Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP IE 7 Hangs Randomly


  • This topic is locked This topic is locked
16 replies to this topic

#1 Tol

Tol

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 01 March 2009 - 09:59 AM

Hello,

This is my first time posting to this forum. I am having a problem while using IE 7 randomly. For example 5 or 6 tabs are open in my Internet Explorer 7, when I try to change to another tab in IE 7. IE 7 hangs and nothing happens and I cannot close IE 7 or change to other tabs. One of the tab says, "program is not responding". This problem occurs randomly. Sometimes it does not happen for 2 weeks and then it happens again. When I check Event Viewer, and it says: "Application Hang" / Category: 101 / Event ID: 1001 and also 1002 / Hanged Application: iexplore.exe version 7.0.6000.16791 / also somehere it says: "faultrep.dll". When this error happens, I use Task Manager by hitting stopping task many times. During this time, CPU usage is 100%, as if dumping memory to hard disk. Because of this problem, I increased physical memory from 1 GB to 2GB. But problem still occurs. I have internet security 2009 and I ran NIS 2009 in safe mode and did not find and viruses or threats. My OS is Windows XP Home Edition. I hate this error. It is very annoying. I really need your help. Any help would be appreciated.

Thanks in advance,
Tol

----------------------

DDS (Ver_09-02-01.01) - NTFSx86
Run by tolgao at 12:08:01,87 on 01.03.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.2047.1573 [GMT 2:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
svchost.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tolgao\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.tr/
BHO: Adobe PDF Reader Bağı Yardımı: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\progra~1\balang~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dell\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234370274477
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234470590858
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-27 64160]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-2-28 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-2-28 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090225.002\IDSxpx86.sys [2009-2-28 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-2-28 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-6 59328]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090228.021\NAVENG.SYS [2009-3-1 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090228.021\NAVEX15.SYS [2009-3-1 876144]

=============== Created Last 30 ================

2009-02-28 18:41 <DIR> --d----- c:\program files\Cobian Backup 8
2009-02-28 00:04 <DIR> --d-h--- c:\documents and settings\all users\WLANProfiles
2009-02-28 00:03 17,801 -------- c:\windows\system32\drivers\AegisP.sys
2009-02-27 23:37 <DIR> --d----- c:\windows\tiinst
2009-02-27 23:26 1,033,728 -------- c:\windows\system32\drivers\HSF_DPV.SYS
2009-02-27 23:26 129,405 -------- c:\windows\system32\drivers\del1028.cty
2009-02-27 23:26 42,858 -------- c:\windows\system32\hsfci014.dll
2009-02-27 23:20 <DIR> --d----- c:\windows\tiinst1
2009-02-27 18:37 15,688 -------- c:\windows\system32\lsdelete.exe
2009-02-27 18:29 64,160 -------- c:\windows\system32\drivers\Lbd.sys
2009-02-27 18:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 18:25 <DIR> --d----- c:\program files\Lavasoft
2009-02-27 17:46 410,984 -------- c:\windows\system32\deploytk.dll
2009-02-27 17:46 73,728 -------- c:\windows\system32\javacpl.cpl
2009-02-27 17:22 36,272 -----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-27 17:22 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-27 17:22 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-27 17:22 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-27 17:22 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-27 17:22 <DIR> --d----- c:\program files\Symantec
2009-02-27 17:22 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-27 17:22 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-27 17:21 <DIR> --d----- c:\program files\NortonInstaller
2009-02-27 17:19 <DIR> --d----- c:\program files\Paragon Software
2009-02-27 13:11 <DIR> --d----- c:\program files\Trend Micro
2009-02-27 13:08 116,224 -c------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-27 13:08 23,040 -c------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-27 13:08 18,944 -c------ c:\windows\system32\dllcache\xrxscnui.dll
2009-02-27 13:08 27,648 -c------ c:\windows\system32\dllcache\xrxftplt.exe
2009-02-27 13:08 4,608 -c------ c:\windows\system32\dllcache\xrxflnch.exe
2009-02-27 13:08 99,865 -c------ c:\windows\system32\dllcache\xlog.exe
2009-02-27 13:08 28,288 -c------ c:\windows\system32\dllcache\xjis.nls
2009-02-27 13:08 16,970 -c------ c:\windows\system32\dllcache\xem336n5.sys
2009-02-27 13:08 19,455 -c------ c:\windows\system32\dllcache\wvchntxx.sys
2009-02-27 13:08 12,063 -c------ c:\windows\system32\dllcache\wsiintxx.sys
2009-02-27 13:08 8,832 -c------ c:\windows\system32\dllcache\wmiacpi.sys
2009-02-27 13:06 26,112 -c------ c:\windows\system32\dllcache\usbser.sys
2009-02-27 13:05 99,328 -c------ c:\windows\system32\dllcache\srusd.dll
2009-02-27 13:04 17,664 -c------ c:\windows\system32\dllcache\sermouse.sys
2009-02-27 13:03 35,328 -c------ c:\windows\system32\dllcache\psisload.dll
2009-02-27 13:02 9,344 -c------ c:\windows\system32\dllcache\ntapm.sys
2009-02-27 13:01 35,200 -c------ c:\windows\system32\dllcache\msgame.sys
2009-02-27 13:00 8,192 -c------ c:\windows\system32\dllcache\kbdkor.dll
2009-02-27 12:59 141,056 -c------ c:\windows\system32\dllcache\icam3.sys
2009-02-27 12:58 454,912 -c------ c:\windows\system32\dllcache\fxusbase.sys
2009-02-27 12:57 20,992 -c------ c:\windows\system32\dllcache\dshowext.ax
2009-02-27 12:56 61,226 -c------ c:\windows\system32\dllcache\cpqtrnd5.sys
2009-02-27 12:55 180,770 -c------ c:\windows\system32\dllcache\c_20932.nls
2009-02-27 12:54 281,600 -c------ c:\windows\system32\dllcache\atimtai.sys
2009-02-27 12:52 101,888 -c------ c:\windows\system32\dllcache\adpu160m.sys
2009-02-27 12:51 48,128 -c------ c:\windows\system32\dllcache\61883.sys
2009-02-27 12:51 38,400 -c------ c:\windows\system32\dllcache\8514a.dll
2009-02-27 12:51 12,288 -c------ c:\windows\system32\dllcache\4mmdat.sys
2009-02-27 12:51 148,352 -c------ c:\windows\system32\dllcache\3dfxvsm.sys
2009-02-27 12:51 762,780 -c------ c:\windows\system32\dllcache\3cwmcru.sys
2009-02-27 12:51 689,216 -c------ c:\windows\system32\dllcache\3dfxvs.dll
2009-02-27 12:51 11,264 -c------ c:\windows\system32\dllcache\1394vdbg.sys
2009-02-27 12:51 66,048 -c------ c:\windows\system32\dllcache\s3legacy.dll
2009-02-27 12:38 <DIR> --d----- c:\program files\UPHClean
2009-02-25 09:33 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-20 12:49 16,496 -----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-02-20 12:48 51,088 -----r-- c:\windows\system32\drivers\hpzid412.sys
2009-02-20 12:48 21,744 -----r-- c:\windows\system32\drivers\HPZius12.sys
2009-02-20 12:48 25,856 -c------ c:\windows\system32\dllcache\usbprint.sys
2009-02-20 12:48 25,856 -------- c:\windows\system32\drivers\usbprint.sys
2009-02-20 12:47 270,336 -----r-- c:\windows\system32\HPZc3212.dll
2009-02-20 12:47 581,632 -----r-- c:\windows\system32\hpotscl.dll
2009-02-20 12:47 90,112 -----r-- c:\windows\system32\hpovst08.dll
2009-02-20 12:47 278,528 -----r-- c:\windows\system32\hpgwiamd.dll
2009-02-20 12:47 15,104 -c------ c:\windows\system32\dllcache\usbscan.sys
2009-02-20 12:47 15,104 -------- c:\windows\system32\drivers\usbscan.sys
2009-02-15 16:33 <DIR> --d----- c:\program files\Roxio
2009-02-15 16:33 <DIR> --d----- c:\program files\common files\Adaptec Shared
2009-02-15 10:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-14 21:36 4,767 -------- c:\windows\Irremote.ini
2009-02-14 21:11 <DIR> --d----- c:\program files\Nero
2009-02-14 15:43 69 -------- c:\windows\NeroDigital.ini
2009-02-14 15:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-02-14 15:02 <DIR> --d----- c:\program files\Smart Modular
2009-02-14 15:02 <DIR> --d----- c:\windows\Downloaded Installations
2009-02-13 23:20 26,368 -c------ c:\windows\system32\dllcache\usbstor.sys
2009-02-13 22:27 57,344 -------- c:\windows\uneng.exe
2009-02-13 16:33 268,648 -------- c:\windows\system32\mucltui.dll
2009-02-13 16:33 27,496 -------- c:\windows\system32\mucltui.dll.mui
2009-02-13 14:54 0 -------- c:\windows\COMPANIONAPP.INI
2009-02-13 14:43 <DIR> --d----- c:\program files\HP
2009-02-12 23:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2009-02-12 22:48 744 -------- c:\windows\ODBC.INI
2009-02-12 22:48 28,040 -------- c:\windows\system32\mdimon.dll
2009-02-12 21:40 43,539 -------- c:\windows\system32\drivers\btwhid.sys
2009-02-12 21:37 8,192 -c------ c:\windows\system32\dllcache\wshirda.dll
2009-02-12 21:37 8,192 -------- c:\windows\system32\wshirda.dll
2009-02-12 21:37 28,160 -c------ c:\windows\system32\dllcache\irmon.dll
2009-02-12 21:37 28,160 -------- c:\windows\system32\irmon.dll
2009-02-12 21:37 152,064 -c------ c:\windows\system32\dllcache\irftp.exe
2009-02-12 21:37 152,064 -------- c:\windows\system32\irftp.exe
2009-02-12 00:51 14,048 -------- c:\windows\system32\spmsg2.dll
2009-02-12 00:39 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-12 00:37 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-12 00:37 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-12 00:37 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-12 00:37 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-12 00:37 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-12 00:37 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-12 00:37 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-12 00:37 <DIR> --d----- C:\12e66d6cbd13bcf653492b
2009-02-12 00:29 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-12 00:25 <DIR> --d----- c:\windows\system32\URTTemp
2009-02-11 22:59 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-11 22:59 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-11 22:59 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-11 22:59 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-11 22:59 1,015,808 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-11 22:59 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-11 22:59 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-11 22:59 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-11 22:59 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-11 22:21 2,147,328 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-11 22:21 2,025,984 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-11 22:04 <DIR> --d----- c:\windows\system32\tr-tr
2009-02-11 22:04 <DIR> --d----- c:\windows\system32\tr
2009-02-11 22:04 <DIR> --d----- c:\windows\l2schemas
2009-02-11 21:56 <DIR> --d----- c:\windows\network diagnostic
2009-02-11 21:38 199,680 -c------ c:\windows\system32\dllcache\scripta.dll
2009-02-11 20:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-02-11 20:55 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-11 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-02-11 19:39 221,184 -------- c:\windows\system32\wmpns.dll
2009-02-11 19:39 316,640 -------- c:\windows\WMSysPr9.prx
2009-02-11 19:37 <DIR> --d----- c:\windows\peernet
2009-02-11 19:37 <DIR> --d----- c:\windows\provisioning
2009-02-11 19:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-11 19:27 <DIR> --d----- c:\windows\EHome
2009-02-11 19:14 11,264 -c------ c:\windows\system32\dllcache\spnpinst.exe
2009-02-11 19:14 11,264 -------- c:\windows\system32\spnpinst.exe
2009-02-11 19:14 7,208 -c------ c:\windows\system32\dllcache\secupd.sig
2009-02-11 19:14 4,569 -c------ c:\windows\system32\dllcache\secupd.dat
2009-02-11 19:14 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-02-11 19:14 7,208 -------- c:\windows\system32\secupd.sig
2009-02-11 19:14 4,569 -------- c:\windows\system32\secupd.dat
2009-02-11 18:48 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-11 18:48 26,488 -------- c:\windows\system32\spupdsvc.exe
2009-02-11 18:48 <DIR> --d-h--- c:\windows\$hf_mig$
2009-02-11 18:47 <DIR> --d----- c:\windows\system32\bits
2009-02-11 18:46 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-02-11 18:46 18,944 -c------ c:\windows\system32\dllcache\qmgrprxy.dll
2009-02-11 18:46 8,192 -c------ c:\windows\system32\dllcache\bitsprx2.dll
2009-02-11 18:46 7,168 -c------ c:\windows\system32\dllcache\bitsprx3.dll
2009-02-11 18:46 354,304 -------- c:\windows\system32\winhttp.dll
2009-02-11 18:46 18,944 -------- c:\windows\system32\qmgrprxy.dll
2009-02-11 18:46 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-02-11 18:46 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-02-11 18:37 <DIR> --dsh--- c:\documents and settings\tolgao\UserData
2009-02-11 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-11 18:15 5,134 -------- c:\windows\system32\OEMLOGO.BMP
2009-02-11 18:13 581 -------- c:\windows\system32\OEMINFO.INI
2009-02-11 18:02 11,336 a------- c:\windows\system32\nvModes.001
2009-02-11 18:02 11,336 a------- c:\windows\system32\nvModes.dat
2009-02-11 18:01 17,513 a------- c:\windows\system32\nvapps.xml
2009-02-11 18:01 13,866 a------- c:\windows\system32\nvdisp.nvu
2009-02-11 18:01 <DIR> --d----- c:\windows\nview
2009-02-11 18:01 176,128 -------- c:\windows\system32\nvudisp.exe
2009-02-11 17:47 265,728 -----r-- c:\windows\system32\drivers\bcmwl5.sys
2009-02-11 17:35 307,200 -----r-- c:\windows\system32\BMAPI.dll
2009-02-11 17:35 17,217 -------- c:\windows\system32\drivers\omci.sys
2009-02-11 17:34 3,072 -c------ c:\windows\system32\dllcache\audstub.sys
2009-02-11 17:34 3,072 -------- c:\windows\system32\drivers\audstub.sys
2009-02-11 17:34 21,504 -c------ c:\windows\system32\dllcache\hidserv.dll
2009-02-11 17:34 21,504 -------- c:\windows\system32\hidserv.dll
2009-02-11 17:34 57,600 -c------ c:\windows\system32\dllcache\redbook.sys
2009-02-11 17:34 57,600 -------- c:\windows\system32\drivers\redbook.sys
2009-02-11 17:33 6,400 -c------ c:\windows\system32\dllcache\enum1394.sys
2009-02-11 17:33 6,400 -------- c:\windows\system32\drivers\enum1394.sys
2009-02-11 17:33 5,504 -c------ c:\windows\system32\dllcache\intelide.sys
2009-02-11 17:33 5,504 -------- c:\windows\system32\drivers\intelide.sys
2009-02-11 17:33 10,240 -c------ c:\windows\system32\dllcache\compbatt.sys
2009-02-11 17:33 10,240 -------- c:\windows\system32\drivers\compbatt.sys
2009-02-11 17:33 14,208 -c------ c:\windows\system32\dllcache\battc.sys
2009-02-11 17:33 13,952 -c------ c:\windows\system32\dllcache\cmbatt.sys
2009-02-11 17:33 14,208 -------- c:\windows\system32\drivers\battc.sys
2009-02-11 17:33 13,952 -------- c:\windows\system32\drivers\cmbatt.sys
2009-02-11 17:32 <DIR> --d----- c:\program files\common files\ODBC
2009-02-11 17:32 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-11 17:31 126,912 -------- c:\windows\system\MSVIDEO.DLL
2009-02-11 17:31 <DIR> --d--r-- c:\documents and settings\all users\Belgeler
2009-02-11 17:31 <DIR> --d----- c:\documents and settings\all users\Sık Kullanılanlar
2009-02-11 17:30 33,408 -------- c:\windows\system32\drivers\gv3.sys
2009-02-11 17:30 666 -------- c:\windows\speed.reg
2009-02-11 17:30 <DIR> --d----- c:\program files\Dell Computer Corporation
2009-02-11 17:30 53,248 -------- c:\windows\system32\DellSys.dll
2009-02-11 17:29 237 -------- c:\windows\system32\$winnt$.inf
2009-02-11 17:27 <DIR> --d-h--- c:\documents and settings\tolgao\WLANProfiles
2009-02-11 17:27 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-11 17:23 <DIR> --d----- c:\documents and settings\tolgao\Bluetooth Software
2009-02-11 17:22 <DIR> --d----- c:\program files\Dell
2009-02-11 17:20 <DIR> --d----- c:\program files\Broadcom
2009-02-11 17:13 <DIR> --d----- c:\program files\Apoint
2009-02-11 17:11 <DIR> --d----- c:\program files\CONEXANT
2009-02-11 16:58 <DIR> --d----- c:\program files\SigmaTel
2009-02-11 16:03 <DIR> --d--r-- c:\documents and settings\tolgao\Sık Kullanılanlar
2009-02-11 16:03 <DIR> --d--r-- c:\documents and settings\tolgao\Belgelerim
2009-02-11 15:46 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-11 15:45 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-11 15:43 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-11 15:43 <DIR> --d----- c:\program files\Online Services
2009-02-11 15:43 <DIR> --d----- c:\program files\Messenger
2009-02-11 15:43 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-11 15:43 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-02-15 16:40 242,048 -------- c:\windows\system32\drivers\cdudf_xp.sys
2009-02-15 16:40 206,464 -------- c:\windows\system32\drivers\udfreadr_xp.sys
2009-02-15 16:40 151,066 -------- c:\windows\system32\drivers\pwd_2K.sys
2009-02-15 16:40 30,694 -------- c:\windows\system32\drivers\Mmc_2k.sys
2009-02-15 16:40 25,962 -------- c:\windows\system32\drivers\Dvd_2k.sys
2009-02-15 16:40 1,044,480 -------- c:\windows\system32\Roboex32.dll
2009-02-15 16:40 62,320 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-15 16:40 49,152 -------- c:\windows\system32\cdrtc.dll
2009-02-15 16:40 45,056 -------- c:\windows\system32\cdral.dll
2009-02-15 16:40 23,324 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-13 01:18 432,646 -------- c:\windows\system32\perfh01F.dat
2009-02-13 01:18 83,084 -------- c:\windows\system32\perfc01F.dat
2009-02-11 19:41 77,423 -------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-11 15:44 21,736 -------- c:\windows\system32\emptyregdb.dat
2008-12-31 17:04 691,560 -------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 -------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 -------- c:\windows\system32\OGAAddin.dll
2008-12-21 00:47 826,368 -------- c:\windows\system32\wininet.dll

============= FINISH: 12:08:40,45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 12 March 2009 - 05:05 PM

Hi Tol,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 12 March 2009 - 05:57 PM

Hi Far,

I did not made major changes to system, except I installed WinDVD V4.0 by InterVideo. Also my Windows Update
was open till few minutes ago. Now I turned off automatic Windows Update. Current state of the system, Internet
Explorer still hangs once in a while(randomly) so that I had to kill whole Internet Explorer by using Task Manager.

Here is the Log.txt file you asked for:

Logfile of random's system information tool 1.05 (written by random/random)
Run by tolgao at 2009-03-13 00:48:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (35%) free of 57 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:28, on 13.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\tolgao\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\tolgao.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234370274477
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234470590858
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 7991 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Bağı Yardımı - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-12 344944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL [2009-02-27 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Oturum Açma Yardım Aracı - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll [2008-12-12 344944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2003-06-20 368640]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-07-06 7118848]
"nwiz"=nwiz.exe /installquiet []
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2009-02-15 684032]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-27 148888]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-27 509784]
"ZCfgSvc.exe"=C:\WINDOWS\system32\ZCfgSvc.exe [2005-07-05 639040]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2005-06-27 135168]
"DVDSentry"=C:\WINDOWS\system32\DSentry.exe [2003-02-06 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788e941-f850-11dd-b12e-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 3 months======

2009-03-13 00:48:18 ----D---- C:\rsit
2009-03-11 18:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 18:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-07 22:26:37 ----D---- C:\Documents and Settings\tolgao\Application Data\InterVideo
2009-03-07 22:25:04 ----D---- C:\Program Files\InterVideo
2009-03-01 10:40:00 ----D---- C:\Documents and Settings\tolgao\Application Data\WinRAR
2009-02-28 21:29:05 ----D---- C:\Program Files\WinRAR
2009-02-28 18:41:37 ----D---- C:\Program Files\Cobian Backup 8
2009-02-27 23:37:23 ----D---- C:\WINDOWS\tiinst
2009-02-27 23:32:31 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.92 Modem.txt
2009-02-27 23:26:35 ----N---- C:\WINDOWS\system32\hsfci014.dll
2009-02-27 23:20:06 ----D---- C:\WINDOWS\tiinst1
2009-02-27 18:37:35 ----N---- C:\WINDOWS\system32\lsdelete.exe
2009-02-27 18:29:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-27 18:25:53 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 18:25:44 ----D---- C:\Program Files\Lavasoft
2009-02-27 18:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-27 17:46:55 ----N---- C:\WINDOWS\system32\javaws.exe
2009-02-27 17:46:55 ----N---- C:\WINDOWS\system32\javaw.exe
2009-02-27 17:46:55 ----N---- C:\WINDOWS\system32\java.exe
2009-02-27 17:46:55 ----N---- C:\WINDOWS\system32\deploytk.dll
2009-02-27 17:22:50 ----D---- C:\Program Files\Symantec
2009-02-27 17:22:50 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-02-27 17:22:12 ----D---- C:\Program Files\Windows Sidebar
2009-02-27 17:22:12 ----D---- C:\Program Files\Norton Internet Security
2009-02-27 17:21:23 ----D---- C:\Program Files\NortonInstaller
2009-02-27 17:19:22 ----D---- C:\Program Files\Paragon Software
2009-02-27 13:11:27 ----D---- C:\Program Files\Trend Micro
2009-02-27 12:55:56 ----D---- C:\WINDOWS\pss
2009-02-27 12:38:36 ----D---- C:\Program Files\UPHClean
2009-02-26 23:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-25 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-02-25 09:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 12:49:52 ----HD---- C:\Config.Msi
2009-02-20 12:47:48 ----R---- C:\WINDOWS\system32\HPZc3212.dll
2009-02-20 12:47:47 ----R---- C:\WINDOWS\system32\hpovst08.dll
2009-02-20 12:47:47 ----R---- C:\WINDOWS\system32\hpotscl.dll
2009-02-20 12:47:46 ----R---- C:\WINDOWS\system32\hpgwiamd.dll
2009-02-15 16:33:54 ----D---- C:\Program Files\Roxio
2009-02-15 16:33:09 ----D---- C:\Program Files\Common Files\Adaptec Shared
2009-02-15 10:25:13 ----D---- C:\Program Files\MSXML 4.0
2009-02-14 21:36:54 ----N---- C:\WINDOWS\Irremote.ini
2009-02-14 21:11:36 ----D---- C:\Program Files\Nero
2009-02-14 21:10:26 ----N---- C:\WINDOWS\system32\d3dx9_30.dll
2009-02-14 15:43:16 ----N---- C:\WINDOWS\NeroDigital.ini
2009-02-14 15:42:38 ----D---- C:\Documents and Settings\tolgao\Application Data\Nero
2009-02-14 15:38:41 ----D---- C:\Program Files\Common Files\Nero
2009-02-14 15:38:41 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-14 15:02:30 ----D---- C:\Program Files\Smart Modular
2009-02-14 15:02:10 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-14 13:28:34 ----D---- C:\WINDOWS\Minidump
2009-02-14 13:28:27 ----N---- C:\WINDOWS\ntbtlog.txt
2009-02-13 23:01:17 ----D---- C:\Documents and Settings\tolgao\Application Data\Help
2009-02-13 22:42:42 ----N---- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
2009-02-13 22:27:18 ----N---- C:\WINDOWS\uneng.exe
2009-02-13 22:12:51 ----N---- C:\WINDOWS\SIGVERIF.TXT
2009-02-13 17:02:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-13 17:02:16 ----D---- C:\Program Files\Common Files\Adobe
2009-02-13 17:02:16 ----D---- C:\Program Files\Adobe
2009-02-13 16:33:47 ----N---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-13 16:33:47 ----N---- C:\WINDOWS\system32\mucltui.dll
2009-02-13 15:22:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-13 14:54:06 ----N---- C:\WINDOWS\COMPANIONAPP.INI
2009-02-13 14:47:56 ----D---- C:\Program Files\Common Files\Designer
2009-02-13 14:47:30 ----D---- C:\Program Files\Microsoft Office
2009-02-13 14:43:20 ----D---- C:\Program Files\HP
2009-02-13 01:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-12 23:07:35 ----D---- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2009-02-12 22:48:19 ----N---- C:\WINDOWS\ODBC.INI
2009-02-12 22:48:09 ----N---- C:\WINDOWS\system32\mdimon.dll
2009-02-12 21:37:37 ----N---- C:\WINDOWS\system32\wshirda.dll
2009-02-12 21:37:36 ----N---- C:\WINDOWS\system32\irmon.dll
2009-02-12 21:37:35 ----N---- C:\WINDOWS\system32\irftp.exe
2009-02-12 12:59:33 ----D---- C:\Documents and Settings\tolgao\Application Data\Macromedia
2009-02-12 12:59:33 ----D---- C:\Documents and Settings\tolgao\Application Data\Adobe
2009-02-12 12:28:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-12 12:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-12 12:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-12 12:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-02-12 12:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-12 00:51:42 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-02-12 00:51:41 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-02-12 00:39:09 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-12 00:39:04 ----D---- C:\Program Files\MSBuild
2009-02-12 00:39:01 ----D---- C:\WINDOWS\system32\en-US
2009-02-12 00:38:52 ----D---- C:\Program Files\Reference Assemblies
2009-02-12 00:37:33 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-02-12 00:37:32 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-12 00:37:31 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-02-12 00:37:29 ----D---- C:\12e66d6cbd13bcf653492b
2009-02-12 00:30:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-12 00:30:22 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-12 00:29:57 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-12 00:29:40 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-02-12 00:28:37 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-02-12 00:28:00 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-02-12 00:25:14 ----RSD---- C:\WINDOWS\assembly
2009-02-12 00:25:13 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-12 00:25:09 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-11 23:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 23:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-11 23:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-11 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-11 23:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-11 23:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-11 23:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-11 23:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-11 23:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-11 23:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-11 23:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-11 23:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-11 23:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-11 23:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-11 23:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-11 23:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-11 23:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-11 23:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-11 23:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-11 23:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-11 23:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-11 23:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-11 23:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-11 23:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-11 23:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-11 23:00:22 ----D---- C:\WINDOWS\ie7updates
2009-02-11 22:59:39 ----D---- C:\WINDOWS\WBEM
2009-02-11 22:57:53 ----HDC---- C:\WINDOWS\ie7
2009-02-11 22:57:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-02-11 22:57:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-02-11 22:10:51 ----D---- C:\WINDOWS\Prefetch
2009-02-11 22:04:50 ----D---- C:\WINDOWS\system32\tr-tr
2009-02-11 22:04:49 ----D---- C:\WINDOWS\system32\tr
2009-02-11 22:04:49 ----D---- C:\WINDOWS\l2schemas
2009-02-11 21:56:12 ----D---- C:\WINDOWS\network diagnostic
2009-02-11 21:39:36 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-02-11 21:39:31 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-11 21:39:26 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-11 21:39:25 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-11 21:39:25 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-11 21:39:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-02-11 21:39:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-02-11 21:39:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-02-11 21:39:00 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-11 21:38:56 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-11 21:38:55 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-02-11 21:38:55 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-11 21:38:52 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-11 21:38:52 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-11 21:38:52 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-11 21:38:51 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-11 21:38:48 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-11 21:38:40 ----N---- C:\WINDOWS\system32\napstat.exe
2009-02-11 21:38:40 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-02-11 21:38:40 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-02-11 21:38:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-11 21:38:37 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-02-11 21:38:36 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-11 21:38:36 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-11 21:38:30 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-11 21:38:30 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-11 21:38:30 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-11 21:38:30 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-11 21:38:24 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-11 21:38:20 ----N---- C:\WINDOWS\005196_.tmp
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-11 21:38:19 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-11 21:38:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-11 21:38:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-11 21:38:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-11 21:38:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-11 21:38:16 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-11 21:38:16 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-11 21:38:15 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-11 21:38:10 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-11 21:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-02-11 21:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-02-11 21:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-02-11 21:00:54 ----N---- C:\WINDOWS\system32\MRT.exe
2009-02-11 21:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-02-11 21:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-02-11 21:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-02-11 21:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-02-11 21:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-02-11 21:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-02-11 20:59:58 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-02-11 20:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-02-11 20:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-02-11 20:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-02-11 20:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-02-11 20:59:12 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-02-11 20:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-02-11 20:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-02-11 20:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-02-11 20:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-02-11 20:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-02-11 20:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-02-11 20:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-02-11 20:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-02-11 20:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-02-11 20:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-02-11 20:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-02-11 20:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-02-11 20:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-02-11 20:56:52 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-11 20:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-02-11 20:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2009-02-11 20:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-02-11 20:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-02-11 20:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-02-11 20:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-02-11 20:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-02-11 20:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-02-11 20:55:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-11 20:55:15 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-02-11 20:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-02-11 20:54:30 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-02-11 20:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-02-11 20:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-02-11 20:54:12 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-02-11 20:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-02-11 20:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-02-11 20:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-02-11 20:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-02-11 20:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-02-11 20:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-02-11 20:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-02-11 19:39:17 ----N---- C:\WINDOWS\system32\wmpns.dll
2009-02-11 19:37:53 ----D---- C:\WINDOWS\peernet
2009-02-11 19:37:52 ----D---- C:\WINDOWS\provisioning
2009-02-11 19:36:01 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-11 19:27:12 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-11 19:27:08 ----D---- C:\WINDOWS\EHome
2009-02-11 19:14:01 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-02-11 18:52:49 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-11 18:48:13 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-11 18:48:11 ----N---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-11 18:48:10 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-11 18:48:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 18:47:41 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-02-11 18:47:18 ----D---- C:\WINDOWS\system32\bits
2009-02-11 18:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-02-11 18:46:15 ----N---- C:\WINDOWS\system32\winhttp.dll
2009-02-11 18:46:15 ----N---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-11 18:46:15 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-11 18:46:15 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-11 18:38:43 ----N---- C:\WINDOWS\system32\wups2.dll
2009-02-11 18:38:43 ----N---- C:\WINDOWS\system32\wups.dll
2009-02-11 18:38:43 ----N---- C:\WINDOWS\system32\wucltui.dll.mui
2009-02-11 18:38:43 ----N---- C:\WINDOWS\system32\wucltui.dll
2009-02-11 18:38:43 ----N---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-02-11 18:38:42 ----N---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-11 18:38:42 ----N---- C:\WINDOWS\system32\wuapi.dll
2009-02-11 18:38:12 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-11 18:35:43 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-02-11 18:17:02 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
2009-02-11 18:13:55 ----N---- C:\WINDOWS\system32\OEMINFO.INI
2009-02-11 18:05:54 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-11 18:05:17 ----N---- C:\WINDOWS\system32\wstdecod.dll
2009-02-11 18:05:17 ----N---- C:\WINDOWS\system32\psisdecd.dll
2009-02-11 18:05:17 ----N---- C:\WINDOWS\system32\msyuv.dll
2009-02-11 18:05:17 ----N---- C:\WINDOWS\system32\msvidctl.dll
2009-02-11 18:05:16 ----N---- C:\WINDOWS\system32\ksuser.dll
2009-02-11 18:05:14 ----N---- C:\WINDOWS\system32\qedwipes.dll
2009-02-11 18:05:14 ----N---- C:\WINDOWS\system32\qedit.dll
2009-02-11 18:05:13 ----N---- C:\WINDOWS\system32\qasf.dll
2009-02-11 18:05:13 ----N---- C:\WINDOWS\system32\mswebdvd.dll
2009-02-11 18:05:13 ----N---- C:\WINDOWS\system32\msdmo.dll
2009-02-11 18:05:12 ----N---- C:\WINDOWS\system32\quartz.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\qdvd.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\qdv.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\qcap.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\mciqtz32.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\encapi.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\devenum.dll
2009-02-11 18:05:11 ----N---- C:\WINDOWS\system32\amstream.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dswave.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmusic.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmsynth.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmstyle.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmloader.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmime.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmcompos.dll
2009-02-11 18:05:10 ----N---- C:\WINDOWS\system32\dmband.dll
2009-02-11 18:05:09 ----N---- C:\WINDOWS\system32\dmscript.dll
2009-02-11 18:05:09 ----N---- C:\WINDOWS\system32\dinput8.dll
2009-02-11 18:05:09 ----N---- C:\WINDOWS\system32\d3d9.dll
2009-02-11 18:05:09 ----N---- C:\WINDOWS\system32\d3d8.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\gcdef.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dxdllreg.exe
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dxdiag.exe
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dx8vb.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dx7vb.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dsound3d.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dsound.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dsdmoprp.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dsdmo.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpwsockx.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpvvox.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpvsetup.exe
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpvoice.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpvacm.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnsvr.exe
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnlobby.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnhupnp.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnhpast.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnet.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpnaddr.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dpmodemx.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dplayx.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dplaysvr.exe
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\dinput.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\diactfrm.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\ddrawex.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\ddraw.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\d3dim700.dll
2009-02-11 18:05:08 ----N---- C:\WINDOWS\system32\d3d8thk.dll
2009-02-11 18:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-02-11 18:01:09 ----N---- C:\WINDOWS\system32\nvudisp.exe
2009-02-11 18:01:09 ----D---- C:\WINDOWS\nview
2009-02-11 17:56:42 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-02-11 17:56:42 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-02-11 17:56:42 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-02-11 17:56:42 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nview.dll
2009-02-11 17:56:41 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-11 17:56:40 ----A---- C:\WINDOWS\system32\keystone.exe
2009-02-11 17:40:42 ----D---- C:\Documents and Settings\tolgao\Application Data\Sun
2009-02-11 17:40:34 ----D---- C:\Program Files\Java
2009-02-11 17:38:19 ----N---- C:\WINDOWS\system32\h323log.txt
2009-02-11 17:35:46 ----R---- C:\WINDOWS\system32\BMAPI.dll
2009-02-11 17:34:36 ----N---- C:\WINDOWS\system32\hidserv.dll
2009-02-11 17:32:21 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 17:32:18 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-11 17:32:17 ----N---- C:\WINDOWS\ODBCINST.INI
2009-02-11 17:32:17 ----D---- C:\Program Files\Common Files\ODBC
2009-02-11 17:32:14 ----RD---- C:\Program Files
2009-02-11 17:32:14 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-02-11 17:32:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-11 17:32:14 ----D---- C:\Program Files\Common Files
2009-02-11 17:32:11 ----R---- C:\WINDOWS\system32\kbduzb.dll
2009-02-11 17:32:11 ----R---- C:\WINDOWS\system32\kbdtat.dll
2009-02-11 17:32:11 ----R---- C:\WINDOWS\system32\kbdmon.dll
2009-02-11 17:32:11 ----R---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-11 17:32:11 ----R---- C:\WINDOWS\system32\kbdaze.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdycc.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdur.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdru1.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdru.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdbu.dll
2009-02-11 17:32:10 ----R---- C:\WINDOWS\system32\kbdblr.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhept.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdhe.dll
2009-02-11 17:32:08 ----R---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-11 17:32:07 ----R---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-11 17:32:07 ----R---- C:\WINDOWS\system32\kbdlv.dll
2009-02-11 17:32:07 ----R---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-11 17:32:07 ----R---- C:\WINDOWS\system32\kbdlt.dll
2009-02-11 17:32:07 ----R---- C:\WINDOWS\system32\kbdest.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdycl.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdsl.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdro.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdpl.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdhu.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdcz.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\kbdcr.dll
2009-02-11 17:32:05 ----R---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-11 17:32:02 ----N---- C:\WINDOWS\system32\kbdazel.dll
2009-02-11 17:32:01 ----N---- C:\WINDOWS\system32\irclass.dll
2009-02-11 17:32:00 ----N---- C:\WINDOWS\system32\spxcoins.dll
2009-02-11 17:32:00 ----N---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-11 17:32:00 ----N---- C:\WINDOWS\system32\dgsetup.dll
2009-02-11 17:32:00 ----N---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-11 17:31:58 ----N---- C:\WINDOWS\TASKMAN.EXE
2009-02-11 17:31:58 ----N---- C:\WINDOWS\notepad.exe
2009-02-11 17:31:57 ----N---- C:\WINDOWS\system32\storprop.dll
2009-02-11 17:31:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-11 17:31:57 ----N---- C:\WINDOWS\system32\batt.dll
2009-02-11 17:31:48 ----SH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-11 17:31:47 ----R---- C:\WINDOWS\SET1B.tmp
2009-02-11 17:31:46 ----R---- C:\WINDOWS\SETD.tmp
2009-02-11 17:31:45 ----R---- C:\WINDOWS\SET7.tmp
2009-02-11 17:31:42 ----R---- C:\WINDOWS\SET3.tmp
2009-02-11 17:31:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-11 17:31:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-11 17:31:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-11 17:31:17 ----N---- C:\WINDOWS\setuplog.txt
2009-02-11 17:31:10 ----D---- C:\Documents and Settings
2009-02-11 17:30:11 ----D---- C:\Program Files\Dell Computer Corporation
2009-02-11 17:30:05 ----N---- C:\WINDOWS\system32\DellSys.dll
2009-02-11 17:30:01 ----RSH---- C:\boot.ini
2009-02-11 17:27:48 ----N---- C:\WINDOWS\system32\results.txt
2009-02-11 17:27:26 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-11 17:26:58 ----N---- C:\WINDOWS\system32\W70MLRES.DLL
2009-02-11 17:26:58 ----N---- C:\WINDOWS\system32\W20MLRes.dll
2009-02-11 17:26:45 ----N---- C:\WINDOWS\system32\w70n5msg.dll
2009-02-11 17:26:44 ----N---- C:\WINDOWS\system32\W20NCPA.dll
2009-02-11 17:26:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 17:26:19 ----RSD---- C:\WINDOWS\Fonts
2009-02-11 17:26:19 ----RD---- C:\WINDOWS\Web
2009-02-11 17:26:19 ----HD---- C:\WINDOWS\inf
2009-02-11 17:26:19 ----D---- C:\WINDOWS\WinSxS
2009-02-11 17:26:19 ----D---- C:\WINDOWS\twain_32
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Temp
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\wins
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\wbem
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\usmt
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\spool
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\Setup
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\ras
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\oobe
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\npp
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\mui
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\IME
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\icsxml
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\ias
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\export
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\drivers
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\dhcp
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\config
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\3076
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\2052
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1055
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1054
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1042
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1041
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1037
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1033
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1031
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1028
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32\1025
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system32
2009-02-11 17:26:19 ----D---- C:\WINDOWS\system
2009-02-11 17:26:19 ----D---- C:\WINDOWS\security
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Resources
2009-02-11 17:26:19 ----D---- C:\WINDOWS\repair
2009-02-11 17:26:19 ----D---- C:\WINDOWS\mui
2009-02-11 17:26:19 ----D---- C:\WINDOWS\msapps
2009-02-11 17:26:19 ----D---- C:\WINDOWS\msagent
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Media
2009-02-11 17:26:19 ----D---- C:\WINDOWS\java
2009-02-11 17:26:19 ----D---- C:\WINDOWS\ime
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Help
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Driver Cache
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Debug
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Cursors
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Connection Wizard
2009-02-11 17:26:19 ----D---- C:\WINDOWS\Config
2009-02-11 17:26:19 ----D---- C:\WINDOWS\AppPatch
2009-02-11 17:26:19 ----D---- C:\WINDOWS\addins
2009-02-11 17:26:19 ----D---- C:\WINDOWS
2009-02-11 17:22:16 ----D---- C:\Program Files\Dell
2009-02-11 17:20:18 ----D---- C:\Program Files\Broadcom
2009-02-11 17:18:33 ----SHD---- C:\RECYCLER
2009-02-11 17:13:09 ----D---- C:\Program Files\Apoint
2009-02-11 17:13:03 ----R---- C:\WINDOWS\system32\Vxdif.dll
2009-02-11 17:11:33 ----N---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-02-11 17:11:16 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-11 17:11:16 ----N---- C:\WINDOWS\system32\HSFCI006.dll
2009-02-11 17:11:08 ----D---- C:\Program Files\CONEXANT
2009-02-11 17:04:16 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-11 17:03:47 ----D---- C:\Program Files\Intel
2009-02-11 17:03:26 ----N---- C:\WINDOWS\system32\usbui.dll
2009-02-11 17:03:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-11 16:58:01 ----D---- C:\Program Files\SigmaTel
2009-02-11 16:54:16 ----R---- C:\WINDOWS\system32\hhactivex.dll
2009-02-11 16:54:15 -------- C:\WINDOWS\system32\RcdScan.dll
2009-02-11 16:54:13 ----N---- C:\WINDOWS\system32\VB5DB.DLL
2009-02-11 16:54:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-11 16:54:03 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-11 16:51:24 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxssend.exe
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxsroute.dll
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxsperf.ini
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxsmon.dll
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxsevent.dll
2009-02-11 16:51:08 ----N---- C:\WINDOWS\system32\fxsclntR.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsxp32.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxswzrd.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsui.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxstiff.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxst30.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxssvc.exe
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsst.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsres.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsperf.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsext32.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsdrv.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxscover.exe
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxscom.dll
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxsclnt.exe
2009-02-11 16:51:07 ----N---- C:\WINDOWS\system32\fxscfgwz.dll
2009-02-11 16:51:06 ----N---- C:\WINDOWS\system32\fxscomex.dll
2009-02-11 16:51:05 ----N---- C:\WINDOWS\system32\fxsapi.dll
2009-02-11 16:03:18 ----SHD---- C:\WINDOWS\Installer
2009-02-11 16:03:14 ----D---- C:\Documents and Settings\tolgao\Application Data\Identities
2009-02-11 16:03:08 ----HD---- C:\Program Files\Uninstall Information
2009-02-11 16:03:04 ----SH---- C:\Documents and Settings\tolgao\Application Data\desktop.ini
2009-02-11 16:03:03 ----SD---- C:\Documents and Settings\tolgao\Application Data\Microsoft
2009-02-11 16:02:19 ----SHD---- C:\System Volume Information
2009-02-11 16:02:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-11 15:52:16 ----D---- C:\WINDOWS\system32\xircom
2009-02-11 15:52:16 ----D---- C:\Program Files\xerox
2009-02-11 15:52:16 ----D---- C:\Program Files\microsoft frontpage
2009-02-11 15:52:13 ----D---- C:\DELL
2009-02-11 15:47:37 ----N---- C:\WINDOWS\system32\xpsp1hfm.exe
2009-02-11 15:47:24 ----N---- C:\WINDOWS\control.ini
2009-02-11 15:47:24 ----N---- C:\AUTOEXEC.BAT
2009-02-11 15:47:17 ----N---- C:\WINDOWS\OEWABLog.txt
2009-02-11 15:47:13 ----N---- C:\WINDOWS\system32\mapi32.dll
2009-02-11 15:46:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-11 15:46:25 ----RH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-11 15:46:25 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-11 15:46:19 ----RH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-11 15:45:58 ----D---- C:\WINDOWS\system32\DirectX
2009-02-11 15:45:31 ----N---- C:\WINDOWS\system32\safrslv.dll
2009-02-11 15:45:31 ----N---- C:\WINDOWS\system32\safrdm.dll
2009-02-11 15:45:31 ----N---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-11 15:45:31 ----N---- C:\WINDOWS\system32\racpldlg.dll
2009-02-11 15:45:31 ----N---- C:\WINDOWS\system32\atrace.dll
2009-02-11 15:45:28 ----N---- C:\WINDOWS\system32\desktop.ini
2009-02-11 15:45:28 ----N---- C:\WINDOWS\desktop.ini
2009-02-11 15:45:21 ----N---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-11 15:45:21 ----N---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-11 15:45:21 ----N---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-11 15:45:19 ----N---- C:\WINDOWS\system32\acctres.dll
2009-02-11 15:45:18 ----N---- C:\WINDOWS\system32\inetres.dll
2009-02-11 15:45:18 ----D---- C:\Program Files\Common Files\Services
2009-02-11 15:45:14 ----SD---- C:\WINDOWS\Tasks
2009-02-11 15:45:14 ----N---- C:\WINDOWS\system32\icwphbk.dll
2009-02-11 15:45:14 ----N---- C:\WINDOWS\system32\icwdial.dll
2009-02-11 15:45:13 ----N---- C:\WINDOWS\system32\isign32.dll
2009-02-11 15:45:13 ----N---- C:\WINDOWS\system32\inetcfg.dll
2009-02-11 15:45:13 ----N---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-11 15:45:11 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-11 15:45:06 ----D---- C:\WINDOWS\system32\Macromed
2009-02-11 15:45:06 ----D---- C:\WINDOWS\srchasst
2009-02-11 15:45:05 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-02-11 15:45:04 ----D---- C:\Program Files\Movie Maker
2009-02-11 15:45:01 ----D---- C:\WINDOWS\PCHealth
2009-02-11 15:45:00 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-02-11 15:45:00 ----N---- C:\WINDOWS\system32\srrstr.dll
2009-02-11 15:45:00 ----N---- C:\WINDOWS\system32\srclient.dll
2009-02-11 15:45:00 ----D---- C:\WINDOWS\system32\Restore
2009-02-11 15:44:59 ----N---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-11 15:44:59 ----N---- C:\WINDOWS\system32\msconf.dll
2009-02-11 15:44:59 ----N---- C:\WINDOWS\system32\mnmdd.dll
2009-02-11 15:44:59 ----N---- C:\WINDOWS\system32\ils.dll
2009-02-11 15:44:57 ----N---- C:\WINDOWS\system32\msoert2.dll
2009-02-11 15:44:57 ----N---- C:\WINDOWS\system32\msoeacct.dll
2009-02-11 15:44:57 ----D---- C:\Program Files\NetMeeting
2009-02-11 15:44:56 ----N---- C:\WINDOWS\system32\inetcomm.dll
2009-02-11 15:44:55 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-02-11 15:44:55 ----N---- C:\WINDOWS\system32\mstinit.exe
2009-02-11 15:44:55 ----N---- C:\WINDOWS\system32\mstask.dll
2009-02-11 15:44:55 ----D---- C:\Program Files\Outlook Express
2009-02-11 15:44:52 ----D---- C:\Program Files\Common Files\System
2009-02-11 15:44:46 ----D---- C:\Program Files\Internet Explorer
2009-02-11 15:44:29 ----D---- C:\Program Files\ComPlus Applications
2009-02-11 15:44:28 ----N---- C:\WINDOWS\vbaddin.ini
2009-02-11 15:44:28 ----N---- C:\WINDOWS\vb.ini
2009-02-11 15:44:23 ----D---- C:\WINDOWS\Registration
2009-02-11 15:43:54 ----HD---- C:\Program Files\WindowsUpdate
2009-02-11 15:43:54 ----D---- C:\Program Files\Windows Media Player
2009-02-11 15:43:54 ----D---- C:\Program Files\Online Services
2009-02-11 15:43:48 ----D---- C:\Program Files\Messenger
2009-02-11 15:43:43 ----N---- C:\WINDOWS\system32\write.exe
2009-02-11 15:43:43 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-11 15:43:35 ----N---- C:\WINDOWS\system32\sndvol32.exe
2009-02-11 15:43:35 ----N---- C:\WINDOWS\system32\sndrec32.exe
2009-02-11 15:43:35 ----N---- C:\WINDOWS\system32\hypertrm.dll
2009-02-11 15:43:35 ----N---- C:\WINDOWS\system32\hticons.dll
2009-02-11 15:43:35 ----N---- C:\WINDOWS\system32\accwiz.exe
2009-02-11 15:43:34 ----N---- C:\WINDOWS\system32\winchat.exe
2009-02-11 15:43:34 ----N---- C:\WINDOWS\system32\avwav.dll
2009-02-11 15:43:34 ----N---- C:\WINDOWS\system32\avtapi.dll
2009-02-11 15:43:34 ----N---- C:\WINDOWS\system32\avmeter.dll
2009-02-11 15:43:27 ----N---- C:\WINDOWS\system32\getuname.dll
2009-02-11 15:43:27 ----N---- C:\WINDOWS\system32\charmap.exe
2009-02-11 15:43:27 ----N---- C:\WINDOWS\system32\calc.exe
2009-02-11 15:43:26 ----N---- C:\WINDOWS\system32\winmine.exe
2009-02-11 15:43:26 ----N---- C:\WINDOWS\system32\sol.exe
2009-02-11 15:43:26 ----N---- C:\WINDOWS\system32\mshearts.exe
2009-02-11 15:43:26 ----N---- C:\WINDOWS\system32\freecell.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\tslabels.ini
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\tskill.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\tscon.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\shadow.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\rwinsta.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\reset.exe
2009-02-11 15:43:25 ----N---- C:\WINDOWS\system32\rdshost.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\regini.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\qwinsta.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\qprocess.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\qappsrv.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\mtxoci.dll
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\msg.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\logoff.exe
2009-02-11 15:43:24 ----N---- C:\WINDOWS\system32\cdmodem.dll
2009-02-11 15:43:23 ----N---- C:\WINDOWS\system32\xolehlp.dll
2009-02-11 15:43:23 ----N---- C:\WINDOWS\system32\msdtctm.dll
2009-02-11 15:43:23 ----N---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-11 15:43:23 ----N---- C:\WINDOWS\system32\msdtclog.dll
2009-02-11 15:43:23 ----N---- C:\WINDOWS\system32\msdtc.exe
2009-02-11 15:43:22 ----N---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-11 15:43:22 ----N---- C:\WINDOWS\system32\mtxex.dll
2009-02-11 15:43:22 ----N---- C:\WINDOWS\system32\mtxdm.dll
2009-02-11 15:43:22 ----N---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-11 15:43:22 ----N---- C:\WINDOWS\system32\colbact.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\stclient.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\comrepl.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\comaddin.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\clbcatex.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\catsrvps.dll
2009-02-11 15:43:21 ----N---- C:\WINDOWS\system32\catsrv.dll
2009-02-11 15:43:20 ----N---- C:\WINDOWS\system32\comuid.dll
2009-02-11 15:43:20 ----N---- C:\WINDOWS\system32\comsnap.dll
2009-02-11 15:43:20 ----N---- C:\WINDOWS\system32\clbcatq.dll
2009-02-11 15:43:14 ----N---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-11 15:43:14 ----N---- C:\WINDOWS\system32\servdeps.dll
2009-02-11 15:43:14 ----N---- C:\WINDOWS\system32\mmfutil.dll
2009-02-11 15:43:14 ----N---- C:\WINDOWS\system32\cmprops.dll
2009-02-11 15:43:09 ----N---- C:\WINDOWS\system32\mspaint.exe
2009-02-11 15:43:09 ----N---- C:\WINDOWS\system32\mplay32.exe
2009-02-11 15:43:09 ----N---- C:\WINDOWS\system32\clipbrd.exe
2009-02-11 15:43:09 ----D---- C:\Program Files\Windows NT
2009-02-11 15:43:09 ----D---- C:\Program Files\MSN
2009-02-11 15:43:08 ----N---- C:\WINDOWS\system32\wuauserv.dll
2009-02-11 15:43:08 ----N---- C:\WINDOWS\system32\wuaueng.dll
2009-02-11 15:43:08 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-02-11 15:43:08 ----N---- C:\WINDOWS\system32\spider.exe
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\sessmgr.exe
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\remotepg.dll
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\rdchost.dll
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\mstscax.dll
2009-02-11 15:43:07 ----N---- C:\WINDOWS\system32\mstsc.exe
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\tscupgrd.exe
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\rdpclip.exe
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\icaapi.dll
2009-02-11 15:43:06 ----N---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-11 15:43:06 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-11 15:43:05 ----N---- C:\WINDOWS\system32\comsvcs.dll
2009-02-11 15:43:05 ----N---- C:\WINDOWS\system32\catsrvut.dll
2009-02-11 15:43:05 ----D---- C:\WINDOWS\system32\Com
2009-02-11 15:43:02 ----N---- C:\WINDOWS\system32\licwmi.dll
2008-12-31 17:04:58 ----N---- C:\WINDOWS\system32\WGATray.exe
2008-12-31 17:04:42 ----N---- C:\WINDOWS\system32\OGAVerify.exe
2008-12-31 17:04:42 ----N---- C:\WINDOWS\system32\OGACheckControl.dll
2008-12-31 17:04:24 ----N---- C:\WINDOWS\system32\OGAAddin.dll

======List of files/folders modified in the last 3 months======

2009-02-15 16:40:15 ----N---- C:\WINDOWS\system32\Roboex32.dll
2009-02-15 16:40:15 ----N---- C:\WINDOWS\system32\cdrtc.dll
2009-02-15 16:40:15 ----N---- C:\WINDOWS\system32\cdral.dll
2009-02-13 15:29:39 ----N---- C:\WINDOWS\win.ini
2009-02-11 19:32:23 ----RSH---- C:\NTDETECT.COM
2009-02-11 17:32:13 ----N---- C:\WINDOWS\system.ini
2009-02-06 12:35:56 ----N---- C:\WINDOWS\system32\LegitCheckControl.DLL
2009-01-16 21:15:12 ----N---- C:\WINDOWS\system32\mshtml.dll
2008-12-21 00:47:04 ----N---- C:\WINDOWS\system32\wininet.dll
2008-12-21 00:47:03 ----N---- C:\WINDOWS\system32\webcheck.dll
2008-12-21 00:47:03 ----N---- C:\WINDOWS\system32\urlmon.dll
2008-12-21 00:47:01 ----N---- C:\WINDOWS\system32\url.dll
2008-12-21 00:47:01 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-12-21 00:47:01 ----N---- C:\WINDOWS\system32\occache.dll
2008-12-21 00:47:01 ----N---- C:\WINDOWS\system32\mstime.dll
2008-12-21 00:47:00 ----N---- C:\WINDOWS\system32\msrating.dll
2008-12-21 00:47:00 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-12-21 00:46:56 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-21 00:46:56 ----N---- C:\WINDOWS\system32\msfeeds.dll
2008-12-21 00:46:55 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-12-21 00:46:54 ----N---- C:\WINDOWS\system32\iertutil.dll
2008-12-21 00:46:53 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-12-21 00:46:53 ----N---- C:\WINDOWS\system32\ieframe.dll
2008-12-21 00:46:50 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-21 00:46:49 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-21 00:46:49 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-12-21 00:46:48 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-12-21 00:46:48 ----N---- C:\WINDOWS\system32\icardie.dll
2008-12-21 00:46:48 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-12-21 00:46:48 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-12-21 00:46:48 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-21 00:46:47 ----N---- C:\WINDOWS\system32\advpack.dll
2008-12-19 11:15:17 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 11:10:15 ----N---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 07:23:56 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-12 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1002000.007\ccHPx86.sys [2009-02-27 362544]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-02-15 62320]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-02-15 23324]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2009-02-15 242048]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Intel İşlemci Sürücüsü; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Klavye HID Sürücüsü; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-23 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2009-02-15 151066]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NIS\1002000.007\SRTSPX.SYS [2008-12-12 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMTDI.SYS [2008-12-12 198192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2009-02-15 206464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-28 17801]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2005-06-17 10970]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP İstemci İletişim Kuralı; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2005-04-05 132352]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-26 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-04-26 30235]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-26 53336]
R3 CmBatt;Microsoft ACPI Denetim yöntemi Pil Sürücüsü; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2009-02-15 25962]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GTICARD;GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [2003-02-06 59328]
R3 hidusb;Microsoft HID Sınıf Sürücüsü; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 mouhid;Fare HID Sürücüsü; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-08-06 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090312.019\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090312.019\NAVEX15.SYS []
R3 NIC1394;1394 Ağ Sürücüsü; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-06 3208960]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SRTSP.SYS [2008-12-12 306736]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2004-11-15 264440]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [2008-12-12 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMFW.SYS [2008-12-12 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMIDS.SYS [2008-12-12 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMNDIS.SYS [2008-12-12 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [2008-12-12 24624]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2002-10-09 42060]
R3 usbccgp;Microsoft USB Genel Üst Sürücüsü; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Etkinleştirilmiş Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 wceusbsh;Windows CE USB Seri Ana Makine Sürücüsü; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 BCM43XX;802.11 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-07-17 265728]
S3 BthEnum;Bluetooth Numaralandırıcı Hizmeti; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHPORT;Bluetooth Bağlantı Noktası Sürücüsü; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272000]
S3 BTHUSB;Bluetooth Radyo USB Sürücüsü; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-04-26 147864]
S3 gv3;Intel GV3 İşlemci Sürücüsü; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33408]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2009-02-15 30694]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 RFCOMM;Bluetooth Aygıtı (RFCOMM Protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-12 36272]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbprint;Microsoft USB YAZICI Sınıfı; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Tarayıcı Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Yığın Depolama Sürücüsü; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2005-07-26 662400]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe [2004-04-26 163840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-27 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-27 950096]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-12 115560]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-07-06 127044]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S3 WMPNetworkSvc;Windows Media Player Ağ Paylaşımı Hizmeti; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Thank you again,
Tol

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 12 March 2009 - 09:05 PM

Hi Tol,

I have gone through all the logs, found nothing suspicious. To make sure we will take a deeper look at your system for any hidden malware. At the same time we will try a couple of things which are needed to do in general in those situations.

In the course of handling your log please inform me if the problem occurs.
  • Tell me if you have a Windows installation CD. We are not going to reinstall Windows just to check the system files for their integrity and if needed repair them.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner. It runs and cleans the system and gives the amount of removed items in MB. Please after running it for the first time note down and tell me how much it cleaned.
    • Close CCleaner.
  • To check the volume for errors:
    • Click start and then My Computer.
    • Right click the drive C and select Properties.
    • Under Tools tab press Check Now...
    • Put a check mark in both items and press start.
    • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
    After the disk check is finished and the Windows started go to start => run and type eventvwr
    Go to the Applications section and search for the winlogon entry (in the source column, click on it to sort the items alphabetically) that corresponds to when you ran the check disk. Double-click that entry and you'll find the scan's results there, click the third button on the right (this copies the info in the memory) then right-click => paste it here.

  • To remove temporary files, disable browser add-ons, and reset all the changed settings:
    • Close all the open windows.
    • Go to start > Control Panel.
    • Open Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Click Reset again and OK.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


#5 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 13 March 2009 - 01:46 PM

Hi Far,

1. Yes, I have Windows XP Home Edition Installation CD.

2. Done that.

3. Done that.
- Total Cleaned Amount: 2.282,4 MB.

4. Done that.

- Check Disk Scan Results:

Olay Türü: Bilgi
Olay Kaynağı: Winlogon
Olay Kategorisi: Yok
Olay Kimliği: 1001
Tarih: 13.03.2009
Saat: 19:19:06
Kullanıcı: Yok
Bilgisayar: DELL-LT
Açıklama:
C: uzerindeki dosya sistemi denetleniyor
Dosya sistemi turu NTFS.

Bir disk gozden gecirmesi zamanlanmis.
Windows su an diski gozden gecirecek.
Surucudeki kucuk tutarsizliklar temizleniyor.
0x9 dosyasinin $SII dizininden 1030 kullanilmayan dizin girdisi temizleniyor.
0x9 dosyasinin $SDH dizininden 1030 kullanilmayan dizin girdisi temizleniyor.
1030 kullanilmayan guvenlik tanimlayicisi temizleniyor.
CHKDSK Usn Gunluk dogruluyor...
Usn Gunluk dogrulamasi tamamlandi.
CHKDSK dosya verisini dogruluyor (asama 4 / 5)...
Dosya verisini dogrulama tamamlandi.
CHKDSK bos alani dogruluyor (asama: 5 / 5)...
Bos alan dogrulamasi tamamlandi.

58645250 KB toplam disk alani.
35861160 KB 59487 dosyada.
18836 KB 4329 dizinde.
0 KB bozuk kesimde
152258 KB sistem kullaniminda.
65536 KB Gunluk dosyasinca kullaniliyor.
22612996 KB diskte kullanilabilir alan.

4096 bayt her ayirma biriminde.
14661312 ayirma birimi disk ustunde kullanilabiliyor.
5653249 ayirma birimi disk ustunde kullanilabiliyor.

Ic Bilgi:
20 40 01 00 54 f9 00 00 0b 30 01 00 00 00 00 00 @..T....0......
af 01 00 00 02 00 00 00 b9 08 00 00 00 00 00 00 ................
40 5d d7 02 00 00 00 00 10 ba a7 28 00 00 00 00 @].........(....
30 cf 85 0e 00 00 00 00 80 5f 09 d9 04 00 00 00 0........_......
10 8e 72 88 02 00 00 00 30 fa 09 a4 07 00 00 00 ..r.....0.......
99 9e 36 00 00 00 00 00 28 38 07 00 5f e8 00 00 ..6.....(8.._...
00 00 00 00 00 a0 ca 8c 08 00 00 00 e9 10 00 00 ................

Windows diskinizi gozden gecirmeyi tamamladi.
Bilgisayariniz yeniden baslarken bekleyin.


Ek bilgi için http://go.microsoft.com/fwlink/events.asp adresindeki Yardım ve Destek Merkezi'ne bakın.

5. Done that.

6. Done that. When executed ComboFix, blue DOS window poped up, and automatically executed some comands.
Then log.txt screen opened. At the beginning of log, it says "No Recovery Console installed in this machine" but
ComboFix never asked me to download Recovery Console.

- Here is ComboFix Log:

ComboFix 09-03-12.01 - tolgao 2009-03-13 20:21:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.1.1055.18.2047.1620 [GMT 2:00]
Running from: c:\documents and settings\tolgao\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-13 18:14 . 2009-03-13 18:14 <DIR> d-------- c:\program files\CCleaner
2009-03-13 00:48 . 2009-03-13 00:48 <DIR> d-------- C:\rsit
2009-03-09 16:16 . 2008-04-14 17:36 31,744 --a------ c:\windows\system32\drivers\wceusbsh.sys
2009-03-09 16:16 . 2008-04-14 17:36 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2009-03-07 22:26 . 2009-03-07 22:26 <DIR> d-------- c:\documents and settings\tolgao\Application Data\InterVideo
2009-03-07 22:25 . 2009-03-08 00:05 <DIR> d-------- c:\program files\InterVideo
2009-02-28 18:41 . 2009-02-28 18:42 <DIR> d-------- c:\program files\Cobian Backup 8
2009-02-28 00:04 . 2009-02-28 00:04 <DIR> d--h----- c:\documents and settings\All Users\WLANProfiles
2009-02-28 00:03 . 2009-02-28 00:03 17,801 --------- c:\windows\system32\drivers\AegisP.sys
2009-02-27 23:37 . 2009-02-27 23:37 <DIR> d-------- c:\windows\tiinst
2009-02-27 23:26 . 2005-05-03 15:09 1,033,728 --------- c:\windows\system32\drivers\HSF_DPV.SYS
2009-02-27 23:26 . 2005-05-03 11:56 129,405 --------- c:\windows\system32\drivers\del1028.cty
2009-02-27 23:26 . 2005-02-23 15:02 42,858 --------- c:\windows\system32\hsfci014.dll
2009-02-27 23:20 . 2009-02-27 23:20 <DIR> d-------- c:\windows\tiinst1
2009-02-27 18:37 . 2009-02-27 18:28 15,688 --------- c:\windows\system32\lsdelete.exe
2009-02-27 18:29 . 2009-02-27 18:29 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-27 18:29 . 2009-02-27 18:28 64,160 --------- c:\windows\system32\drivers\Lbd.sys
2009-02-27 18:25 . 2009-02-27 18:25 <DIR> d-------- c:\program files\Lavasoft
2009-02-27 18:25 . 2009-02-27 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-27 18:25 . 2009-02-27 18:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 17:46 . 2009-02-27 17:46 410,984 --------- c:\windows\system32\deploytk.dll
2009-02-27 17:46 . 2009-02-27 17:46 73,728 --------- c:\windows\system32\javacpl.cpl
2009-02-27 17:22 . 2009-02-28 21:20 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Symantec
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Norton Internet Security
2009-02-27 17:22 . 2009-02-27 17:22 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-27 17:22 . 2009-02-27 17:22 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-27 17:22 . 2008-12-12 05:28 36,272 -r------- c:\windows\system32\drivers\SymIM.sys
2009-02-27 17:22 . 2009-02-27 17:22 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-27 17:22 . 2009-02-27 17:22 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-27 17:21 . 2009-02-27 17:21 <DIR> d-------- c:\program files\NortonInstaller
2009-02-27 17:19 . 2009-02-27 17:19 <DIR> d-------- c:\program files\Paragon Software
2009-02-27 14:31 . 2009-02-11 17:31 <DIR> d-------- c:\documents and settings\Administrator\Sık Kullanılanlar
2009-02-27 14:31 . 2009-02-11 17:31 <DIR> d-------- c:\documents and settings\Administrator\Belgelerim
2009-02-27 14:31 . 2009-02-27 14:31 <DIR> d-------- c:\documents and settings\Administrator
2009-02-27 13:11 . 2009-02-27 13:11 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 13:08 . 2008-04-14 18:00 116,224 -----c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-27 13:08 . 2001-08-18 05:37 99,865 -----c--- c:\windows\system32\dllcache\xlog.exe
2009-02-27 13:08 . 2003-08-06 22:37 28,288 -----c--- c:\windows\system32\dllcache\xjis.nls
2009-02-27 13:08 . 2001-11-21 21:35 27,648 -----c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-27 13:08 . 2001-11-21 21:35 23,040 -----c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-27 13:08 . 2004-08-04 07:29 19,455 -----c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-27 13:08 . 2008-04-14 18:00 18,944 -----c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-27 13:08 . 2001-08-17 19:11 16,970 -----c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-27 13:08 . 2004-08-04 07:29 12,063 -----c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-27 13:08 . 2008-04-13 20:36 8,832 -----c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-02-27 13:08 . 2001-11-21 21:35 4,608 -----c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-27 13:06 . 2001-11-21 21:35 525,568 -----c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-27 13:05 . 2001-11-21 21:34 386,560 -----c--- c:\windows\system32\dllcache\sgiul50.dll
2009-02-27 13:04 . 2001-11-21 20:36 899,370 -----c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-27 13:03 . 2001-08-17 21:05 351,616 -----c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-27 13:02 . 2002-10-01 10:02 132,695 -----c--- c:\windows\system32\dllcache\netwlan5.sys
2009-02-27 13:01 . 2001-08-17 20:28 802,683 -----c--- c:\windows\system32\dllcache\ltsm.sys
2009-02-27 13:00 . 2001-11-21 21:35 372,824 -----c--- c:\windows\system32\dllcache\iconf32.dll
2009-02-27 12:59 . 2001-11-21 21:34 1,733,120 -----c--- c:\windows\system32\dllcache\g400d.dll
2009-02-27 12:58 . 2001-11-21 20:01 634,134 -----c--- c:\windows\system32\dllcache\el656ct5.sys
2009-02-27 12:57 . 2001-08-17 19:14 952,007 -----c--- c:\windows\system32\dllcache\diwan.sys
2009-02-27 12:56 . 2001-11-21 19:07 980,034 -----c--- c:\windows\system32\dllcache\cicap.sys
2009-02-27 12:54 . 2001-11-21 21:34 382,592 -----c--- c:\windows\system32\dllcache\atidrab.dll
2009-02-27 12:52 . 2001-08-17 19:19 747,392 -----c--- c:\windows\system32\dllcache\adm8830.sys
2009-02-27 12:51 . 2001-08-17 20:28 762,780 -----c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-02-27 12:51 . 2001-11-21 21:34 689,216 -----c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-02-27 12:51 . 2001-08-17 19:48 148,352 -----c--- c:\windows\system32\dllcache\3dfxvsm.sys
2009-02-27 12:51 . 2001-11-21 21:34 66,048 -----c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-27 12:51 . 2008-04-13 20:46 48,128 -----c--- c:\windows\system32\dllcache\61883.sys
2009-02-27 12:51 . 2001-11-21 21:34 38,400 -----c--- c:\windows\system32\dllcache\8514a.dll
2009-02-27 12:51 . 2008-04-13 20:40 12,288 -----c--- c:\windows\system32\dllcache\4mmdat.sys
2009-02-27 12:51 . 2001-08-17 21:06 11,264 -----c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-02-27 12:38 . 2009-02-27 12:38 <DIR> d-------- c:\program files\UPHClean
2009-02-25 09:33 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-20 12:49 . 2004-06-21 22:35 16,496 -r------- c:\windows\system32\drivers\HPZipr12.sys
2009-02-20 12:48 . 2004-06-21 22:35 51,088 -r------- c:\windows\system32\drivers\hpzid412.sys
2009-02-20 12:48 . 2008-04-13 20:47 25,856 --------- c:\windows\system32\drivers\usbprint.sys
2009-02-20 12:48 . 2008-04-13 20:47 25,856 -----c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 12:48 . 2004-06-21 22:35 21,744 -r------- c:\windows\system32\drivers\HPZius12.sys
2009-02-20 12:47 . 2004-06-21 22:35 581,632 -r------- c:\windows\system32\hpotscl.dll
2009-02-20 12:47 . 2004-06-21 22:35 278,528 -r------- c:\windows\system32\hpgwiamd.dll
2009-02-20 12:47 . 2004-06-21 22:34 270,336 -r------- c:\windows\system32\HPZc3212.dll
2009-02-20 12:47 . 2004-06-21 22:35 90,112 -r------- c:\windows\system32\hpovst08.dll
2009-02-20 12:47 . 2008-04-13 20:45 15,104 --------- c:\windows\system32\drivers\usbscan.sys
2009-02-20 12:47 . 2008-04-13 20:45 15,104 -----c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-15 16:33 . 2009-02-15 16:40 <DIR> d-------- c:\program files\Roxio
2009-02-15 16:33 . 2009-02-15 16:40 <DIR> d-------- c:\program files\Common Files\Adaptec Shared
2009-02-15 10:25 . 2009-02-15 10:25 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-14 21:36 . 2009-02-14 21:36 4,767 --------- c:\windows\Irremote.ini
2009-02-14 21:11 . 2009-02-14 21:34 <DIR> d-------- c:\program files\Nero
2009-02-14 15:43 . 2009-02-26 23:19 69 --------- c:\windows\NeroDigital.ini
2009-02-14 15:42 . 2009-02-14 22:08 <DIR> d-------- c:\documents and settings\tolgao\Application Data\Nero
2009-02-14 15:38 . 2009-02-14 22:03 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-14 15:38 . 2009-02-14 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-14 15:02 . 2009-02-14 15:02 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-14 15:02 . 2009-02-14 15:02 <DIR> d-------- c:\program files\Smart Modular
2009-02-13 23:20 . 2008-04-13 20:45 26,368 -----c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-13 22:27 . 2009-02-13 22:27 57,344 --------- c:\windows\uneng.exe
2009-02-13 17:02 . 2009-02-13 17:02 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-13 16:33 . 2008-10-16 14:06 268,648 --------- c:\windows\system32\mucltui.dll
2009-02-13 16:33 . 2008-10-16 14:06 27,496 --------- c:\windows\system32\mucltui.dll.mui
2009-02-13 15:22 . 2009-02-26 23:11 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-13 14:54 . 2009-02-13 14:54 0 --------- c:\windows\COMPANIONAPP.INI
2009-02-13 14:43 . 2009-02-13 14:43 <DIR> d-------- c:\program files\HP
2009-02-13 01:18 . 2009-02-13 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 16:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-27 22:02 --------- d-----w c:\program files\Intel
2009-02-27 21:32 --------- d-----w c:\program files\Apoint
2009-02-27 20:59 --------- d-----w c:\program files\SigmaTel
2009-02-27 15:46 --------- d-----w c:\program files\Java
2009-02-27 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 10:34 --------- d-----w c:\program files\Dell
2009-02-15 14:40 62,320 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-15 14:40 49,152 ------w c:\windows\system32\cdrtc.dll
2009-02-15 14:40 45,056 ------w c:\windows\system32\cdral.dll
2009-02-15 14:40 30,694 ------w c:\windows\system32\drivers\Mmc_2k.sys
2009-02-15 14:40 25,962 ------w c:\windows\system32\drivers\Dvd_2k.sys
2009-02-15 14:40 242,048 ------w c:\windows\system32\drivers\cdudf_xp.sys
2009-02-15 14:40 23,324 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 14:40 206,464 ------w c:\windows\system32\drivers\udfreadr_xp.sys
2009-02-15 14:40 151,066 ------w c:\windows\system32\drivers\pwd_2K.sys
2009-02-15 14:40 1,044,480 ------w c:\windows\system32\Roboex32.dll
2009-02-12 21:07 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-02-11 22:39 --------- d-----w c:\program files\MSBuild
2009-02-11 22:38 --------- d-----w c:\program files\Reference Assemblies
2009-02-11 22:29 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-11 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-11 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-11 16:17 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-02-11 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-11 15:30 --------- d-----w c:\program files\Dell Computer Corporation
2009-02-11 15:20 --------- d-----w c:\program files\Broadcom
2009-02-11 15:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-11 15:11 --------- d-----w c:\program files\CONEXANT
2009-02-11 13:52 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 14:05 1,846,784 ------w c:\windows\system32\win32k.sys
2008-12-31 15:04 691,560 ------w c:\windows\system32\OGACheckControl.dll
2008-12-31 15:04 528,744 ------w c:\windows\system32\OGAVerify.exe
2008-12-31 15:04 502,120 ------w c:\windows\system32\OGAAddin.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2003-06-20 368640]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-06 7118848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2009-02-15 684032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-27 509784]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"DVDSentry"="c:\windows\system32\DSentry.exe" [2003-02-06 28672]
"nwiz"="nwiz.exe" [2004-10-26 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 561213]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 01:33 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-27 64160]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-28 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-28 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-28 115560]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-02-06 59328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788e941-f850-11dd-b12e-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-27 18:28]
.
.
------- Supplementary Scan -------
.
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 20:22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\LgNotify.dll
.
Completion time: 2009-03-13 20:24:02
ComboFix-quarantined-files.txt 2009-03-13 18:24:00
ComboFix2.txt 2009-03-13 18:13:05

Pre-Run: 23.095.853.056 bayt boş
Post-Run: 23,081,676,800 bayt boş

228 --- E O F --- 2009-03-11 16:01:07

===================================

Hope this helps.

Tol

#6 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 13 March 2009 - 02:22 PM

Hi Far,

I forgot to mention in my last e-mail. Since this morning strange thing is happening again on Internet Explorer.
Cursor(Arrow or Hand) started blinking real fast so that I cannot click properly. Sometimes there is no cursor
seen on screen because it is blinking real fast. But when I close Internet Explorer and reopen again, cursor
is solid and normal again, no blinking. This happens randomly. But When I work on Desktop or Outlook other
then IE cursor is solid and operates normally. Why do you think this happens ? It was not a problem till this
morning. Any help would be appreciated.

Thanks,
Tol

#7 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 13 March 2009 - 02:29 PM

Hi Far,

Also one more strange thing is: on first tap of my Internet Explorer is my Yahoo mail as usual. And it has always small Red Yahoo logo "Y" on it.
But now, it has Yahoo group logo on it even though it is Yahoo mail tab is open. I just wanted to let you know.

Thanks,
Tol

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 13 March 2009 - 02:36 PM

Thanks for all the detailed feedback on all the steps. I like it. :thumbup2:

It seems Combofix is run twice, I need to see the log of the first run.

Please go to start -> Run.
  • Copy and paste the bold line in the run-box and click OK: C:\Qoobox\ComboFix2.txt
  • A text file opens, copy and paste the content to your reply.


#9 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 13 March 2009 - 03:11 PM

Here is C:\Qoobox\ComboFix2.txt
_______________________________________________________________________

ComboFix 09-03-12.01 - tolgao 2009-03-13 20:09:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.1.1055.18.2047.1629 [GMT 2:00]
Running from: c:\documents and settings\tolgao\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\w70n5msg.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-13 18:14 . 2009-03-13 18:14 <DIR> d-------- c:\program files\CCleaner
2009-03-13 00:48 . 2009-03-13 00:48 <DIR> d-------- C:\rsit
2009-03-09 16:16 . 2008-04-14 17:36 31,744 --a------ c:\windows\system32\drivers\wceusbsh.sys
2009-03-09 16:16 . 2008-04-14 17:36 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2009-03-07 22:26 . 2009-03-07 22:26 <DIR> d-------- c:\documents and settings\tolgao\Application Data\InterVideo
2009-03-07 22:25 . 2009-03-08 00:05 <DIR> d-------- c:\program files\InterVideo
2009-02-28 18:41 . 2009-02-28 18:42 <DIR> d-------- c:\program files\Cobian Backup 8
2009-02-28 00:04 . 2009-02-28 00:04 <DIR> d--h----- c:\documents and settings\All Users\WLANProfiles
2009-02-28 00:03 . 2009-02-28 00:03 17,801 --------- c:\windows\system32\drivers\AegisP.sys
2009-02-27 23:37 . 2009-02-27 23:37 <DIR> d-------- c:\windows\tiinst
2009-02-27 23:26 . 2005-05-03 15:09 1,033,728 --------- c:\windows\system32\drivers\HSF_DPV.SYS
2009-02-27 23:26 . 2005-05-03 11:56 129,405 --------- c:\windows\system32\drivers\del1028.cty
2009-02-27 23:26 . 2005-02-23 15:02 42,858 --------- c:\windows\system32\hsfci014.dll
2009-02-27 23:20 . 2009-02-27 23:20 <DIR> d-------- c:\windows\tiinst1
2009-02-27 18:37 . 2009-02-27 18:28 15,688 --------- c:\windows\system32\lsdelete.exe
2009-02-27 18:29 . 2009-02-27 18:29 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-27 18:29 . 2009-02-27 18:28 64,160 --------- c:\windows\system32\drivers\Lbd.sys
2009-02-27 18:25 . 2009-02-27 18:25 <DIR> d-------- c:\program files\Lavasoft
2009-02-27 18:25 . 2009-02-27 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-27 18:25 . 2009-02-27 18:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 17:46 . 2009-02-27 17:46 410,984 --------- c:\windows\system32\deploytk.dll
2009-02-27 17:46 . 2009-02-27 17:46 73,728 --------- c:\windows\system32\javacpl.cpl
2009-02-27 17:22 . 2009-02-28 21:20 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Symantec
2009-02-27 17:22 . 2009-02-27 17:22 <DIR> d-------- c:\program files\Norton Internet Security
2009-02-27 17:22 . 2009-02-27 17:22 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-27 17:22 . 2009-02-27 17:22 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-27 17:22 . 2008-12-12 05:28 36,272 -r------- c:\windows\system32\drivers\SymIM.sys
2009-02-27 17:22 . 2009-02-27 17:22 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-27 17:22 . 2009-02-27 17:22 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-27 17:21 . 2009-02-27 17:21 <DIR> d-------- c:\program files\NortonInstaller
2009-02-27 17:19 . 2009-02-27 17:19 <DIR> d-------- c:\program files\Paragon Software
2009-02-27 14:31 . 2009-02-11 17:31 <DIR> d-------- c:\documents and settings\Administrator\Sık Kullanılanlar
2009-02-27 14:31 . 2009-02-11 17:31 <DIR> d-------- c:\documents and settings\Administrator\Belgelerim
2009-02-27 14:31 . 2009-02-27 14:31 <DIR> d-------- c:\documents and settings\Administrator
2009-02-27 13:11 . 2009-02-27 13:11 <DIR> d-------- c:\program files\Trend Micro
2009-02-27 13:08 . 2008-04-14 18:00 116,224 -----c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-27 13:08 . 2001-08-18 05:37 99,865 -----c--- c:\windows\system32\dllcache\xlog.exe
2009-02-27 13:08 . 2003-08-06 22:37 28,288 -----c--- c:\windows\system32\dllcache\xjis.nls
2009-02-27 13:08 . 2001-11-21 21:35 27,648 -----c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-02-27 13:08 . 2001-11-21 21:35 23,040 -----c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-27 13:08 . 2004-08-04 07:29 19,455 -----c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-02-27 13:08 . 2008-04-14 18:00 18,944 -----c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-02-27 13:08 . 2001-08-17 19:11 16,970 -----c--- c:\windows\system32\dllcache\xem336n5.sys
2009-02-27 13:08 . 2004-08-04 07:29 12,063 -----c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-02-27 13:08 . 2008-04-13 20:36 8,832 -----c--- c:\windows\system32\dllcache\wmiacpi.sys
2009-02-27 13:08 . 2001-11-21 21:35 4,608 -----c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-02-27 13:06 . 2001-11-21 21:35 525,568 -----c--- c:\windows\system32\dllcache\tridxp.dll
2009-02-27 13:05 . 2001-11-21 21:34 386,560 -----c--- c:\windows\system32\dllcache\sgiul50.dll
2009-02-27 13:04 . 2001-11-21 20:36 899,370 -----c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-27 13:03 . 2001-08-17 21:05 351,616 -----c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-02-27 13:02 . 2002-10-01 10:02 132,695 -----c--- c:\windows\system32\dllcache\netwlan5.sys
2009-02-27 13:01 . 2001-08-17 20:28 802,683 -----c--- c:\windows\system32\dllcache\ltsm.sys
2009-02-27 13:00 . 2001-11-21 21:35 372,824 -----c--- c:\windows\system32\dllcache\iconf32.dll
2009-02-27 12:59 . 2001-11-21 21:34 1,733,120 -----c--- c:\windows\system32\dllcache\g400d.dll
2009-02-27 12:58 . 2001-11-21 20:01 634,134 -----c--- c:\windows\system32\dllcache\el656ct5.sys
2009-02-27 12:57 . 2001-08-17 19:14 952,007 -----c--- c:\windows\system32\dllcache\diwan.sys
2009-02-27 12:56 . 2001-11-21 19:07 980,034 -----c--- c:\windows\system32\dllcache\cicap.sys
2009-02-27 12:54 . 2001-11-21 21:34 382,592 -----c--- c:\windows\system32\dllcache\atidrab.dll
2009-02-27 12:52 . 2001-08-17 19:19 747,392 -----c--- c:\windows\system32\dllcache\adm8830.sys
2009-02-27 12:51 . 2001-08-17 20:28 762,780 -----c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-02-27 12:51 . 2001-11-21 21:34 689,216 -----c--- c:\windows\system32\dllcache\3dfxvs.dll
2009-02-27 12:51 . 2001-08-17 19:48 148,352 -----c--- c:\windows\system32\dllcache\3dfxvsm.sys
2009-02-27 12:51 . 2001-11-21 21:34 66,048 -----c--- c:\windows\system32\dllcache\s3legacy.dll
2009-02-27 12:51 . 2008-04-13 20:46 48,128 -----c--- c:\windows\system32\dllcache\61883.sys
2009-02-27 12:51 . 2001-11-21 21:34 38,400 -----c--- c:\windows\system32\dllcache\8514a.dll
2009-02-27 12:51 . 2008-04-13 20:40 12,288 -----c--- c:\windows\system32\dllcache\4mmdat.sys
2009-02-27 12:51 . 2001-08-17 21:06 11,264 -----c--- c:\windows\system32\dllcache\1394vdbg.sys
2009-02-27 12:38 . 2009-02-27 12:38 <DIR> d-------- c:\program files\UPHClean
2009-02-25 09:33 . 2009-01-09 21:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-20 12:49 . 2004-06-21 22:35 16,496 -r------- c:\windows\system32\drivers\HPZipr12.sys
2009-02-20 12:48 . 2004-06-21 22:35 51,088 -r------- c:\windows\system32\drivers\hpzid412.sys
2009-02-20 12:48 . 2008-04-13 20:47 25,856 --------- c:\windows\system32\drivers\usbprint.sys
2009-02-20 12:48 . 2008-04-13 20:47 25,856 -----c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-20 12:48 . 2004-06-21 22:35 21,744 -r------- c:\windows\system32\drivers\HPZius12.sys
2009-02-20 12:47 . 2004-06-21 22:35 581,632 -r------- c:\windows\system32\hpotscl.dll
2009-02-20 12:47 . 2004-06-21 22:35 278,528 -r------- c:\windows\system32\hpgwiamd.dll
2009-02-20 12:47 . 2004-06-21 22:34 270,336 -r------- c:\windows\system32\HPZc3212.dll
2009-02-20 12:47 . 2004-06-21 22:35 90,112 -r------- c:\windows\system32\hpovst08.dll
2009-02-20 12:47 . 2008-04-13 20:45 15,104 --------- c:\windows\system32\drivers\usbscan.sys
2009-02-20 12:47 . 2008-04-13 20:45 15,104 -----c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-15 16:33 . 2009-02-15 16:40 <DIR> d-------- c:\program files\Roxio
2009-02-15 16:33 . 2009-02-15 16:40 <DIR> d-------- c:\program files\Common Files\Adaptec Shared
2009-02-15 10:25 . 2009-02-15 10:25 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-14 21:36 . 2009-02-14 21:36 4,767 --------- c:\windows\Irremote.ini
2009-02-14 21:11 . 2009-02-14 21:34 <DIR> d-------- c:\program files\Nero
2009-02-14 15:43 . 2009-02-26 23:19 69 --------- c:\windows\NeroDigital.ini
2009-02-14 15:42 . 2009-02-14 22:08 <DIR> d-------- c:\documents and settings\tolgao\Application Data\Nero
2009-02-14 15:38 . 2009-02-14 22:03 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-14 15:38 . 2009-02-14 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-14 15:02 . 2009-02-14 15:02 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-14 15:02 . 2009-02-14 15:02 <DIR> d-------- c:\program files\Smart Modular
2009-02-13 23:20 . 2008-04-13 20:45 26,368 -----c--- c:\windows\system32\dllcache\usbstor.sys
2009-02-13 22:27 . 2009-02-13 22:27 57,344 --------- c:\windows\uneng.exe
2009-02-13 17:02 . 2009-02-13 17:02 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-13 16:33 . 2008-10-16 14:06 268,648 --------- c:\windows\system32\mucltui.dll
2009-02-13 16:33 . 2008-10-16 14:06 27,496 --------- c:\windows\system32\mucltui.dll.mui
2009-02-13 15:22 . 2009-02-26 23:11 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-13 14:54 . 2009-02-13 14:54 0 --------- c:\windows\COMPANIONAPP.INI
2009-02-13 14:43 . 2009-02-13 14:43 <DIR> d-------- c:\program files\HP
2009-02-13 01:18 . 2009-02-13 01:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 16:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-27 22:02 --------- d-----w c:\program files\Intel
2009-02-27 21:32 --------- d-----w c:\program files\Apoint
2009-02-27 20:59 --------- d-----w c:\program files\SigmaTel
2009-02-27 15:46 --------- d-----w c:\program files\Java
2009-02-27 15:22 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 10:34 --------- d-----w c:\program files\Dell
2009-02-15 14:40 62,320 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-15 14:40 49,152 ------w c:\windows\system32\cdrtc.dll
2009-02-15 14:40 45,056 ------w c:\windows\system32\cdral.dll
2009-02-15 14:40 30,694 ------w c:\windows\system32\drivers\Mmc_2k.sys
2009-02-15 14:40 25,962 ------w c:\windows\system32\drivers\Dvd_2k.sys
2009-02-15 14:40 242,048 ------w c:\windows\system32\drivers\cdudf_xp.sys
2009-02-15 14:40 23,324 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 14:40 206,464 ------w c:\windows\system32\drivers\udfreadr_xp.sys
2009-02-15 14:40 151,066 ------w c:\windows\system32\drivers\pwd_2K.sys
2009-02-15 14:40 1,044,480 ------w c:\windows\system32\Roboex32.dll
2009-02-12 21:07 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-02-11 22:39 --------- d-----w c:\program files\MSBuild
2009-02-11 22:38 --------- d-----w c:\program files\Reference Assemblies
2009-02-11 22:29 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-11 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-11 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-11 16:17 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-02-11 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-11 15:30 --------- d-----w c:\program files\Dell Computer Corporation
2009-02-11 15:20 --------- d-----w c:\program files\Broadcom
2009-02-11 15:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-11 15:11 --------- d-----w c:\program files\CONEXANT
2009-02-11 13:52 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 14:05 1,846,784 ------w c:\windows\system32\win32k.sys
2008-12-31 15:04 691,560 ------w c:\windows\system32\OGACheckControl.dll
2008-12-31 15:04 528,744 ------w c:\windows\system32\OGAVerify.exe
2008-12-31 15:04 502,120 ------w c:\windows\system32\OGAAddin.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2003-06-20 368640]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-06 7118848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2009-02-15 684032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-27 509784]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2005-07-05 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 135168]
"DVDSentry"="c:\windows\system32\DSentry.exe" [2003-02-06 28672]
"nwiz"="nwiz.exe" [2004-10-26 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 561213]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 01:33 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-27 64160]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-28 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-28 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-28 115560]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-02-06 59328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f788e941-f850-11dd-b12e-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-27 18:28]
.
.
------- Supplementary Scan -------
.
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 20:11:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\LgNotify.dll
.
Completion time: 2009-03-13 20:13:03
ComboFix-quarantined-files.txt 2009-03-13 18:13:01

Pre-Run: 23.096.291.328 bayt boş
Post-Run: 23,086,333,952 bayt boş

232 --- E O F --- 2009-03-11 16:01:07

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 13 March 2009 - 03:28 PM

Total Cleaned Amount: 2.282,4 MB.


As I suspected there is not much of maintenance. That is more than 2 BG of junk occupying the IE cache and other temporary folders. You need to use CCleaner from now on more often.

Combofix didn't found anything except one file. It confirms my initial impression that the problem is not malware related.

We are going to perform two more scans, one malware related and the other system related.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    You can use Windows File Protection to repair the system files if they are corrupted.

  • Go to Start > Run and type or copy and paste in the Run box: sfc /scannow

    It launches Windows File Protection. It may takes a while (minimum 20 minutes if your computer is fast) to check the integrity of Windows system files and if needed replaces them.
    You may need your Windows installation CD.

  • Run Hijackthis. If you don't know how go to start > Run and copy and paste the following and click OK:

    "C:\Program Files\Trend Micro\HijackThis\tolgao.exe"

    Click "Do a system scan and safe a logfile". Post the content of the log.
Please include in your next reply:
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#11 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 13 March 2009 - 04:47 PM

1. Here is MBAM Log: (it didnot find any malware)

Malwarebytes' Anti-Malware 1.34
Veritabanı versiyonu: 1845
Windows 5.1.2600 Service Pack 3

13.03.2009 23:08:39
mbam-log-2009-03-13 (23-08-39).txt

Tarama şekli: Hızlı Tarama
Taranmış nesneler: 66855
Geçen zaman: 4 minute(s), 26 second(s)

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Veri Dosyaları: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Hafıza Modülleri:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Kayıt Anahtarları:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Kayıt Değerleri:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Kayıt Veri Dosyaları:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Klasörler:
(Tehlikeli nesne bulunmadı)

Etkilenmiş Dosyalar:
(Tehlikeli nesne bulunmadı)

2. I did Windows File Protection. And it took 20 minutes to complete and no error message given.
Except at one point, I heard Windows Sound Effect which happens when a device connected or
disconnected. This sound occurs also occasionaly, but windows continue to operate normally.
I am suspicious of some very minor disconnection in hard disk drive. I am not sure about it.
Also sometimes, cursot moves by itself without me moving the mouse.

3. Here is Latest HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:49, on 13.03.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\tolgao.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234370274477
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234470590858
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 7364 bytes

Thanks,
Tol

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 13 March 2009 - 05:05 PM

Everything looks good. How is your computer running?

#13 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 14 March 2009 - 03:34 AM

Thanks Farbar,

Computer is running good, so far no problem.
Thanks again for your help.

Regards,
Tol

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:05 PM

Posted 14 March 2009 - 08:45 AM

You are welcome Tol.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.

  • I recommend you defragment your hard drive once in two week:
  • Go to start. Select All Programs.
  • Click Accessories then System Tools.
  • Click Disk Defragmenter.
  • Select drive C and click Defragment. It takes some time please be patient.
Just please let me know Combofix uninstalled properly.

Happy surfing!

#15 Tol

Tol
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 14 March 2009 - 12:31 PM

Hi Farbar,

I did your recomendations. They all look very useful softwares.
I uninstalled Combofix without any problem. Clock setting was
not changed anyway after Combofix was installed. Reboot was
also normal speed the first time as usual. Everything looks fit
right now.

Thanks again,
Tol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users