Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes when Browser is Open


  • This topic is locked This topic is locked
9 replies to this topic

#1 knowthycomp

knowthycomp

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 20 July 2009 - 04:11 PM

Hi HJT,

Sorry about the long description, I'm trying to put all the details here.

My desktop (Win XP pro, SP 3) recently seemed to have some big issues. Last week after using some programs and having the browser open for sometime, the computer froze. I had to restart many times and it kept happening. Then I started an AV scan with Trend Micro. The scan got stuck at one particular file (some file that was created before this happened with I compiled some VC++ program). So, I thought that file might be infected and I cut and pasted that file elsewhere. Then again the scan get stuck at another file in the same directory. If I kept the scan on for some more time the computer again froze. If I didn't include this directory in the folders to be scanned, the AV scanner doesn't show any progress at all - gets stuck at 0% progress. When I try to scan for spyware etc. using Ad-Aware or Spybot the computer again froze. So, I restarted the computer in Safe mode and did the virus scan, but the same result. I also tried to scan using AVG scanner (of course uninstalling Trend Micro), but for the same outcome - froze after some time (few hours with AVG).

After reading in some forums, I found few external AV scanning programs like Clamwin, McAfee stinger. Clamwin finally found one Trojan userinit. But it seemed like it didn't remove the file since, I could see the file. Then I found that it is a system process, so I was foolish enough and scanned using ComboFix so that it might restore the file - without anybody's advice. I could not make any head or tail of the log file. But again I didn't find any mention of userinit.exe in it. Can somebody please look at these log files and let me know what the status of my comp is ?

Later on after a couple of posts here (http://www.bleepingcomputer.com/forums/topic242826.html), I did the following:

- Scanned using ATF-Cleaner
- Scanned using MBAM - no infections or anything found
- Scanned using SuperAntiSpyware - one tracking cookie found
- As suggested by the moderator (boopme) I did a disk clean up

After all this when I again opened the browser for a little while the computer froze again. So, the moderator suggested I do a DDS scan and post the log. Please find the DDS log below and the "Attach.txt" file attached.

Note:
1. In the safe mode, if I do not open the browser or use an AV scanner to scan files, the computer did not freeze.
2. I did not find any unusual pop-ups or icon on my computer desktop. But sometimes the ethernet connection didn't seem to work even though the cable is connected and I could see the "light blinking" in the cable socket at the back of the computer. After I unplug the cable and plug it back in, the connection is active again.
3. A couple of times I got a standard Windows system tray pop-up saying that the computer does not have AV scanner, even though I could see the AV (Trend Micro) icon beside the pop-up message.

Thank you very much for the help, BC - I've been struggling with this since a week.

DDS Log


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Kaan Ozbay at 16:51:48.45 on Mon 07/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2572 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {4E457305-2966-4C8A-B05F-487BEA794080}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kaan Ozbay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh

networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IECheck] c:\windows\IECheck.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kaanoz~1\applic~1\mozilla\firefox\profiles\as7fbetc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\kaan ozbay\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\kaan ozbay\local settings\application

data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-20 335888]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
S2 gupdate1c992f2f73b62d8;Google Update Service (gupdate1c992f2f73b62d8);c:\program files\google\update\GoogleUpdate.exe

[2009-2-19 133104]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-7-20 225296]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-7-20 36368]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2009-7-20 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-7-20 652552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote

debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 OracleCSService;OracleCSService;d:\oraclehomes\db10g\bin\ocssd.exe service --> d:\oraclehomes\db10g\bin\ocssd.exe service

[?]
S4 Oracledb10gTNSListener;Oracledb10gTNSListener;d:\oraclehomes_new\db10g\bin\tnslsnr -->

d:\oraclehomes_new\db10g\bin\TNSLSNR [?]
S4 OracleJobSchedulerEMREP;OracleJobSchedulerEMREP;d:\oraclehomes_new\db10g\bin\extjob.exe emrep -->

d:\oraclehomes_new\db10g\bin\extjob.exe EMREP [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\bin\extjob.exe orcl --> c:\oracle\bin\extjob.exe ORCL [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\bin\tnslsnr --> c:\oracle\bin\TNSLSNR [?]
S4 OracleServiceEMREP;OracleServiceEMREP;d:\oraclehomes_new\db10g\bin\oracle.exe emrep -->

d:\oraclehomes_new\db10g\bin\ORACLE.EXE EMREP [?]
S4 OracleServiceORCL;OracleServiceORCL;c:\oracle\bin\oracle.exe orcl --> c:\oracle\bin\ORACLE.EXE ORCL [?]

=============== Created Last 30 ================

2009-07-20 15:51 <DIR> --d----- c:\program files\Trend Micro
2009-07-20 15:50 <DIR> --d----- C:\VIRUS
2009-07-20 15:50 335,888 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-07-20 15:50 72,072 a------- c:\windows\system32\drivers\tmtdi.sys
2009-07-20 15:43 <DIR> --d----- c:\program files\AVG
2009-07-20 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-20 10:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-20 10:39 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-20 10:39 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\SUPERAntiSpyware.com
2009-07-20 10:13 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\Malwarebytes
2009-07-20 10:13 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 10:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-20 10:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 10:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 22:16 <DIR> --ds---- C:\ComboFix
2009-07-18 22:01 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-18 21:42 <DIR> a-dshr-- C:\cmdcons
2009-07-18 21:39 219,648 a------- c:\windows\PEV.exe
2009-07-18 21:39 161,792 a------- c:\windows\SWREG.exe
2009-07-18 21:39 98,816 a------- c:\windows\sed.exe
2009-07-17 22:37 <DIR> --d----- c:\program files\ClamWinPortable
2009-07-15 16:45 <DIR> --d----- c:\documents and settings\kaan ozbay\.housecall6.6
2009-07-12 14:55 <DIR> --d----- c:\documents and settings\kaan ozbay\log
2009-07-12 14:01 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-12 14:01 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-12 14:01 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-12 14:01 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-12 14:01 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-12 14:01 <DIR> --d----- C:\c40ac45122542649e6df692c7c
2009-07-12 14:01 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-12 14:01 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-12 13:39 <DIR> --d----- C:\958716c7697e4478935874f9360d
2009-07-12 13:39 <DIR> --d----- C:\dc99b28aef697da28b36981781
2009-07-10 12:30 <DIR> --d----- c:\program files\common files\Aladdin Shared
2009-07-10 12:30 2,790,400 a------- c:\windows\system32\hasplms.exe
2009-07-10 12:30 2,790,400 a------- c:\windows\system32\aksllmtp.exe
2009-07-10 12:30 352,256 a------- c:\windows\system32\drivers\aksfridge.sys
2009-07-10 12:30 586,752 a------- c:\windows\system32\drivers\hardlock.sys
2009-07-10 12:30 <DIR> --d----- c:\windows\system32\redist
2009-07-10 12:28 <DIR> --d----- c:\program files\paramicsv6
2009-07-08 19:10 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\Design Science
2009-07-08 18:55 <DIR> --d----- c:\program files\MathType

==================== Find3M ====================

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 01:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 17:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 17:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 17:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 17:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 17:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 17:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 17:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 17:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-09-03 17:00 64,656 a------- c:\docume~1\kaanoz~1\applic~1\GDIPFONTCACHEV1.DAT
2008-01-28 12:13 56,912 a------- c:\documents and settings\kaan ozbay\g2mdlhlpx.exe
2009-03-17 12:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009030920090316\index.dat
2009-03-24 12:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009031620090323\index.dat
2009-03-24 12:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009032420090325\index.dat

============= FINISH: 16:52:48.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:10:17 AM

Posted 31 July 2009 - 12:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 knowthycomp

knowthycomp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 31 July 2009 - 05:56 PM

I am sorry for making it seem like I'm pushing you guys. I am very thankful that a forum such as BC exists. I am only frustrated because my work got stuck since I need to stay connected to the web for it. Thanks a ton for the reply.

So, the problem I have is that, like I've said before, my computer freezes when I open the browser or do an A/V scan. Also I got a complaint two weeks ago from our network admin. that I might have a botnet on my computer. So, I'm having to keep my m/c offline. But yesterday, despite having it offline, it froze a two times, so I stopped using it altogether.

Please find the results (DDS log and Attach.txt) of the DDS scan attached. From the last time I posted my message I installed my A/V Trend Micro again.

Thanks a lot and I appreciate your time.

< ~ Edited to place logs in-line ~ Maurice>
Kindly always place your logs within the body of reply.


DDS

DDS (Ver_09-07-30.01) - NTFSx86
Run by Kaan Ozbay at 18:39:34.92 on Fri 07/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2441 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4E457305-2966-4C8A-B05F-487BEA794080}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kaan Ozbay\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IECheck] c:\windows\IECheck.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kaanoz~1\applic~1\mozilla\firefox\profiles\as7fbetc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\kaan ozbay\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\kaan ozbay\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-7-20 36368]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-20 335888]
S2 gupdate1c992f2f73b62d8;Google Update Service (gupdate1c992f2f73b62d8);c:\program files\google\update\GoogleUpdate.exe [2009-2-19 133104]
S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-7-20 225296]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2009-7-20 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-7-20 652552]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 OracleCSService;OracleCSService;d:\oraclehomes\db10g\bin\ocssd.exe service --> d:\oraclehomes\db10g\bin\ocssd.exe service [?]
S4 Oracledb10gTNSListener;Oracledb10gTNSListener;d:\oraclehomes_new\db10g\bin\tnslsnr --> d:\oraclehomes_new\db10g\bin\TNSLSNR [?]
S4 OracleJobSchedulerEMREP;OracleJobSchedulerEMREP;d:\oraclehomes_new\db10g\bin\extjob.exe emrep --> d:\oraclehomes_new\db10g\bin\extjob.exe EMREP [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\bin\extjob.exe orcl --> c:\oracle\bin\extjob.exe ORCL [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\bin\tnslsnr --> c:\oracle\bin\TNSLSNR [?]
S4 OracleServiceEMREP;OracleServiceEMREP;d:\oraclehomes_new\db10g\bin\oracle.exe emrep --> d:\oraclehomes_new\db10g\bin\ORACLE.EXE EMREP [?]
S4 OracleServiceORCL;OracleServiceORCL;c:\oracle\bin\oracle.exe orcl --> c:\oracle\bin\ORACLE.EXE ORCL [?]

=============== Created Last 30 ================

2009-07-31 18:34 <DIR> --d-h--- c:\windows\PIF
2009-07-21 16:34 552 a------- c:\windows\system32\d3d8caps.dat
2009-07-20 15:51 <DIR> --d----- c:\program files\Trend Micro
2009-07-20 15:50 <DIR> --d----- C:\VIRUS
2009-07-20 15:50 335,888 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-07-20 15:50 72,072 a------- c:\windows\system32\drivers\tmtdi.sys
2009-07-20 15:43 <DIR> --d----- c:\program files\AVG
2009-07-20 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-20 10:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-20 10:39 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-20 10:39 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\SUPERAntiSpyware.com
2009-07-20 10:13 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\Malwarebytes
2009-07-20 10:13 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 10:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-20 10:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 10:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 22:16 <DIR> --ds---- C:\ComboFix
2009-07-18 22:01 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-18 21:42 <DIR> a-dshr-- C:\cmdcons
2009-07-18 21:39 219,648 a------- c:\windows\PEV.exe
2009-07-18 21:39 161,792 a------- c:\windows\SWREG.exe
2009-07-18 21:39 98,816 a------- c:\windows\sed.exe
2009-07-17 22:37 <DIR> --d----- c:\program files\ClamWinPortable
2009-07-15 16:45 <DIR> --d----- c:\documents and settings\kaan ozbay\.housecall6.6
2009-07-12 14:55 <DIR> --d----- c:\documents and settings\kaan ozbay\log
2009-07-12 14:01 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-12 14:01 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-12 14:01 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-12 14:01 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-12 14:01 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-12 14:01 <DIR> --d----- C:\c40ac45122542649e6df692c7c
2009-07-12 14:01 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-12 14:01 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-12 13:39 <DIR> --d----- C:\958716c7697e4478935874f9360d
2009-07-12 13:39 <DIR> --d----- C:\dc99b28aef697da28b36981781
2009-07-10 12:30 <DIR> --d----- c:\program files\common files\Aladdin Shared
2009-07-10 12:30 2,790,400 a------- c:\windows\system32\hasplms.exe
2009-07-10 12:30 2,790,400 a------- c:\windows\system32\aksllmtp.exe
2009-07-10 12:30 352,256 a------- c:\windows\system32\drivers\aksfridge.sys
2009-07-10 12:30 586,752 a------- c:\windows\system32\drivers\hardlock.sys
2009-07-10 12:30 <DIR> --d----- c:\windows\system32\redist
2009-07-10 12:28 <DIR> --d----- c:\program files\paramicsv6
2009-07-08 19:10 <DIR> --d----- c:\docume~1\kaanoz~1\applic~1\Design Science
2009-07-08 18:55 <DIR> --d----- c:\program files\MathType

==================== Find3M ====================

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 01:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2008-09-03 17:00 64,656 a------- c:\docume~1\kaanoz~1\applic~1\GDIPFONTCACHEV1.DAT
2008-01-28 12:13 56,912 a------- c:\documents and settings\kaan ozbay\g2mdlhlpx.exe
2009-03-17 12:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030920090316\index.dat
2009-03-24 12:22 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031620090323\index.dat
2009-03-24 12:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032420090325\index.dat


============= FINISH: 18:39:49.19 ===============

Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/6/2006 10:21:51 AM
System Uptime: 7/31/2009 11:19:30 AM (7 hours ago)

Motherboard: Dell Inc. | | 0HH807
Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 39.707 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 1.837 GiB free.
E: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP980: 7/20/2009 4:00:34 PM - RP2009720
RP981: 7/23/2009 10:30:07 AM - System Checkpoint
RP982: 7/24/2009 11:38:28 AM - System Checkpoint
RP983: 7/27/2009 3:15:44 PM - System Checkpoint
RP984: 7/28/2009 3:26:08 PM - System Checkpoint
RP985: 7/31/2009 12:22:46 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
ActivePerl 5.6.1 Build 638
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
ArcGIS Desktop
ArcGIS Engine SDK for the Microsoft .NET Framework
ArcGIS Tutorial Data
ATI Control Panel
ATI Display Driver
AutoUpdate
AxCrypt (Remove Only)
Broadcom Advanced Control Suite
Brother MFL-Pro Suite
CamStudio
Camtasia Studio 6
Controller Interface Device II
CorePLS_Full_QFolder
CorePLS_Min_QFolder
Cumulative Update for Microsoft Visual Basic 6.0 SP6 (KB957924)
DeepBurner v1.8.0.224
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EasyFit 3.0
FHWA GIS Safety Analysis Tools v4.0
FreeFem++ version 2.24
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting/GoToWebinar 3.0.0.198
GPL Ghostscript 8.54
GPL Ghostscript Fonts
GSview 4.8
H.264 Decoder
HASP Device Drivers
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Care Pack Core
HP Care Pack Products
HP LaserJet P2015 Series 1.0
HP Update
hppFonts
hppIOFiles
hppLJP2015
hppManualsP2015
hppTLBXFXP2015
hppWebRegMM
hpzTLBXFX
Hummingbird Exceed 3D V8.0
Hummingbird Exceed V8.0
Inno Setup version 5.1.12
InstallShield for Microsoft Visual C++ 6
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Livestation
Malwarebytes' Anti-Malware
MapInfo Professional 8.0 Evaluation
MathType 6
MATLAB Family of Products Release 14
MATLAB R2008b
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SOAP Toolkit 3.0
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.1)
Mozilla Thunderbird (2.0.0.22)
MSDN Library for Visual Studio .NET 2003
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
My Program 1.5
Nvu 1.0
OpenAL
Oracle Data Provider for .NET Help
Orems UG
PaperPort
Paramics V6.6.1 Full
PBCAT
Plan4Safety
PowerDVD 5.7
PrimoPDF
Product_SF_Full_QFolder
Product_SF_Min_QFolder
Python 2.4.1
QTam Bitmap to Icon 3.5
RealPlayer
SAS 9.1
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SEMSTAT
SSH Secure Shell
SUPERAntiSpyware Free Edition
Synchro plus SimTraffic 6
TP+
TrajectoryExplorer
Trend Micro OfficeScan Client
TSIS 5.0
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player Beta
VHB Libraries for ArcGIS Desktop
Viper
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
Visual Studio.NET Baseline - English
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Yahoo! Install Manager
Yahoo! Messenger

==== End Of File ===========================

Edited by Maurice Naggar, 01 August 2009 - 07:09 AM.


#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:17 AM

Posted 01 August 2009 - 07:53 AM

Hello knowthycomp,

I'll attempt to help you with the startup issue and malware related issues. Follow my guidance and do NOT make changes, additions, tweaks of any sort .... on your own.

IF and ONLY IF you did run Combofix, then locate, and copy and paste (in-line) the contents of C:\Combofix.txt
[NOTE: As you must know, using Combofix on your own (without expert guided help) is very foolish ]

In what follows, when I guide you to download some tools, if you cannot download on this computer, use another pc known to be clean to get the downloads. Then burn to CD/DVD or copy to a clean USB thumb-flash drive. Then copy to Desktop of this pc.

You will want to print out or copy these instructions to Notepad for offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not knowthycomp and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs/windows while you run these tools.

=

Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.
=

Download SysProt Antirootkit from >> this link <<

It is at the bottom of the page under "Attachments".

Unzip it into a folder on your Desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
    Open the text file and copy/paste the log here.
Reply with copy of the C:\Combofix.txt
and the Sysprot log


Next:
From Start menu, select RUN then type in to the text box
MSCONFIG
and press Enter
Next, click on the tab BOOT.ini
Look at the Boot Options block
Make sure that Safeboot and Network are clear (NOT selected)
If there is something checked (with a tickmark) let me know which.
I DO want you to check the box /BOOTLOG

Apply and press OK. Restart the system.
Now try to start in Normal mode.

The Bootlog option will have Windows posting the processes that start as Windows is loading.
The log may prove useful.

If no go, reboot system again, then let's have you get the contents of the bootlog file NTBTLOG.TXT which will be in your C:\Windows folder and post a copy here.

=
If normal mode is un-usable, you may restart the system and select "Safe mode with Networking" so you can have access to the internet & use your browser to get a report tool.

Now, reply with copy of the NTBTLOG.txt
and advise, How is your system now ?

Edited by Maurice Naggar, 01 August 2009 - 08:02 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 knowthycomp

knowthycomp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 01 August 2009 - 08:07 PM

Hi Maurice,
Please see the two logs, sysprot and combofix below. The combofix log is from my previous scan about 2 weeks ago. Do let me know if you want to see the latest combofix log. I did not do another scan using combofix since then.

In the BOOT.ini tab the boot options area is disabled and none of them are selected. How can I enable those options ? So, I could not post the NTBTLOG.txt

Thanks a lot for your time

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 928
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1012
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1068
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1312
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1584
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 280
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hasplms.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\Temp\JU2739.EXE
PID: 2128
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2296
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PID: 2568
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PID: 3068
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PID: 3100
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3452
Hidden: No
Window Visible: No

Name: C:\Program Files\Analog Devices\Core\smax4pnp.exe
PID: 404
Hidden: No
Window Visible: No

Name: C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PID: 3880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2280
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 4084
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PID: 3348
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 4040
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3268
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Kaan Ozbay\Desktop\SysProt\SysProt.exe
PID: 324
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Kaan Ozbay\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A6A93000
Module End: A6A9E000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806FF000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806FF000
Module End: 8071FD00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: F74EC000
Module End: F75D6000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F74D4000
Module End: F74EC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74A6000
Module End: F74D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7495000
Module End: F74A6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F75F7000
Module End: F7601000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7607000
Module End: F7612000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7868000
Module End: F7887000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F798B000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7842000
Module End: F7868000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7617000
Module End: F7624000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F782A000
Module End: F7842000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F7627000
Module End: F7630000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F7637000
Module End: F7644000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7967000
Module End: F7987000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7955000
Module End: F7967000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7647000
Module End: F7650000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7A38000
Module End: F7A4F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7B52000
Module End: F7BDF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7A0B000
Module End: F7A38000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7B38000
Module End: F7B52000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: B9EC7000
Module End: B9ED0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: B9CEB000
Module End: B9E21000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B9CD7000
Module End: B9CEB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Service Name: b57w2k
Module Base: B9CB6000
Module End: B9CD7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: B9E8E000
Module End: B9E94000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B9C92000
Module End: B9CB6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B9E86000
Module End: B9E8E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\smwdm.sys
Service Name: smwdm
Module Base: B9C52000
Module End: B9C92000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B9C2E000
Module End: B9C52000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7687000
Module End: F7696000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: B9C0B000
Module End: B9C2E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\senfilt.sys
Service Name: senfilt
Module Base: B9B58000
Module End: B9C0B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B9B44000
Module End: B9B58000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7697000
Module End: F76A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA079000
Module End: BA07D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F76A7000
Module End: F76B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F76B7000
Module End: F76C7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F76C7000
Module End: F76D6000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Service Name: ---
Module Base: B9ADE000
Module End: B9B44000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\serscan.sys
Service Name: StillCam
Module Base: F79F3000
Module End: F79F5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA369000
Module End: BA36A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F76D7000
Module End: F76E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA7EC000
Module End: BA7EF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B9AC7000
Module End: B9ADE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F76E7000
Module End: F76F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F76F7000
Module End: F7703000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F777F000
Module End: F7784000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B9AB6000
Module End: B9AC7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7485000
Module End: F748E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7787000
Module End: F778C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F778F000
Module End: F7794000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B9A86000
Module End: B9AB6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7475000
Module End: F747F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7797000
Module End: F779D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F779F000
Module End: F77A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F79F5000
Module End: F79F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B9A28000
Module End: B9A86000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA7CC000
Module End: BA7D0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
Service Name: tmcfw
Module Base: B9871000
Module End: B9A28000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7465000
Module End: F746F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7425000
Module End: F7434000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F79F7000
Module End: F79F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F77AF000
Module End: F77B4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: BA77B000
Module End: BA77E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: BA787000
Module End: BA78A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7887000
Module End: F7890000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F77B7000
Module End: F77BE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A01000
Module End: F7A03000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: A977D000
Module End: A977E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A03000
Module End: F7A05000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77C7000
Module End: F77CD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: B9E33000
Module End: B9E35000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: B9E31000
Module End: B9E33000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77D7000
Module End: F77DC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77DF000
Module End: F77E7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: BA777000
Module End: BA77A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A96FC000
Module End: A970F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A96A3000
Module End: A96FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A967B000
Module End: A96A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A9655000
Module End: A967B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A9633000
Module End: A9655000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BA723000
Module End: BA72C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BA713000
Module End: BA71C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tmtdi.sys
Service Name: tmtdi
Module Base: A9622000
Module End: A9633000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: A95FD000
Module End: A9622000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F77E7000
Module End: F77ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A95D2000
Module End: A95FD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A953A000
Module End: A95AA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BA703000
Module End: BA70E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: BA4A7000
Module End: BA4AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: BA059000
Module End: BA05C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: BA6E3000
Module End: BA6F3000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A9522000
Module End: A953A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7997000
Module End: F7999000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: A9743000
Module End: A9746000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F77EF000
Module End: F77F4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: A97DB000
Module End: A97DC000
Hidden: No

Module Name: \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
Service Name: TmPreFilter
Module Base: BA6F3000
Module End: BA700000
Hidden: No

Module Name: \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
Service Name: VSApiNt
Module Base: A7291000
Module End: A73BA000
Hidden: No

Module Name: \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
Service Name: TmFilter
Module Base: A7249000
Module End: A7291000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A7231000
Module End: A7235000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A6ED4000
Module End: A6F01000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\aksfridge.sys
Service Name: aksfridge
Module Base: A6E7B000
Module End: A6ED4000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\hardlock.sys
Service Name: Hardlock
Module Base: A6D23000
Module End: A6DB3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A6CFF000
Module End: A6D23000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A6C85000
Module End: A6CD7000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
Service Name: tmcomm
Module Base: A6B4B000
Module End: A6B6D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A67C2000
Module End: A6803000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: F77FF000
Module End: F7805000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: A660F000
Module End: A6632000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A634E000
Module End: A6363000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A68F3000
Module End: A6902000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: B9E9E000
Module End: B9EA3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: B9E7E000
Module End: B9E85000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F74ED0D0
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwEnumerateKey
Address: F74F2FB2
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: F74F3340
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwOpenKey
Address: F74ED0B0
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwQueryKey
Address: F74F3418
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: F74F3298
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwSetValueKey
Address: F74F34AA
Driver Base: F74EC000
Driver End: F75D6000
Driver Name: sptd.sys

Function Name: ZwTerminateProcess
Address: A9605DF0
Driver Base: A95FD000
Driver End: A9622000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetProcessWin32WindowStation
At Address: 804F41EC
Jump To: FD806070
Module Name: _unknown_

Hooked Function: PsGetProcessJob
At Address: 804F41EC
Jump To: FD806070
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_CREATE
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_READ
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_WRITE
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_POWER
Jump To: F74FCEA8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F75202C8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2406
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7523B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A1C6250
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8ADCD1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AC391E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE401E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a8mlf15d.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AC0D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A433500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A433500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A433500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A433500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A433500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A9B7790
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB961E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: A6EAB5C6
Hooking Module: \??\C:\WINDOWS\system32\drivers\aksfridge.sys

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DH3PM5B1.RUTGERS.EDU:1253
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1244
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1242
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1241
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1239
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1236
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1234
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1233
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1230
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1221
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1216
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1215
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1213
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1211
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1210
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1209
Remote Address: JFK-AGG-N40.PANTHERCDN.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1204
Remote Address: YO-IN-F167.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1202
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1200
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1199
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1198
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1197
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1192
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1191
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1189
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1186
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1183
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1180
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1179
Remote Address: 64.225.158.189:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1177
Remote Address: RU-WEBCACHE3-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1176
Remote Address: VW-IN-F104.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1175
Remote Address: VW-IN-F104.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1172
Remote Address: RU-WEBCACHE3-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1171
Remote Address: VW-IN-F139.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1161
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1160
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1159
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1158
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1153
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1151
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1147
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1146
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1145
Remote Address: VX-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1143
Remote Address: 67.212.131.104:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1142
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1141
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1139
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1138
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1134
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1132
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1130
Remote Address: YO-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1129
Remote Address: RU-WEBCACHE3-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1123
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1119
Remote Address: YO-IN-F155.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1115
Remote Address: YO-IN-F167.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1113
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1111
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1107
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1106
Remote Address: WWW.BLEEPINGCOMPUTER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1103
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1102
Remote Address: VW-IN-F139.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1100
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1099
Remote Address: VW-IN-F138.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1097
Remote Address: VW-IN-F118.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1095
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1094
Remote Address: VW-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1092
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1090
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1089
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1087
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1086
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1085
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1084
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1081
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1077
Remote Address: VW-IN-F132.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1075
Remote Address: YO-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1073
Remote Address: YO-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:1071
Remote Address: RU-WEBCACHE2-SERVICES.RUTGERS.EDU:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1.RUTGERS.EDU:1070
Remote Address: YO-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1.RUTGERS.EDU:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DH3PM5B1:50001
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: LISTENING

Local Address: DH3PM5B1:40000
Remote Address: LOCALHOST:1033
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
State: ESTABLISHED

Local Address: DH3PM5B1:40000
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
State: LISTENING

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1251
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1248
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1247
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1243
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1237
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1235
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1225
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1223
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1222
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1203
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1195
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1193
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1170
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1167
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1166
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1164
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1162
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1148
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1144
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1135
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1127
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1125
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1124
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1121
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1120
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1116
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1114
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1108
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1101
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1098
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1096
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1093
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1091
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1083
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1082
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1080
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1079
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1078
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1076
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1074
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1072
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: LOCALHOST:1069
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: ESTABLISHED

Local Address: DH3PM5B1:6999
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
State: LISTENING

Local Address: DH3PM5B1:1245
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1243
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1240
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1235
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1232
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1228
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1224
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1219
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1217
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1214
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1212
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1208
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1207
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1206
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1205
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1203
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1201
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1190
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1187
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1185
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1184
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1182
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1181
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1178
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1174
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1173
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1170
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1157
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1156
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1155
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1154
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1152
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1150
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1144
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1140
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1137
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1133
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1131
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1127
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1124
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1118
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1114
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1112
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1110
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1105
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1101
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1098
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1096
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1093
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1091
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1088
Remote Address: LOCALHOST:6999
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DH3PM5B1:1083
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1082
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1080
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1079
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1078
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1076
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1074
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1072
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1069
Remote Address: LOCALHOST:6999
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1054
Remote Address: LOCALHOST:1053
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1053
Remote Address: LOCALHOST:1054
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1048
Remote Address: LOCALHOST:1047
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1047
Remote Address: LOCALHOST:1048
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1033
Remote Address: LOCALHOST:40000
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
State: ESTABLISHED

Local Address: DH3PM5B1:1030
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: DH3PM5B1:8081
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
State: LISTENING

Local Address: DH3PM5B1:5950
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\services.exe
State: LISTENING

Local Address: DH3PM5B1:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DH3PM5B1:3261
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: DH3PM5B1:3260
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: DH3PM5B1:2479
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\services.exe
State: LISTENING

Local Address: DH3PM5B1:1947
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\hasplms.exe
State: LISTENING

Local Address: DH3PM5B1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DH3PM5B1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DH3PM5B1.RUTGERS.EDU:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DH3PM5B1.RUTGERS.EDU:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DH3PM5B1.RUTGERS.EDU:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DH3PM5B1.RUTGERS.EDU:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DH3PM5B1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DH3PM5B1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DH3PM5B1:54925
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DH3PM5B1:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: DH3PM5B1:1947
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\hasplms.exe
State: NA

Local Address: DH3PM5B1:1034
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\spoolsv.exe
State: NA

Local Address: DH3PM5B1:1025
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\hasplms.exe
State: NA

Local Address: DH3PM5B1:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: DH3PM5B1:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}
Status: Access denied


COMBOFIX

ComboFix 09-07-14.08 - Kaan Ozbay 07/18/2009 22:17.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2722 [GMT -4:00]
Running from: c:\documents and settings\Kaan Ozbay\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-18 02:37 . 2009-07-18 02:37 -------- d-----w- c:\program files\ClamWinPortable
2009-07-15 20:45 . 2009-07-15 21:13 -------- d-----w- c:\documents and settings\Kaan Ozbay\.housecall6.6
2009-07-15 17:15 . 2009-07-15 17:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-12 19:31 . 2009-07-12 19:31 -------- d-----w- c:\documents and settings\Kaan Ozbay\Application Data\InstallShield
2009-07-12 19:31 . 2009-07-12 19:31 -------- d-----w- C:\VIRUS
2009-07-12 18:55 . 2009-07-12 18:55 -------- d-----w- c:\documents and settings\Kaan Ozbay\log
2009-07-12 18:01 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-12 18:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-12 18:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-12 18:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-12 18:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-12 18:01 . 2009-07-12 18:02 -------- d-----w- C:\c40ac45122542649e6df692c7c
2009-07-12 18:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-12 18:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-12 17:39 . 2009-07-12 17:39 -------- d-----w- C:\958716c7697e4478935874f9360d
2009-07-12 17:39 . 2009-07-12 17:39 -------- d-----w- C:\dc99b28aef697da28b36981781
2009-07-11 18:54 . 2009-07-11 18:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-10 16:39 . 2009-07-10 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-10 16:30 . 2009-07-10 16:30 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2009-07-10 16:30 . 2009-01-28 14:52 2790400 ----a-w- c:\windows\system32\hasplms.exe
2009-07-10 16:30 . 2009-01-28 14:52 2790400 ----a-w- c:\windows\system32\aksllmtp.exe
2009-07-10 16:30 . 2009-01-16 15:42 352256 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2009-07-10 16:30 . 2009-02-03 07:10 586752 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-07-10 16:30 . 2009-07-10 16:30 -------- d-----w- c:\windows\system32\redist
2009-07-10 16:28 . 2009-07-10 16:50 -------- d-----w- c:\program files\paramicsv6
2009-07-08 23:10 . 2009-07-08 23:10 -------- d-----w- c:\documents and settings\Kaan Ozbay\Application Data\Design Science
2009-07-08 22:55 . 2009-07-08 23:05 -------- d-----w- c:\program files\MathType
2009-06-25 19:54 . 2009-06-25 19:54 127872 ----a-w- c:\documents and settings\Kaan Ozbay\Application Data\Move Networks\uninstall.exe
2009-06-25 19:53 . 2009-06-25 19:54 1686272 ----a-w- c:\documents and settings\Kaan Ozbay\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-25 19:53 . 2009-06-25 19:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 16:59 . 2008-02-12 01:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 16:59 . 2008-02-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-15 15:09 . 2006-09-16 19:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-10 16:26 . 2006-08-23 17:40 -------- d-----w- c:\program files\paramicsv5
2009-07-08 23:07 . 2006-08-07 17:31 118864 ----a-w- c:\documents and settings\Kaan Ozbay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 14:22 . 2007-10-19 03:28 -------- d-----w- c:\documents and settings\Kaan Ozbay\Application Data\Move Networks
2009-06-25 19:54 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Kaan Ozbay\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-16 17:27 . 2006-10-05 13:38 -------- d-----w- c:\program files\DivX
2009-06-16 17:27 . 2009-06-16 17:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-16 14:36 . 2004-08-11 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 21:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Kaan Ozbay\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-10 14:19 . 2009-06-10 14:19 18184984 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2162_us.exe
2009-06-06 20:14 . 2006-11-14 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-05 15:39 . 2006-08-23 17:49 -------- d-----w- c:\documents and settings\Kaan Ozbay\Application Data\ESRI
2009-06-03 19:09 . 2004-08-11 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 16:25 . 2007-08-15 07:01 -------- d-----w- c:\program files\MSXML 6.0
2009-06-02 16:25 . 2007-08-05 16:58 -------- d-----w- c:\program files\Microsoft Visual Studio .NET
2009-06-02 16:25 . 2006-11-17 08:01 -------- d-----w- c:\program files\MSXML 4.0
2009-06-02 16:25 . 2006-11-14 20:02 -------- d-----w- c:\program files\Microsoft.NET
2009-06-02 16:25 . 2006-11-14 20:02 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-05-29 18:02 . 2009-05-29 18:02 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-05-29 18:02 . 2009-05-29 18:02 -------- d-----w- c:\program files\TechSmith
2009-05-29 17:29 . 2009-05-29 17:16 -------- d-----w- c:\program files\CamStudio
2009-05-28 16:44 . 2009-02-03 21:05 -------- d-----w- c:\program files\Trafficware
2009-05-13 05:15 . 2004-08-11 21:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-11 21:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 16:57 . 2009-04-28 19:42 18189072 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup900_2152_us.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-06-24 13:26 . 2008-06-17 22:52 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 68856]
"IECheck"="c:\windows\IECheck.exe" [2008-01-16 108544]
"Google Update"="c:\documents and settings\Kaan Ozbay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-31 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-07-13 933888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kaan Ozbay^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Kaan Ozbay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=3 (0x3)
"OracleServiceORCL"=2 (0x2)
"OracleServiceEMREP"=2 (0x2)
"OracleOraDb10g_home1TNSListener"=2 (0x2)
"OracleOraDb10g_home1iSQL*Plus"=2 (0x2)
"OracleDBConsoleorcl"=2 (0x2)
"Oracledb10gTNSListener"=2 (0x2)
"OracleCSService"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"matlabserver"=2 (0x2)
"gusvc"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Hummingbird\\Connectivity\\8.00\\Exceed\\exceed.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SAS\\SAS 9.1\\sas.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Oracle\\jdk\\jre\\bin\\java.exe"=
"c:\\Perl\\bin\\perl.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\paramicsv6\\ProcessorNode.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"8081:TCP"= 8081:TCP:Trend Micro OfficeScan Listener

S2 gupdate1c992f2f73b62d8;Google Update Service (gupdate1c992f2f73b62d8);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 8:34 PM 133104]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 8:01 AM 2799808]
S4 OracleCSService;OracleCSService;d:\oraclehomes\db10g\bin\ocssd.exe service --> d:\oraclehomes\db10g\bin\ocssd.exe service [?]
S4 Oracledb10gTNSListener;Oracledb10gTNSListener;d:\oraclehomes_new\db10g\BIN\TNSLSNR --> d:\oraclehomes_new\db10g\BIN\TNSLSNR [?]
S4 OracleJobSchedulerEMREP;OracleJobSchedulerEMREP;d:\oraclehomes_new\db10g\Bin\extjob.exe EMREP --> d:\oraclehomes_new\db10g\Bin\extjob.exe EMREP [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\Bin\extjob.exe ORCL --> c:\oracle\Bin\extjob.exe ORCL [?]
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\BIN\TNSLSNR --> c:\oracle\BIN\TNSLSNR [?]
S4 OracleServiceEMREP;OracleServiceEMREP;d:\oraclehomes_new\db10g\bin\ORACLE.EXE EMREP --> d:\oraclehomes_new\db10g\bin\ORACLE.EXE EMREP [?]
S4 OracleServiceORCL;OracleServiceORCL;c:\oracle\bin\ORACLE.EXE ORCL --> c:\oracle\bin\ORACLE.EXE ORCL [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 00:34]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 00:34]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005Core.job
- c:\documents and settings\Kaan Ozbay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-31 20:38]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005UA.job
- c:\documents and settings\Kaan Ozbay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-31 20:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kaan Ozbay\Application Data\Mozilla\Firefox\Profiles\as7fbetc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 22:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Oracledb10gTNSListener]
"ImagePath"="d:\oraclehomes_new\db10g\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-07-19 22:39
ComboFix-quarantined-files.txt 2009-07-19 02:39
ComboFix2.txt 2009-07-19 02:03

Pre-Run: 41,155,047,424 bytes free
Post-Run: 41,138,921,472 bytes free

249 --- E O F --- 2009-07-15 07:02

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:17 AM

Posted 02 August 2009 - 12:30 PM

Right click the Spybot Icon in the system tray (notification area) if present.
  • If you have the new version, click once on Resident Protection and make sure it is Unchecked.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

    If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    Exit Spybot S&D when done and reboot the system so the changes are in effect.
=

The copy of Combofix you have is quite old now & we should remove it properly:
By whichever name you named it, ( you had named it combofix Posted Image), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, type or copy/paste
    combofix /u
    and then click OK.
=

Next, download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
Download this INF repair file by MS-MVP Miekiemoes: http://users.telenet.be/bluepatchy/miekiem...orepolicies.zip
Unzip the download. Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install.

Delete the download, the unzipped folder and all contents.

=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

This system has an old version of Java Run-time.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.
If you see any other Java versions there,
such as
J2SE Runtime Environment 5.0
Java SE Runtime Environment
Java 6


uninstall all of them. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp
> In top of the page ( 5th in the list), click on the Download button to the right of (JRE) 6 Update 14
> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control
> Accept the license agreement
> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.
  • Tip: Choose Custom install to select only the part(s) you need/want.
Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

=
  • Close all open windows on the Task Bar.
  • Please double-click OTL.exe Posted Image to run it.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar, 02 August 2009 - 12:32 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 knowthycomp

knowthycomp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 03 August 2009 - 09:59 AM

Hi Maurice,
Thanks for your time. Please let me know if I did not do what you expected, thank you.
Please find the log files below (the logs are separated by the bold and underlined header):


FIRST OTL LOG (from C:\_OTL\MovedFiles):


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kaan Ozbay
File delete failed. C:\Documents and Settings\Kaan Ozbay\Local Settings\Temp\hsperfdata_SYSTEM\3992 scheduled to be deleted on reboot.
->Temp folder emptied: 271675754 bytes
File delete failed. C:\Documents and Settings\Kaan Ozbay\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 440326728 bytes
->Java cache emptied: 13238383 bytes
->FireFox cache emptied: 34714111 bytes
->Google Chrome cache emptied: 8919471 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 1756936 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 734.98 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08032009_103017

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Kaan Ozbay\Local Settings\Temp\hsperfdata_SYSTEM\3992 not found!
File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL.TXT:

OTL logfile created on: 8/3/2009 10:47:59 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Kaan Ozbay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 40.61 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 1.84 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DH3PM5B1
Current User Name: Kaan Ozbay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/06/01 03:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/10/01 18:18:49 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/01/28 10:52:46 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe
PRC - [2009/08/03 10:42:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2009/07/20 12:00:36 | 00,914,728 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/07/20 12:01:38 | 00,988,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2009/07/20 12:01:38 | 00,714,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
PRC - [2009/08/03 10:42:39 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/05/30 09:50:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2009/07/20 12:01:37 | 00,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\TEMP\YZB5C6.EXE
PRC - [2009/07/20 12:01:39 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe
PRC - [2009/07/20 12:01:38 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmpfw.exe
PRC - [2009/07/20 12:01:37 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/08/03 10:28:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaan Ozbay\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/01 18:18:49 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/06/01 03:02:00 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/06/13 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Disabled | Stopped])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/02/19 20:34:14 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c992f2f73b62d8 [Auto | Stopped])
SRV - [2009/04/28 16:54:43 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2009/01/28 10:52:46 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe -- (hasplms [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2009/08/03 10:42:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/04/24 05:55:54 | 00,536,576 | ---- | M] () -- C:\MATLAB7\webserver\bin\win32\matlabserver.exe -- (matlabserver [Disabled | Stopped])
SRV - [2006/07/12 14:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/04/14 11:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Disabled | Stopped])
SRV - [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 08:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2009/07/20 12:00:36 | 00,914,728 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - File not found -- -- (OracleCSService [Disabled | Stopped])
SRV - File not found -- -- (Oracledb10gTNSListener [Disabled | Stopped])
SRV - [2005/08/16 12:21:06 | 00,024,064 | ---- | M] (Oracle Corporation) -- C:\Oracle\bin\nmesrvc.exe -- (OracleDBConsoleorcl [Disabled | Stopped])
SRV - File not found -- -- (OracleJobSchedulerEMREP [Disabled | Stopped])
SRV - [2005/08/29 19:32:22 | 00,102,400 | ---- | M] () -- c:\oracle\Bin\extjob.exe -- (OracleJobSchedulerORCL [Disabled | Stopped])
SRV - [2005/08/16 01:23:02 | 00,053,248 | ---- | M] (Oracle) -- C:\Oracle\bin\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus [Disabled | Stopped])
SRV - [2005/08/15 23:57:48 | 00,204,800 | ---- | M] () -- C:\Oracle\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener [Disabled | Stopped])
SRV - File not found -- -- (OracleServiceEMREP [Disabled | Stopped])
SRV - [2005/08/29 22:03:50 | 59,027,456 | ---- | M] (Oracle Corporation) -- c:\oracle\bin\ORACLE.EXE -- (OracleServiceORCL [Disabled | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/04/14 11:05:58 | 00,240,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2006/04/14 11:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Disabled | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2009/07/20 12:01:38 | 00,988,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten [Auto | Running])
SRV - [2009/07/20 12:01:38 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw [On_Demand | Running])
SRV - [2009/07/20 12:01:39 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/01/16 11:42:28 | 00,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\aksfridge.sys -- (aksfridge [Auto | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/06/01 03:08:00 | 01,198,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/04/01 16:52:46 | 00,132,608 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2004/10/14 23:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
DRV - [2004/09/28 23:24:38 | 00,051,712 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
DRV - [2004/01/10 00:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/03 03:10:12 | 00,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/11/30 16:01:03 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/17 14:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2009/07/20 12:00:35 | 00,335,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2008/07/16 10:34:04 | 00,142,096 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2009/07/20 12:00:35 | 00,225,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter [Auto | Running])
DRV - [2009/07/20 12:00:35 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys -- (TmPreFilter [Auto | Running])
DRV - [2009/07/20 12:00:38 | 00,072,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/07/20 12:00:36 | 01,220,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys -- (VSApiNt [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/03 10:42:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 16:14:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/03 10:42:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/23 10:13:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/16 13:27:50 | 00,000,000 | ---D | M]

[2008/06/17 18:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\mozilla\Extensions
[2008/06/17 18:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/01 20:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\mozilla\Firefox\Profiles\as7fbetc.default\extensions
[2009/05/06 11:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\mozilla\Firefox\Profiles\as7fbetc.default\extensions\foxmarks@kei.com
[2009/05/12 10:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\mozilla\Firefox\Profiles\as7fbetc.default\extensions\zotero@chnm.gmu.edu
[2008/09/08 16:12:44 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Application Data\Mozilla\FireFox\Profiles\as7fbetc.default\searchplugins\webster.xml
[2009/08/03 10:42:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 16:14:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/03 10:42:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 16:14:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/20 16:14:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/08/03 10:42:40 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/07/20 16:14:49 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/10/28 13:49:52 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2006/10/28 13:49:57 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/10/28 13:49:48 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IECheck] C:\WINDOWS\IECheck.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.6.238.13 128.6.224.114
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/03 10:42:55 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/03 10:42:55 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/03 10:42:54 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/03 10:42:54 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/03 10:42:54 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/03 10:42:34 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/03 10:30:17 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/03 10:28:36 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kaan Ozbay\Desktop\OTL.exe
[2009/08/03 10:25:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Desktop\FixPolicies
[2009/08/03 10:25:05 | 00,185,065 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\FixPolicies.exe
[2009/08/03 10:22:29 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/01 20:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Desktop\SysProt
[2009/08/01 20:40:26 | 00,354,396 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\SysProt.zip
[2009/07/31 18:34:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/31 11:46:19 | 00,007,843 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\nj35njrtme.xlsx
[2009/07/31 11:41:53 | 00,007,851 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\basenjrtme.xlsx
[2009/07/24 16:10:39 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\CountyCodes.csv
[2009/07/24 16:08:02 | 00,009,299 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\county code.xlsx
[2009/07/23 17:22:58 | 00,009,776 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\2030nycnj.xlsx
[2009/07/23 17:18:57 | 00,007,884 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\2002nycnj.xlsx
[2009/07/23 16:10:38 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\My Documents\Report_0_13000_112005_1312006.xls
[2009/07/23 09:59:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Desktop\Assistme_trb_pics
[2009/07/23 09:53:56 | 32,192,71680 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/21 16:34:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/20 15:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/20 15:50:16 | 00,000,000 | ---D | C] -- C:\VIRUS
[2009/07/20 15:50:04 | 00,335,888 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2009/07/20 15:50:03 | 00,072,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2009/07/20 15:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/20 15:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/20 15:05:35 | 00,074,416 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\NJBufferGrid.pdf
[2009/07/20 12:29:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Local Settings\Application Data\Temp
[2009/07/20 12:24:26 | 65,702,599 | ---- | C] (Rutgers, The State University of New Jersey) -- C:\Documents and Settings\Kaan Ozbay\Desktop\SetupRADS5.exe
[2009/07/20 10:49:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/20 10:39:47 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/20 10:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/20 10:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Application Data\SUPERAntiSpyware.com
[2009/07/20 10:34:13 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\SUPERAntiSpyware.exe
[2009/07/20 10:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Malwarebytes
[2009/07/20 10:13:24 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 10:13:22 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/20 10:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/20 10:13:20 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/20 10:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 10:08:50 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kaan Ozbay\Desktop\mbam-setup.exe
[2009/07/20 10:08:22 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Kaan Ozbay\Desktop\ATF-Cleaner.exe
[2009/07/18 22:16:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/18 22:01:41 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/18 22:01:41 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/18 22:01:41 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/18 22:01:41 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/18 22:01:41 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/18 22:01:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/18 22:01:41 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/18 22:01:41 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/18 22:01:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/18 22:01:41 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/18 22:01:41 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/18 22:01:41 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/18 22:01:41 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/18 22:01:41 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/18 22:01:41 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/18 22:01:41 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/18 22:01:41 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/18 22:01:41 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/18 22:01:41 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/18 22:01:41 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/18 22:01:41 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/18 22:01:41 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/18 22:01:41 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/18 22:01:41 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/18 22:01:41 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/18 22:01:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/18 22:01:41 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/18 22:01:41 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/18 22:01:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/18 22:01:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/18 22:01:41 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/18 22:01:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/18 22:01:41 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/18 22:01:41 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/18 22:01:41 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/18 22:01:41 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/18 22:01:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/18 21:42:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/18 21:42:54 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/18 21:42:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/18 21:39:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/18 21:30:16 | 00,693,528 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\avgremover.exe
[2009/07/18 21:16:06 | 03,137,363 | R--- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\ComboFix.exe
[2009/07/17 22:37:07 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWinPortable
[2009/07/15 17:47:56 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/07/15 11:18:43 | 14,682,712 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\User-Guide-ReportPart2Chapters7-App_000.pdf
[2009/07/15 02:01:43 | 00,093,567 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\existing-toll-plaza-large.jpg
[2009/07/14 22:47:48 | 00,142,770 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\My Documents\RITS.potx
[2009/07/12 15:31:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Application Data\InstallShield
[2009/07/12 14:01:50 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/07/12 14:01:50 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/07/12 14:01:50 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/07/12 14:01:50 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/07/12 14:01:50 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/07/12 14:01:49 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/07/12 14:01:49 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/07/12 14:01:49 | 00,000,000 | ---D | C] -- C:\c40ac45122542649e6df692c7c
[2009/07/12 13:39:23 | 00,000,000 | ---D | C] -- C:\958716c7697e4478935874f9360d
[2009/07/12 13:39:13 | 00,000,000 | ---D | C] -- C:\dc99b28aef697da28b36981781
[2009/07/11 16:20:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/10 12:33:17 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Processor.lnk
[2009/07/10 12:33:09 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Modeller.lnk
[2009/07/10 12:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Aladdin Shared
[2009/07/10 12:30:19 | 02,790,400 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe
[2009/07/10 12:30:19 | 02,790,400 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\aksllmtp.exe
[2009/07/10 12:30:19 | 00,352,256 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\aksfridge.sys
[2009/07/10 12:30:18 | 00,586,752 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2009/07/10 12:30:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\redist
[2009/07/10 12:28:02 | 00,000,000 | ---D | C] -- C:\Program Files\paramicsv6
[2009/07/08 19:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Design Science
[2009/07/08 19:06:01 | 01,974,784 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\NJTRME Transit Capabilities0420.doc
[2009/07/08 18:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\MathType
[2009/07/08 18:07:03 | 00,017,136 | ---- | C] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Cube.docx
[2008/10/08 20:02:29 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/28 13:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/11/30 16:01:03 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/19 20:56:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 20:54:28 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/14 10:21:42 | 00,000,187 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/08/14 10:18:52 | 00,000,672 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/08/01 18:13:33 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/07/28 16:16:29 | 00,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2007/07/28 16:16:29 | 00,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL
[2007/07/28 16:16:28 | 00,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[2007/07/25 09:24:28 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/19 19:05:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2007/03/10 07:51:48 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/12 17:12:04 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/01/03 12:28:25 | 00,000,056 | ---- | C] () -- C:\WINDOWS\BO9420CN.INI
[2007/01/03 12:20:34 | 00,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/03 12:20:34 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/03 12:20:34 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/03 12:19:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/01/03 12:19:26 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/01/03 12:18:52 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/01/02 17:03:05 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/11/14 11:27:41 | 00,000,745 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ssidddp.sys
[2006/11/14 11:27:40 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\Ssipddp.sys
[2006/11/14 11:27:40 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\Ssivddp.dll
[2006/09/20 16:45:04 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/09/16 16:33:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2006/09/16 16:29:40 | 00,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/09/07 10:39:57 | 00,000,871 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/23 14:28:14 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\NETHASP.INI
[2006/08/23 13:50:05 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2006/08/23 13:50:05 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006/08/08 10:29:06 | 00,014,676 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2006/06/15 02:08:56 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/15 01:51:32 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/09 17:19:12 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2005/01/17 03:10:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:00:37 | 00,000,672 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/09 21:00:42 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2003/08/20 21:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2002/03/04 11:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/28 11:27:00 | 00,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/10/25 18:15:00 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/12/19 01:03:38 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[1997/06/25 14:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Files - Modified Within 30 Days ==========

[2009/08/03 10:45:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/03 10:45:37 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 10:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/03 10:45:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/03 10:44:58 | 32,192,71680 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/03 10:42:39 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/03 10:42:39 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/03 10:42:39 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/03 10:42:39 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/03 10:42:38 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/03 10:30:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/03 10:29:00 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005UA.job
[2009/08/03 10:28:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kaan Ozbay\Desktop\OTL.exe
[2009/08/03 10:25:06 | 00,185,065 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\FixPolicies.exe
[2009/08/01 20:42:50 | 00,014,676 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2009/08/01 20:40:27 | 00,354,396 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\SysProt.zip
[2009/08/01 00:29:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005Core.job
[2009/07/31 11:46:20 | 00,007,843 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\nj35njrtme.xlsx
[2009/07/31 11:41:53 | 00,007,851 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\basenjrtme.xlsx
[2009/07/27 14:42:12 | 00,085,504 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/24 18:19:51 | 00,009,299 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\county code.xlsx
[2009/07/24 18:19:43 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\CountyCodes.csv
[2009/07/23 18:04:51 | 00,009,776 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\2030nycnj.xlsx
[2009/07/23 17:18:57 | 00,007,884 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\2002nycnj.xlsx
[2009/07/23 16:10:39 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\My Documents\Report_0_13000_112005_1312006.xls
[2009/07/23 09:52:31 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\Kaan Ozbay\Local Settings\Application Data\IconCache.db
[2009/07/21 16:34:43 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/20 16:06:57 | 00,000,672 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/20 16:06:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/20 16:06:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/20 15:36:41 | 00,000,021 | ---- | M] () -- C:\tmuninst.ini
[2009/07/20 15:31:36 | 00,074,416 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\NJBufferGrid.pdf
[2009/07/20 12:29:27 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Google Chrome.lnk
[2009/07/20 12:25:33 | 65,702,599 | ---- | M] (Rutgers, The State University of New Jersey) -- C:\Documents and Settings\Kaan Ozbay\Desktop\SetupRADS5.exe
[2009/07/20 12:00:38 | 00,072,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2009/07/20 12:00:35 | 00,335,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TM_CFW.sys
[2009/07/20 10:49:42 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/20 10:34:36 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\SUPERAntiSpyware.exe
[2009/07/20 10:13:24 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 10:09:03 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kaan Ozbay\Desktop\mbam-setup.exe
[2009/07/20 10:08:23 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Kaan Ozbay\Desktop\ATF-Cleaner.exe
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 09:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 21:29:02 | 00,693,528 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\avgremover.exe
[2009/07/18 21:12:56 | 03,137,363 | R--- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\ComboFix.exe
[2009/07/15 11:20:08 | 14,682,712 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\User-Guide-ReportPart2Chapters7-App_000.pdf
[2009/07/15 10:58:13 | 00,142,770 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\My Documents\RITS.potx
[2009/07/15 03:02:44 | 00,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 02:01:43 | 00,093,567 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\existing-toll-plaza-large.jpg
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 13:46:03 | 00,530,782 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/12 13:46:03 | 00,458,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/12 13:46:03 | 00,083,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/11 14:49:05 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/10 12:38:40 | 00,405,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/10 12:33:17 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Processor.lnk
[2009/07/10 12:33:09 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Modeller.lnk
[2009/07/10 12:32:51 | 00,000,525 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Shortcut to paramicsv6.lnk
[2009/07/10 12:24:04 | 00,002,636 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2009/07/08 19:07:21 | 00,118,864 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/08 19:06:03 | 01,974,784 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\NJTRME Transit Capabilities0420.doc
[2009/07/08 18:07:03 | 00,017,136 | ---- | M] () -- C:\Documents and Settings\Kaan Ozbay\Desktop\Cube.docx
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== LOP Check ==========

[2009/07/20 15:45:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/08/10 13:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveState
[2007/01/02 17:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2007/11/29 15:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2007/05/10 15:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2008/10/08 16:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2008/10/08 16:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/11/29 16:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/01/02 17:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/08 10:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/20 10:39:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data
[2007/08/10 13:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\ActiveState
[2007/03/07 19:57:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Conceptworld
[2007/02/01 23:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\CursorArts
[2006/11/19 13:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\CyberLink
[2007/03/07 20:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\DeepBurner
[2009/07/08 19:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Design Science
[2009/06/05 11:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\ESRI
[2008/03/24 14:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\fltk.org
[2006/08/23 13:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Hummingbird
[2008/09/29 13:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Livestation
[2007/05/10 15:12:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\MapInfo
[2006/09/20 16:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\MathWorks
[2009/06/26 10:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Move Networks
[2008/02/18 21:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Nvu
[2007/03/07 19:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Picajet.com
[2009/01/05 15:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\QuosaDDM
[2006/10/02 11:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\SAS
[2007/01/02 17:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\ScanSoft
[2008/08/05 15:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\SmartDraw
[2009/03/11 13:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\SSH
[2006/09/16 16:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Thunderbird
[2009/01/02 17:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kaan Ozbay\Application Data\Windows Search
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/03 10:45:37 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 10:30:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/01 00:29:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005Core.job
[2009/08/03 10:29:00 | 00,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-871072200-1938839833-3771409649-1005UA.job
[2009/08/03 10:45:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >


EXTRAS.TXT



OTL Extras logfile created on: 8/3/2009 10:47:59 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Kaan Ozbay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 40.61 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 1.84 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DH3PM5B1
Current User Name: Kaan Ozbay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"8081:TCP" = 8081:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hummingbird\Connectivity\8.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\8.00\Exceed\exceed.exe:*:Enabled:X server for Win32 -- (Hummingbird Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Program Files\SAS\SAS 9.1\sas.exe" = C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"D:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe" = D:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Oracle\jdk\jre\bin\java.exe" = C:\Oracle\jdk\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Perl\bin\perl.exe" = C:\Perl\bin\perl.exe:*:Enabled:Perl Command Line Interpreter -- (ActiveState Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\paramicsv6\ProcessorNode.exe" = C:\Program Files\paramicsv6\ProcessorNode.exe:*:Enabled:ProcessorNode -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8FAEA-DC3D-498B-867C-FD27C098B472}" = PBCAT
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{309AFCC1-C343-40A0-B23A-568073036409}" = MapInfo Professional 8.0 Evaluation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{51E89658-5D6B-4F0D-B72B-57863C3AD06C}" = Brother MFL-Pro Suite
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{5B4AFA4C-3632-4BA0-AA3C-9F4316202512}" = Plan4Safety
"{5C99DE48-C09C-42D3-A79B-FAE140895409}" = Hummingbird Exceed V8.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68624FB8-2512-46B5-9664-64366DCCB3EB}" = SAS 9.1
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6AC7F416-78D5-4D98-B104-F8A39B2CF3A7}" = ArcGIS Tutorial Data
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7132A6AB-FB83-4E81-98E0-88F748AA9DD4}" = ArcGIS Engine SDK for the Microsoft .NET Framework
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78363DF3-3F02-4A6B-A517-4337D6A50031}" = Hummingbird Exceed 3D V8.0
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE62351-809A-48BC-A61C-2C2E53B525A1}" = VHB Libraries for ArcGIS Desktop
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEDCDF61-DD7B-4985-86D7-CD3A68F4B9DE}" = Livestation
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3E787F-B493-47B3-A1F0-C15FB143C82A}" = FHWA GIS Safety Analysis Tools v4.0
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}" = ActivePerl 5.6.1 Build 638
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"1656e28ae7cb12a3498502c5526295f6" = SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AxCrypt" = AxCrypt (Remove Only)
"CamStudio" = CamStudio
"Controller Interface Device II" = Controller Interface Device II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT6" = MathType 6
"EasyFit_is1" = EasyFit 3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreeFem++-2.24_is1" = FreeFem++ version 2.24
"GPL Ghostscript 8.54" = GPL Ghostscript 8.54
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.8" = GSview 4.8
"HASP Device Drivers" = HASP Device Drivers
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inno Setup 5_is1" = Inno Setup version 5.1.12
"InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14" = MATLAB Family of Products Release 14
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"My Program_is1" = My Program 1.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"OfficeScanNT" = Trend Micro OfficeScan Client
"OpenAL" = OpenAL
"Orems UG" = Orems UG
"Paramics V6 Full_is1" = Paramics V6.6.1 Full
"PrimoPDF4.1.0.9" = PrimoPDF
"Python 2.4.1" = Python 2.4.1
"QTam Bitmap to Icon_is1" = QTam Bitmap to Icon 3.5
"RealPlayer 6.0" = RealPlayer
"SEMSTAT" = SEMSTAT
"ST6UNST #1" = TrajectoryExplorer
"Synchro plus SimTraffic 6" = Synchro plus SimTraffic 6
"TP+" = TP+
"TSIS 5.0" = TSIS 5.0
"Veoh Web Player Beta" = Veoh Web Player Beta
"Viper" = Viper
"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2009 3:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 4:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 5:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 6:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 7:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 8:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 9:29:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 9:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 10:29:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

Error - 8/1/2009 10:30:05 PM | Computer Name = DH3PM5B1 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 1/10/2009 7:03:54 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:06:13 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 133 seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:06:36 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:07:08 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 26 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:08:19 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 67 seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:12:08 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 227 seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:22:44 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 629 seconds with 600 seconds of active time. This session ended with a crash.

Error - 1/10/2009 7:28:05 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 316 seconds with 300 seconds of active time. This session ended with a crash.

Error - 1/11/2009 4:13:29 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/30/2009 6:46:04 PM | Computer Name = DH3PM5B1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The HASP License Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The StarWind AE Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Listener service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Firewall service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScanNT RealTime Scan service terminated unexpectedly. It
has done this 1 time(s).

Error - 8/3/2009 10:30:17 AM | Computer Name = DH3PM5B1 | Source = Service Control Manager | ID = 7034
Description = The OfficeScan NT Proxy Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/3/2009 10:33:46 AM | Computer Name = DH3PM5B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 8/3/2009 10:38:27 AM | Computer Name = DH3PM5B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}


< End of report >


CHECKUP.TXT


Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Trend Micro OfficeScan Client


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.2_09)
Java™ 6 Update 14
Adobe Flash Player 10
Adobe Reader 8.1.6
Japanese Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:17 AM

Posted 07 August 2009 - 12:47 AM

I do not see any malware issues from your last set of logs.

Cleanup of tools:
  • Please double-click OTL.exe Posted Image to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
Delete Sysprot.zip on the Desktop, as well as the Sysprot folder

Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVP
http://bertk.mvps.org/html/diskclean.html

We are finished here.

Edited by Maurice Naggar, 07 August 2009 - 12:48 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 knowthycomp

knowthycomp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 11 August 2009 - 03:36 PM

Maurice,
I removed the tools and folders as you have suggested. But my computer froze again 3 or 4 times in the past 2 days. Is there any other way out other than reformatting the computer ?

Please Please HELP !! It really is a bleeping computer...

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:17 AM

Posted 11 August 2009 - 05:18 PM

Check to insure that your system is not overheating. and that there is sufficient airflow around it.
Run a RAM memory (hardware) test. MEMTEST86 is one such utility.
See http://www.memtest86.com/

I personally prefer & have used TUFF TEST Pro
http://www.tufftest.com/

As to whether to wipe & reload, that is up to you.
If you do that, first do a backup of the system to offline media, just in case.

Since there were no malware issues remaining, I'm closing this thread.
If you need further help, please use one of our general sub-forums.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users