/10/31 01:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Temp
    [2010/10/31 01:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/10/31 00:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/10/28 14:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Desktop\GLEE
    [2006/02/15 16:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/20 20:49:10 | 000,569,857 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.zip
    [2010/11/20 20:11:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/20 11:59:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/20 11:45:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/20 11:44:16 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/20 11:43:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/20 11:43:31 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/20 11:38:03 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/11/20 03:14:11 | 003,912,337 | R--- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\ComboFix.exe
    [2010/11/19 23:27:08 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2010/11/19 02:10:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    [2010/11/12 03:11:00 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/05 01:32:03 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\amcap.lnk
    [2010/11/04 04:39:36 | 000,048,638 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Dec Ankara Trip.pdf
    [2010/10/31 01:07:53 | 000,464,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/31 01:07:53 | 000,079,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Folder.jpg
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Large.jpg
    [2010/10/26 20:44:33 | 000,002,739 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Small.jpg
    [2010/10/26 20:44:32 | 000,002,739 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArtSmall.jpg

    ========== Files Created - No Company Name ==========

    [2010/11/20 20:49:07 | 000,569,857 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.zip
    [2010/11/20 11:38:03 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/11/20 11:37:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/20 11:34:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/20 11:34:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/20 11:34:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/20 11:34:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/20 11:34:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/20 03:14:11 | 003,912,337 | R--- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\ComboFix.exe
    [2010/11/05 01:32:03 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\amcap.lnk
    [2010/11/04 04:39:36 | 000,048,638 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Dec Ankara Trip.pdf
    [2010/10/31 01:00:11 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/31 01:00:09 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/31 00:56:06 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Large.jpg
    [2010/10/26 20:44:33 | 000,002,739 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Small.jpg
    [2010/10/26 19:14:35 | 000,009,988 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Folder.jpg
    [2010/10/26 19:14:35 | 000,002,739 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArtSmall.jpg
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/01/26 01:19:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/12/12 16:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/11/02 07:19:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/10/15 03:08:21 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
    [2006/09/28 23:23:50 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2006/09/28 23:23:50 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2006/09/28 23:23:50 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2006/09/27 05:51:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
    [2006/09/26 05:53:31 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/09/16 02:32:15 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/16 02:29:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/09/08 03:42:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2006/09/07 22:26:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/09/07 22:22:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\fusioncache.dat
    [2006/06/06 03:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/02/25 04:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
    [2006/02/16 15:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
    [2006/02/16 09:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/02/16 09:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/02/16 09:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/02/16 09:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/02/16 09:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/02/16 09:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/02/16 09:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/02/15 16:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
    [2006/02/15 16:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
    [2006/02/15 16:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006/02/15 16:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006/02/15 16:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006/02/15 16:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006/02/15 16:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006/02/15 16:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
    [2006/02/15 16:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/02/15 15:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/15 15:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/02/15 14:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/02/15 07:30:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/11/29 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/09/02 22:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/08/24 23:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
    [2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/07/23 05:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/21 01:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 22:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/01/07 20:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2006/02/17 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2008/07/01 16:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metaboli Player
    [2006/09/08 04:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\InterVideo
    [2010/11/20 11:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Kaesh
    [2010/11/19 01:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Leadertech
    [2010/08/23 21:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mount&Blade
    [2006/02/16 09:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\toshiba
    [2009/01/29 10:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Windows Desktop Search
    [2009/02/13 03:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/02/15 15:38:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/02/07 08:05:22 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2010/11/20 11:38:03 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/20 12:05:22 | 000,014,875 | ---- | M] () -- C:\ComboFix.txt
    [2006/02/15 15:38:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/12/02 08:13:31 | 000,000,000 | ---- | M] () -- C:\DVDPATH.TXT
    [2005/08/21 21:32:50 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
    [2010/11/20 11:43:31 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
    [2006/02/15 15:38:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/02/16 09:56:48 | 000,001,222 | -H-- | M] () -- C:\IPH.PH
    [2006/02/15 15:38:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/04 22:41:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/20 11:43:28 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/02/15 15:38:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2004/12/09 00:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/09/01 16:54:55 | 000,001,626 | -H-- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/02/15 07:28:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/02/15 07:28:58 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/02/15 07:28:57 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/04 22:50:25 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/09/07 22:23:01 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/20 03:14:11 | 003,912,337 | R--- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\ComboFix.exe
    [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 12:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >
    [2001/03/21 04:49:00 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Driver Cache\DrvUpdt.exe
    [2005/07/06 09:12:00 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e1000msg.dll
    [2005/10/11 03:30:28 | 000,199,680 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100a325.inf
    [2006/02/25 04:23:36 | 000,225,032 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100a325.PNF
    [2005/10/07 08:26:34 | 000,199,269 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100ant5.inf
    [2006/02/25 04:23:36 | 000,224,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100ant5.PNF
    [2005/10/18 21:03:18 | 000,033,791 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.cat
    [2005/05/19 00:38:26 | 000,005,178 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.din
    [2005/10/13 06:39:00 | 000,292,274 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.inf
    [2006/02/25 04:23:36 | 000,277,636 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100b325.PNF
    [2005/10/10 07:31:42 | 000,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100b325.sys
    [2005/06/16 00:48:24 | 000,036,864 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100bmsg.dll
    [2005/05/19 00:51:12 | 000,005,182 | ---- | M] () -- C:\WINDOWS\Driver Cache\e100bnt5.din
    [2005/10/10 07:37:16 | 000,152,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\e100bnt5.sys
    [2005/07/13 09:06:44 | 000,002,792 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5032.din
    [2005/09/14 10:23:02 | 000,172,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\E1e5032.SYS
    [2005/10/13 07:31:50 | 000,014,286 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.cat
    [2005/07/13 09:06:44 | 000,002,790 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.din
    [2005/10/06 09:45:22 | 000,184,583 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.inf
    [2006/02/25 04:23:36 | 000,216,012 | ---- | M] () -- C:\WINDOWS\Driver Cache\e1e5132.PNF
    [2005/09/14 10:24:08 | 000,179,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\E1e5132.sys
    [2005/06/23 03:59:00 | 000,017,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\EtCo32.dll
    [2005/11/09 06:50:48 | 000,379,243 | ---- | M] () -- C:\WINDOWS\Driver Cache\GIGA.exe
    [2005/09/27 22:41:00 | 000,009,157 | ---- | M] () -- C:\WINDOWS\Driver Cache\iamt.cat
    [2005/06/29 03:57:00 | 000,002,570 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.din
    [2005/08/21 00:32:16 | 000,031,802 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.inf
    [2006/02/25 04:23:36 | 000,026,988 | ---- | M] () -- C:\WINDOWS\Driver Cache\IAMT.PNF
    [2005/08/21 00:31:50 | 000,032,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMT03.sys
    [2005/08/21 00:32:06 | 000,039,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMT2K.sys
    [2005/08/21 00:31:58 | 000,038,528 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\IAMTXP.sys
    [2006/02/25 04:23:36 | 000,030,800 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1
    [2005/09/27 22:41:00 | 000,007,449 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.cat
    [2005/06/19 19:48:48 | 000,010,946 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.inf
    [2006/02/25 04:23:36 | 000,012,556 | ---- | M] () -- C:\WINDOWS\Driver Cache\iresol.PNF
    [2005/11/09 06:18:16 | 000,379,240 | ---- | M] () -- C:\WINDOWS\Driver Cache\LANF.exe
    [2005/06/14 15:08:42 | 000,020,480 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\NicCo32.dll
    [2005/05/19 00:28:12 | 000,021,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\NicIn32.dll
    [2005/06/15 06:27:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Driver Cache\PROUnstl.exe
    [2005/11/25 10:38:00 | 000,008,614 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.cat
    [2005/11/25 10:38:00 | 000,003,193 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.inf
    [2006/02/25 04:23:36 | 000,008,856 | ---- | M] () -- C:\WINDOWS\Driver Cache\tcusb.PNF
    [2005/11/25 10:38:00 | 000,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\Driver Cache\tcusb.sys
    [2005/10/19 01:19:46 | 000,000,013 | ---- | M] () -- C:\WINDOWS\Driver Cache\verfile.tic

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/09/07 22:23:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/06/02 04:37:07 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Cookies\desktop.ini
    [2010/11/20 20:19:13 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 19:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/12/05 00:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [2005/08/01 05:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
    [2005/10/03 03:51:04 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 09:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 09:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 09:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 09:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 09:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 09:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 09:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "RescheduleWaitTime" = 4
    "NoAutoRebootWithLoggedOnUsers" = 0
    "NoAutoUpdate" = 0
    "AUOptions" = 4
    "AUState" = 2
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 3
    "UseWUServer" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    Celmak1,
    #11
  13. 2010/11/20
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    LOG No.2 Extras.txt


    OTL Extras logfile created on: 11/20/2010 8:53:25 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Cem the Greywolf\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 155.00 Mb Available Physical Memory | 31.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.28 Gb Total Space | 44.69 Gb Free Space | 60.17% Space Free | Partition Type: NTFS

    Computer Name: CEM | User Name: Cem the Greywolf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
    "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
    "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
    "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
    "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
    "{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "DivX Content Uploader" = DivX Content Uploader
    "EAX Unified" = EAX Unified
    "ESPNMotion" = ESPNMotion
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
    "Power Saver" = TOSHIBA Power Saver
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RiseOfNations 1.0" = Microsoft Rise Of Nations
    "RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/1/2010 7:32:58 PM | Computer Name = CEM | Source = COM+ | ID = 135761
    Description = The run-time environment has detected an inconsistency in its internal
    state. This indicates a potential instability in the process that could be caused
    by the custom components running in the COM+ application, the components they make
    use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
    hr = 8007041d: InitEventCollector fail

    Error - 11/2/2010 7:20:51 PM | Computer Name = CEM | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 11/2/2010 9:27:32 PM | Computer Name = CEM | Source = Application Hang | ID = 1002
    Description = Hanging application Skype.exe, version 5.0.0.152, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 11/4/2010 7:36:57 PM | Computer Name = CEM | Source = Application Hang | ID = 1002
    Description = Hanging application FullTiltPoker.exe, version 0.0.0.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/5/2010 4:05:29 PM | Computer Name = CEM | Source = Application Hang | ID = 1002
    Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/7/2010 4:42:54 PM | Computer Name = CEM | Source = Application Hang | ID = 1002
    Description = Hanging application FullTiltPoker.exe, version 0.0.0.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/19/2010 4:17:40 AM | Computer Name = CEM | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
    ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be updated.

    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 11/19/2010 4:18:26 AM | Computer Name = CEM | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
    ANTI-MALWARE\MALWAREBYTES' ANTI-MALWARE HELP.LNK> in the hash map cannot be updated.

    Context:
    Application, SystemIndex Catalog Details: A device attached to the system is not
    functioning. (0x8007001f)

    Error - 11/19/2010 4:18:27 AM | Computer Name = CEM | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MALWAREBYTES'
    ANTI-MALWARE\UNINSTALL MALWAREBYTES' ANTI-MALWARE.LNK> in the hash map cannot be
    updated. Context: Application, SystemIndex Catalog Details: A device attached to
    the system is not functioning. (0x8007001f)

    Error - 11/19/2010 7:59:28 AM | Computer Name = CEM | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 11/19/2010 5:11:56 AM | Computer Name = CEM | Source = Service Control Manager | ID = 7034
    Description = The Swupdtmr service terminated unexpectedly. It has done this 1
    time(s).

    Error - 11/19/2010 5:11:57 AM | Computer Name = CEM | Source = Service Control Manager | ID = 7034
    Description = The TOSHIBA Application Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/19/2010 5:53:11 AM | Computer Name = CEM | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 11/19/2010 5:53:24 AM | Computer Name = CEM | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 11/19/2010 5:54:19 AM | Computer Name = CEM | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 11/19/2010 2:41:27 PM | Computer Name = CEM | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the Dnscache service.

    Error - 11/19/2010 2:44:07 PM | Computer Name = CEM | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 11/19/2010 2:44:07 PM | Computer Name = CEM | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 11/20/2010 7:39:42 AM | Computer Name = CEM | Source = Service Control Manager | ID = 7034
    Description = The Swupdtmr service terminated unexpectedly. It has done this 1
    time(s).

    Error - 11/20/2010 7:46:22 AM | Computer Name = CEM | Source = Service Control Manager | ID = 7034
    Description = The Swupdtmr service terminated unexpectedly. It has done this 1
    time(s).


    < End of report >
     
    Celmak1,
    #12
  14. 2010/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer could use another 512MB for better performance.

    ================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    We have DNS hijacker here...

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CFSServ.exe] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.138 213.109.75.31


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" =-


:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client "
    net start "dns client "


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset ".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE


    Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
    broni,
    #13
  15. 2010/11/21
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    hi broni,

    Things get a little tricky at this point. The router is owned and maintained by my landlord. Upon talking to him in person, I got the impression that he/his office might not have kept necessary info for reconfiguring security settings of the router.

    Given the circumstances, I have a few questions.

    How vulnerable will my computer be if I just run the OTL fix you provided for removing the DNS hijacker and not reconfigure the router? Do DNS hijackers have habit of creeping back in immediately? Is there a security suite that would help me monitor/block this particular threat? Simply put, is it ok if i just remove the dns hijacker in my pc, do the cmd commands, reset the router but leave router settings as are?

    Secondly, would resetting the router and doing cmd command prompts in my pc have an effect on other users afterward?

    I will go ahead and do the java update asap. Thanks again Broni :)
     
    Celmak1,
    #14
  16. 2010/11/21
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    hi broni,
    first off, i did the java update and clean up.

    Upon reading about resetting routers and things that have to be done there after, i am a little confused about what resetting the router would entail. Is there a 'simple reset option' that will do what is needed for my problem but will not require me to reset username, password, encryption and rebuild internet provider account?

    Since i have a few neighbors who use the connection daily and do not have whatever info is needed (internet provider account info etc) to set up connection after enabling encryption, i am hesitant to go beyond the OTL fix stage. Is there an alternative route to getting rid of my problem? Should i go ahead with otl fix and cmd commands anyways? will be very happy to hear your take on the issue:)
     
    Celmak1,
    #15
  17. 2010/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, here is the hijacker:
    It redirects you to a Russian IP.

    Usually, it also means. that a router is infected.

    Run OTL fix and cmd commands, post OTL fix log, as well as new OTL "Quick scan" log and we'll see what you have there.
     
    broni,
    #16
  18. 2010/11/21
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    OTL Fix Log



    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    C:\Documents and Settings\Cem the Greywolf\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Cem the Greywolf\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Cem the Greywolf
    ->Temp folder emptied: 9281842 bytes
    ->Temporary Internet Files folder emptied: 344358 bytes
    ->Java cache emptied: 74703 bytes
    ->FireFox cache emptied: 44336237 bytes
    ->Flash cache emptied: 4256 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 52.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Cem the Greywolf
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11212010_183041

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Celmak1,
    #17
  19. 2010/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #18
  20. 2010/11/21
    Celmak1

    Celmak1 Inactive Thread Starter

    Joined:
    2010/11/18
    Messages:
    45
    Likes Received:
    0
    OTL logfile created on: 11/21/2010 7:28:39 PM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Cem the Greywolf\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.28 Gb Total Space | 44.59 Gb Free Space | 60.03% Space Free | Partition Type: NTFS

    Computer Name: CEM | User Name: Cem the Greywolf | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    PRC - [2008/08/29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/01/05 22:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    PRC - [2005/12/20 19:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2005/12/05 19:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005/11/30 20:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    PRC - [2005/11/28 18:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005/11/28 18:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/11/28 18:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/11/28 18:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/10/06 13:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/08/16 19:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    PRC - [2005/07/13 01:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    PRC - [2005/06/24 02:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2005/06/24 02:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2005/06/24 02:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2005/06/02 16:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2005/06/02 16:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2005/06/02 16:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2005/06/01 05:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2005/06/01 04:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2005/04/27 00:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/03/11 23:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
    PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 08:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2004/08/28 08:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004/08/28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2002/03/03 12:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2005/12/20 19:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2005/11/28 18:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/11/28 18:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/11/28 18:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/07/13 01:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2005/06/24 02:27:30 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2005/06/24 02:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2005/06/24 02:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2005/06/02 16:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2005/06/02 16:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2005/06/02 16:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/04/22 19:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/03/31 04:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/08/28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CEMTHE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/10/18 08:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101119.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/18 08:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101119.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/27 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
    DRV - [2008/08/14 10:01:06 | 000,231,424 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
    DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005/12/10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/12/04 17:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/30 19:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
    DRV - [2005/11/30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/11/28 19:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/11/15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/10/20 22:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
    DRV - [2005/10/06 13:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/10/06 13:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/10/06 13:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/10/06 13:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/10/06 13:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/10/06 13:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/10/06 13:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/14 10:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2005/09/12 11:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/09 22:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/08/25 20:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 20:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/24 23:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
    DRV - [2005/08/12 13:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/06/02 11:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005/05/14 02:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/04/22 19:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/22 19:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/03/31 04:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/02/05 03:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/02/05 03:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2005/01/12 08:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
    DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2003/01/10 20:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.lse.ac.uk/ "
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 04:54:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/21 13:35:46 | 000,000,000 | ---D | M]

    [2008/08/26 15:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Extensions
    [2010/11/20 17:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions
    [2010/09/20 11:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/08/26 19:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mozilla\Firefox\Profiles\rvlbc31j.default\extensions\moveplayer@movenetworks.com
    [2010/11/21 13:35:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/31 00:59:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/11/21 13:35:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/11/21 13:34:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/20 11:59:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TFncKy] File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll (IEPlayInterface Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157673358311 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254596490216 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///D:/win/setup/iamce.dll (IAMCE Class)
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://www.tgrthaber.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/02/15 15:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/21 18:30:41 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/21 13:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Desktop\JavaRa
    [2010/11/21 13:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/11/20 20:52:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    [2010/11/20 12:09:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/20 12:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/20 11:37:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/20 11:34:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/20 11:34:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/20 11:34:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/20 11:34:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/20 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/20 11:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/19 02:22:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/19 02:21:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/19 02:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/19 02:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Desktop\Fix
    [2010/11/19 01:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Leadertech
    [2010/11/18 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Malwarebytes
    [2010/11/18 23:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/01 22:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\VMUVC
    [2010/11/01 22:56:51 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\exvmuvc.ax
    [2010/11/01 22:56:50 | 000,252,416 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\VMUVC.sys
    [2010/11/01 22:56:49 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\vvftUVC.ax
    [2010/11/01 22:56:46 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\WINDOWS\System32\VvFtCtrl.dll
    [2010/11/01 22:56:44 | 000,516,096 | ---- | C] (vimicro) -- C:\WINDOWS\System32\VMUVC.ax
    [2010/11/01 22:56:43 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMCtrl.ax
    [2010/11/01 22:56:43 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMUVC.dll
    [2010/11/01 22:56:42 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\vvftUVC.sys
    [2010/11/01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
    [2010/11/01 22:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Application Data\InstallShield
    [2010/10/31 01:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/10/31 01:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\Temp
    [2010/10/31 01:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/10/31 00:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/10/28 14:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cem the Greywolf\Desktop\GLEE
    [2006/02/15 16:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/21 19:21:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/21 19:20:31 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/21 19:20:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/21 19:20:11 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/21 19:11:05 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/21 13:41:09 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\JavaRa.zip
    [2010/11/21 01:21:32 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2010/11/20 20:49:10 | 000,569,857 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.zip
    [2010/11/20 11:59:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/20 11:38:03 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/11/20 03:14:11 | 003,912,337 | R--- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\ComboFix.exe
    [2010/11/19 02:10:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/11/17 20:53:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.exe
    [2010/11/12 03:11:00 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/05 01:32:03 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\amcap.lnk
    [2010/11/04 04:39:36 | 000,048,638 | ---- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Dec Ankara Trip.pdf
    [2010/10/31 01:07:53 | 000,464,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/31 01:07:53 | 000,079,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Folder.jpg
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Large.jpg
    [2010/10/26 20:44:33 | 000,002,739 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Small.jpg
    [2010/10/26 20:44:32 | 000,002,739 | -HS- | M] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArtSmall.jpg

    ========== Files Created - No Company Name ==========

    [2010/11/21 13:40:50 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\JavaRa.zip
    [2010/11/20 20:49:07 | 000,569,857 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\OTL.zip
    [2010/11/20 11:38:03 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/11/20 11:37:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/20 11:34:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/20 11:34:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/20 11:34:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/20 11:34:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/20 11:34:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/20 03:14:11 | 003,912,337 | R--- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\ComboFix.exe
    [2010/11/05 01:32:03 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\amcap.lnk
    [2010/11/04 04:39:36 | 000,048,638 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Dec Ankara Trip.pdf
    [2010/10/31 01:00:11 | 000,000,906 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/31 01:00:09 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/31 00:56:06 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2010/10/26 20:44:33 | 000,009,988 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Large.jpg
    [2010/10/26 20:44:33 | 000,002,739 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArt_{CA53628B-33D4-4318-8798-669D190DF2B6}_Small.jpg
    [2010/10/26 19:14:35 | 000,009,988 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\Folder.jpg
    [2010/10/26 19:14:35 | 000,002,739 | -HS- | C] () -- C:\Documents and Settings\Cem the Greywolf\Desktop\AlbumArtSmall.jpg
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/01/26 01:19:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/12/12 16:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/11/02 07:19:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/10/15 03:08:21 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
    [2006/09/28 23:23:50 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2006/09/28 23:23:50 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2006/09/28 23:23:50 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2006/09/27 05:51:04 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
    [2006/09/26 05:53:31 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/09/16 02:32:15 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/09/16 02:29:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/09/08 03:42:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2006/09/07 22:26:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/09/07 22:22:00 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Cem the Greywolf\Local Settings\Application Data\fusioncache.dat
    [2006/06/06 03:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/02/25 04:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
    [2006/02/16 15:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
    [2006/02/16 09:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/02/16 09:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/02/16 09:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/02/16 09:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/02/16 09:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/02/16 09:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/02/16 09:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/02/15 16:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
    [2006/02/15 16:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
    [2006/02/15 16:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006/02/15 16:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006/02/15 16:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006/02/15 16:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006/02/15 16:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006/02/15 16:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
    [2006/02/15 16:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/02/15 15:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/02/15 15:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/02/15 14:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/02/15 07:30:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/11/29 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/09/02 22:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/08/24 23:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
    [2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/07/23 05:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/21 01:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 22:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/01/07 20:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2006/02/17 09:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2008/07/01 16:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metaboli Player
    [2006/09/08 04:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\InterVideo
    [2010/11/20 11:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Kaesh
    [2010/11/19 01:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Leadertech
    [2010/08/23 21:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Mount&Blade
    [2006/02/16 09:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\toshiba
    [2009/01/29 10:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Windows Desktop Search
    [2009/02/13 03:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cem the Greywolf\Application Data\Windows Search

    ========== Purity Check ==========



    < End of report >
     
    Celmak1,
    #19
  21. 2010/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, O17 entry seems to be gone for now.
    How is redirection?
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...