Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results keep getting re-directed - hijack log


  • This topic is locked This topic is locked
11 replies to this topic

#1 OneAndOnlyErsin

OneAndOnlyErsin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 28 October 2009 - 03:56 PM

Hi,

Everytime I click on a google search result it re-directs me to sites such as:

hxxp://feed.genieknows.com
hxxp://starium.com/search.php

I've been reading other forums and have tried Malwarebytes, Avast and Spyware Doctor but the problem still remains.

Here is the hijack log. Thanks in advance for any help, Ersin.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:15, on 28/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://vexcast.com/download/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9814 bytes

Edited by Orange Blossom, 28 October 2009 - 07:20 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 03 November 2009 - 06:32 AM

Hello OneAndOnlyErsin

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 OneAndOnlyErsin

OneAndOnlyErsin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 03 November 2009 - 07:17 PM

Hi, thanks for helping me :( here are the three logs you requested.

OTL logfile created on: 03/11/2009 16:08:17 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\HP_Owner.ERSIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.64% Memory free
3.78 Gb Paging File | 3.02 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.59 Gb Total Space | 113.40 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 5.70 Gb Total Space | 0.44 Gb Free Space | 7.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERSIN
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
PRC - C:\WINDOWS\system32\lxctcoms.exe ( )
PRC - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
SRV - (lxct_device) -- C:\WINDOWS\System32\lxctcoms.exe ( )
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 01:19:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/10/23 03:09:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/23 03:09:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/23 03:10:06 | 00,000,000 | ---D | M]

[2009/10/21 02:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Extensions
[2009/10/21 02:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/24 15:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Firefox\Profiles\uwve1vzf.default\extensions
[2009/10/24 15:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Firefox\Profiles\uwve1vzf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/24 15:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/21 03:54:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/18 17:24:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/18 16:47:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/10 00:47:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 01:49:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/17 20:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/23 01:19:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 20:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/08/24 20:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/05 17:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009/02/24 19:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/01/08 00:45:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/07/08 21:07:06 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2009/10/23 01:19:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/24 19:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/07/02 23:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/01/29 03:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2009/05/14 16:42:24 | 00,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/01/07 17:29:18 | 01,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/08/24 20:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/23 03:09:48 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/23 03:10:06 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/10/23 03:09:41 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 17:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/23 15:36:40 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/02/24 19:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/24 18:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 18:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 18:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 18:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 18:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 18:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 18:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 23:32:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 16:05:04 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe
[2009/11/03 04:41:30 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Recent
[2009/10/30 16:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Identities
[2009/10/30 16:36:33 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/10/29 15:24:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\eBay pictures
[2009/10/29 15:24:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/10/29 15:24:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/10/29 04:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Help
[2009/10/29 04:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Help
[2009/10/29 04:22:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/10/29 04:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/10/28 20:33:42 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/10/28 14:11:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\5400 Series
[2009/10/27 15:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\TSVNCache
[2009/10/27 15:45:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\TortoiseSVN
[2009/10/27 15:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ZEQ2
[2009/10/27 15:33:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Subversion
[2009/10/27 13:48:26 | 00,012,288 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctpmrc.dll
[2009/10/27 13:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 5400 Series
[2009/10/27 13:47:18 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2009/10/27 13:47:18 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2009/10/27 13:47:17 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2009/10/27 13:47:17 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2009/10/27 13:47:17 | 00,458,752 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctutil.dll
[2009/10/27 13:47:17 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2009/10/27 13:47:16 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2009/10/27 13:47:16 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2009/10/27 13:47:16 | 00,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctinsb.dll
[2009/10/27 13:47:16 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctjswr.dll
[2009/10/27 13:47:16 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctinsr.dll
[2009/10/27 13:47:16 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2009/10/27 13:47:15 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2009/10/27 13:47:15 | 00,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctih.exe
[2009/10/27 13:47:15 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctins.dll
[2009/10/27 13:47:14 | 00,983,107 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxctgf.dll
[2009/10/27 13:47:14 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcoms.exe
[2009/10/27 13:47:14 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[2009/10/27 13:47:14 | 00,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcub.dll
[2009/10/27 13:47:14 | 00,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcu.dll
[2009/10/27 13:47:14 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcur.dll
[2009/10/27 13:47:13 | 00,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2009/10/27 13:47:13 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcfg.exe
[2009/10/27 13:47:13 | 00,077,824 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxctcfg.dll
[2009/10/27 13:39:21 | 00,000,000 | ---D | C] -- C:\drivers
[2009/10/27 13:34:07 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2009/10/27 13:34:07 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/10/27 13:34:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/10/27 13:34:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/10/27 13:33:25 | 00,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL
[2009/10/27 13:33:25 | 00,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL
[2009/10/27 13:33:25 | 00,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL
[2009/10/27 13:33:25 | 00,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL
[2009/10/27 13:33:25 | 00,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL
[2009/10/27 13:30:41 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/10/27 13:30:41 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/10/27 13:30:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/10/27 13:30:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/10/27 13:29:55 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/10/27 13:29:55 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/10/26 19:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2009/10/26 16:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\AdobeUM
[2009/10/25 22:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\2DBoy
[2009/10/25 22:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/10/25 22:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\WorldOfGoo
[2009/10/24 20:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\CyberLink
[2009/10/24 19:39:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\AVI-Mux_GUI-1.17.7
[2009/10/24 19:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\YAAI_2.0.3.488
[2009/10/24 19:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\GSpot252b01
[2009/10/24 19:17:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/24 18:17:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\dwhelper
[2009/10/24 17:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Pazera_Free_FLV_to_AVI_Converter
[2009/10/23 22:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\ImgBurn
[2009/10/23 14:15:17 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/10/23 04:25:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HP
[2009/10/23 03:11:26 | 00,000,000 | ---D | C] -- C:\My Music
[2009/10/23 03:09:48 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/23 03:09:38 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/23 03:09:38 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/23 03:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/23 03:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/23 02:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Threat Expert
[2009/10/23 02:36:47 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/23 02:36:31 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/23 02:36:31 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/23 02:36:20 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/23 02:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\PC Tools
[2009/10/23 02:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Malwarebytes
[2009/10/23 02:18:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/23 02:18:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/23 01:19:31 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/23 01:19:31 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/23 01:19:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/23 01:19:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/23 01:19:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/22 04:31:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\IECompatCache
[2009/10/22 04:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\WinBatch
[2009/10/22 03:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HpUpdate
[2009/10/21 21:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/21 21:06:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/21 17:21:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nagasoft
[2009/10/21 09:15:26 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/21 04:26:58 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\PrivacIE
[2009/10/21 04:06:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\IETldCache
[2009/10/21 03:27:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\MSN scenes
[2009/10/21 03:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Chat Logs
[2009/10/21 03:05:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\vlc
[2009/10/21 02:38:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Videos
[2009/10/21 02:38:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Adobe
[2009/10/21 02:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Adobe
[2009/10/21 02:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Mozilla
[2009/10/21 02:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla
[2009/10/21 02:30:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/21 02:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\WinRAR
[2009/10/21 02:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\Downloads
[2009/10/21 02:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Sun
[2009/10/21 02:21:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/21 02:21:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/10/21 02:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Tracing
[2009/10/21 01:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Google
[2009/10/21 01:57:42 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/21 01:57:40 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/21 01:57:39 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/21 01:57:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/21 01:57:35 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/21 01:57:35 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/21 01:57:34 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/21 01:57:34 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/21 01:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\BitTorrent
[2009/10/21 01:57:16 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/21 01:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Macromedia
[2009/10/21 01:53:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\UserData
[2009/10/21 01:49:38 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/10/21 01:47:10 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Microsoft
[2009/10/21 01:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Real
[2009/10/21 01:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Identities
[2009/10/21 01:47:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\SendTo
[2009/10/21 01:47:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Start Menu
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Pictures
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Music
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Favorites
[2009/10/21 01:47:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Cookies
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Templates
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\PrintHood
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\NetHood
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\WINDOWS
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\PowerCinema
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Microsoft
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\ApplicationHistory
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2009/10/15 22:28:27 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/15 22:28:27 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/15 22:28:27 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/05 15:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\MilkShape 3D 1.8.5
[2005/09/24 06:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/03 16:05:15 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe
[2009/11/03 15:27:52 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/03 15:20:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 15:20:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 15:20:30 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/03 04:59:10 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\NTUSER.DAT
[2009/11/03 04:59:10 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\ntuser.ini
[2009/10/30 20:28:15 | 03,233,084 | -H-- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\IconCache.db
[2009/10/29 14:38:03 | 00,168,995 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Ebay Picture copy.jpg
[2009/10/29 14:37:35 | 00,689,409 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Ebay Picture.psd
[2009/10/29 14:26:52 | 00,103,195 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\32in_FlexWing_Glider_PteraSoar_OS.jpg
[2009/10/29 14:26:05 | 00,101,752 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\32in_FlexWing_Glider_DinoFish_OS.jpg
[2009/10/28 20:05:21 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\HijackThis.lnk
[2009/10/27 13:52:27 | 00,021,293 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/27 13:43:21 | 00,000,316 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\eBay address.rtf
[2009/10/27 02:05:43 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2009/10/26 19:45:28 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\VNC Viewer 4.lnk
[2009/10/26 16:48:53 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Install Microsoft Visual C++ 2008 Express Edition with SP1.lnk
[2009/10/25 22:23:31 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2009/10/25 13:34:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 13:34:12 | 00,382,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 13:34:12 | 00,053,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/24 19:39:26 | 00,572,530 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\AVI-Mux_GUI-1.17.7.zip
[2009/10/24 19:16:46 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 18:54:19 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\DVD-lab PRO 2.lnk
[2009/10/23 22:08:10 | 00,001,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/10/23 03:09:57 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/23 03:09:48 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/23 03:09:38 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/23 03:09:38 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/23 03:09:09 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/23 02:36:27 | 00,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/23 02:18:24 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 01:19:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/23 01:19:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/23 01:19:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/23 01:19:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/23 01:19:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/22 03:50:41 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/10/21 03:54:25 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/21 03:03:59 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/21 03:00:10 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Total Video Player.lnk
[2009/10/21 03:00:10 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Total Video Converter.lnk
[2009/10/21 02:28:17 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/21 02:21:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/21 02:19:40 | 00,042,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 02:18:09 | 00,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/21 01:57:43 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/21 01:52:44 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\My Computer.lnk
[2009/10/21 01:49:25 | 00,001,721 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ES067AA-ABU a1429.uk_YC_0Pavi_QCNH616_E62GBheBLA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L409_M1983_J200_7AMD_8Athlon 64_91.99_#060703_N10EC8139_Z11C10620_G10025954.MRK
[2009/10/21 01:47:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/21 01:45:59 | 00,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/21 01:45:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/10/21 01:45:02 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/10/21 01:42:11 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/20 21:32:28 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/10/20 04:31:01 | 00,000,883 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/15 22:26:01 | 00,018,856 | ---- | M] () -- C:\WINDOWS\eduj.dl
[2009/10/15 22:26:01 | 00,018,311 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xyrinyj.bin
[2009/10/15 22:26:01 | 00,018,116 | ---- | M] () -- C:\Program Files\Common Files\opedufiq.bat
[2009/10/15 22:26:01 | 00,017,518 | ---- | M] () -- C:\WINDOWS\afawiqof.dat
[2009/10/15 22:26:01 | 00,015,150 | ---- | M] () -- C:\WINDOWS\xecyroxed.bin
[2009/10/15 22:26:01 | 00,014,180 | ---- | M] () -- C:\Program Files\Common Files\ywedopoh._dl
[2009/10/15 22:26:01 | 00,013,025 | ---- | M] () -- C:\WINDOWS\pimut.inf
[2009/10/15 22:26:00 | 00,019,038 | ---- | M] () -- C:\WINDOWS\minapaqula.com
[2009/10/15 22:26:00 | 00,013,849 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ulody.pif
[2009/10/15 21:17:40 | 00,019,591 | ---- | M] () -- C:\WINDOWS\bymizyw.exe
[2009/10/15 21:17:40 | 00,019,356 | ---- | M] () -- C:\WINDOWS\apuz.dat
[2009/10/15 21:17:40 | 00,019,226 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zopekoqob.bat
[2009/10/15 21:17:40 | 00,016,289 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\etuhama.dl
[2009/10/15 21:17:40 | 00,015,734 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\didevi.com
[2009/10/15 21:17:40 | 00,014,377 | ---- | M] () -- C:\WINDOWS\reninygek.lib
[2009/10/15 21:17:40 | 00,012,903 | ---- | M] () -- C:\Program Files\Common Files\akakabo.inf
[2009/10/15 21:17:40 | 00,012,703 | ---- | M] () -- C:\Program Files\Common Files\uhywusosu.bin
[2009/10/15 21:17:40 | 00,011,183 | ---- | M] () -- C:\Program Files\Common Files\rihypikavu.lib
[2009/10/15 21:17:40 | 00,010,115 | ---- | M] () -- C:\Program Files\Common Files\ujydy.inf
[2009/10/15 18:18:25 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/10/13 03:23:57 | 00,000,004 | ---- | M] () -- C:\WINDOWS\num41.jbd
[2009/10/13 03:23:57 | 00,000,004 | ---- | M] () -- C:\WINDOWS\info147.sys
[2009/10/08 10:31:46 | 00,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/08 10:31:44 | 01,636,304 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/08 10:31:44 | 00,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/08 10:31:14 | 00,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/06 15:31:30 | 00,087,784 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/29 14:37:58 | 00,168,995 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Ebay Picture copy.jpg
[2009/10/29 14:37:33 | 00,689,409 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Ebay Picture.psd
[2009/10/29 14:26:56 | 00,103,195 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\32in_FlexWing_Glider_PteraSoar_OS.jpg
[2009/10/29 14:26:10 | 00,101,752 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\32in_FlexWing_Glider_DinoFish_OS.jpg
[2009/10/28 20:05:21 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\HijackThis.lnk
[2009/10/27 13:51:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2009/10/27 13:51:54 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2009/10/27 13:48:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2009/10/27 13:48:46 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2009/10/27 13:48:13 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2009/10/27 13:48:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2009/10/27 13:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2009/10/27 13:47:18 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2009/10/27 13:47:18 | 00,021,293 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/27 13:47:15 | 00,752,383 | ---- | C] () -- C:\WINDOWS\System32\lxcthelp.chm
[2009/10/27 13:47:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2009/10/27 13:47:13 | 00,002,180 | ---- | C] () -- C:\WINDOWS\System32\lxct.loc
[2009/10/27 13:43:21 | 00,000,316 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\eBay address.rtf
[2009/10/27 02:05:43 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hotspot Shield Launch.lnk
[2009/10/26 19:45:28 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\VNC Viewer 4.lnk
[2009/10/26 16:42:17 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Install Microsoft Visual C++ 2008 Express Edition with SP1.lnk
[2009/10/25 22:23:31 | 00,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2009/10/25 19:21:03 | 03,233,084 | -H-- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\IconCache.db
[2009/10/25 01:35:22 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\conspiracy theory.doc
[2009/10/24 19:39:23 | 00,572,530 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\AVI-Mux_GUI-1.17.7.zip
[2009/10/24 19:20:09 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/24 19:20:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/10/24 19:20:08 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/24 18:54:19 | 00,000,656 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\DVD-lab PRO 2.lnk
[2009/10/23 22:08:10 | 00,001,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/10/23 03:09:57 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2009/10/23 02:36:47 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/10/23 02:36:31 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/10/23 02:36:31 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/23 02:36:27 | 00,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/23 02:36:20 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/10/22 03:58:57 | 00,052,296 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/10/22 03:58:43 | 00,002,125 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HPSU_48BitScanUpdate.log
[2009/10/22 03:50:42 | 00,036,984 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/21 03:03:59 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/21 03:00:10 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Total Video Player.lnk
[2009/10/21 03:00:10 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Total Video Converter.lnk
[2009/10/21 02:41:07 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 02:04:01 | 00,042,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 01:57:16 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/21 01:52:44 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\My Computer.lnk
[2009/10/21 01:49:21 | 00,001,721 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ES067AA-ABU a1429.uk_YC_0Pavi_QCNH616_E62GBheBLA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L409_M1983_J200_7AMD_8Athlon 64_91.99_#060703_N10EC8139_Z11C10620_G10025954.MRK
[2009/10/21 01:49:18 | 20,788,55168 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 01:47:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\desktop.ini
[2009/10/21 01:47:09 | 03,407,872 | -H-- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\NTUSER.DAT
[2009/10/21 01:47:09 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\ntuser.ini
[2009/10/21 01:45:49 | 00,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Visit eBay.co.uk.lnk
[2009/10/21 01:45:49 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Software Repair Wizard.lnk
[2009/10/15 22:28:28 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/15 22:28:27 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/10/15 22:28:27 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/15 22:28:27 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/10/15 22:28:27 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/10/15 22:26:01 | 00,018,856 | ---- | C] () -- C:\WINDOWS\eduj.dl
[2009/10/15 22:26:01 | 00,018,311 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\xyrinyj.bin
[2009/10/15 22:26:01 | 00,018,116 | ---- | C] () -- C:\Program Files\Common Files\opedufiq.bat
[2009/10/15 22:26:01 | 00,017,518 | ---- | C] () -- C:\WINDOWS\afawiqof.dat
[2009/10/15 22:26:01 | 00,015,150 | ---- | C] () -- C:\WINDOWS\xecyroxed.bin
[2009/10/15 22:26:01 | 00,014,180 | ---- | C] () -- C:\Program Files\Common Files\ywedopoh._dl
[2009/10/15 22:26:01 | 00,013,025 | ---- | C] () -- C:\WINDOWS\pimut.inf
[2009/10/15 22:26:00 | 00,019,038 | ---- | C] () -- C:\WINDOWS\minapaqula.com
[2009/10/15 22:26:00 | 00,013,849 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ulody.pif
[2009/10/15 21:17:40 | 00,019,591 | ---- | C] () -- C:\WINDOWS\bymizyw.exe
[2009/10/15 21:17:40 | 00,019,356 | ---- | C] () -- C:\WINDOWS\apuz.dat
[2009/10/15 21:17:40 | 00,019,226 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zopekoqob.bat
[2009/10/15 21:17:40 | 00,016,289 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\etuhama.dl
[2009/10/15 21:17:40 | 00,015,734 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\didevi.com
[2009/10/15 21:17:40 | 00,014,377 | ---- | C] () -- C:\WINDOWS\reninygek.lib
[2009/10/15 21:17:40 | 00,012,903 | ---- | C] () -- C:\Program Files\Common Files\akakabo.inf
[2009/10/15 21:17:40 | 00,012,703 | ---- | C] () -- C:\Program Files\Common Files\uhywusosu.bin
[2009/10/15 21:17:40 | 00,011,183 | ---- | C] () -- C:\Program Files\Common Files\rihypikavu.lib
[2009/10/15 21:17:40 | 00,010,115 | ---- | C] () -- C:\Program Files\Common Files\ujydy.inf
[2009/10/15 18:18:25 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/08/11 04:22:51 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2009/07/10 16:06:25 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/09 18:39:11 | 00,000,656 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/07/09 18:38:41 | 00,000,216 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2009/07/09 17:46:47 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/07/08 00:33:03 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/05/11 17:48:29 | 00,000,056 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2009/05/11 02:26:07 | 00,000,336 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/05/11 01:50:45 | 00,066,048 | ---- | C] () -- C:\WINDOWS\QMDispatch.dll
[2009/04/03 13:44:42 | 00,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/03/04 17:44:09 | 00,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/01/12 01:48:28 | 00,000,703 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2008/07/02 15:53:37 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/04/16 12:13:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/04/13 22:06:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/05 19:36:43 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/10/17 21:07:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/10/17 21:07:24 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/10/17 19:35:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/10/10 13:30:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/10/06 22:25:54 | 00,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/09/22 17:00:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/07/06 10:40:04 | 00,000,065 | ---- | C] () -- C:\WINDOWS\LudoValue.INI
[2006/12/07 15:30:19 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/29 12:49:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/23 23:25:01 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2006/07/11 20:19:42 | 00,006,980 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/10 21:26:41 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/07 16:56:59 | 00,015,136 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/11 13:51:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/11 13:32:41 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/11 13:29:07 | 00,013,560 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/04/11 13:29:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/04/11 13:24:14 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/04/11 13:21:37 | 00,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/11 13:07:49 | 00,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/11 13:06:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/11 12:50:53 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/11 12:47:56 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/04/11 12:47:56 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/04/11 12:47:36 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/15 08:24:00 | 00,023,286 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2005/12/09 21:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 23:32:08 | 00,000,497 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 23:24:58 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/05 23:24:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 11:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/24 19:10:06 | 00,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 21:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/25 22:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2007/09/13 00:07:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2007/11/18 21:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AuctionAdCreator
[2008/07/02 16:29:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/08/05 04:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2008/12/10 16:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/10/09 22:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/08/03 01:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/12/18 21:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2009/02/08 20:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/09 17:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2006/07/07 20:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2007/10/29 02:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/01/24 06:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009/02/21 02:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2007/10/09 22:09:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/11 01:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/07/09 02:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/05/07 11:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/29 04:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/13 01:12:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/04/03 13:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/03 15:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/26 02:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/31 21:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2004/08/04 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/03 15:20:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >



OTL Extras logfile created on: 03/11/2009 16:08:17 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\HP_Owner.ERSIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.64% Memory free
3.78 Gb Paging File | 3.02 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.59 Gb Total Space | 113.40 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 5.70 Gb Total Space | 0.44 Gb Free Space | 7.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERSIN
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ZEQ2\ZEQ2.exe" = C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ZEQ2\ZEQ2.exe:*:Enabled:ZEQ2 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.10
"CCleaner" = CCleaner (remove only)
"DVD-lab PRO 2.5_is1" = DVD-lab PRO 2.5
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.31
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"Lexmark 5400 Series" = Lexmark 5400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"SopCast" = SopCast 3.2.4
"Spyware Doctor" = Spyware Doctor 7.0
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET
Framework WF' could not be installed. Error code 1603. Additional information is
available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET
Framework WF x86' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET
Framework WPF 1' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET
Framework WPF 2' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET
Framework WPF 3 x86' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET
Framework XPS' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update '.NET
Framework WCF' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET
Framework WPF 3' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:37:39 | Computer Name = ERSIN | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 1 - Update 'NET
Framework WPF 2 x86 ' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\dd_NET_Framework30_Setup5401.txt.

Error - 30/10/2009 12:42:10 | Computer Name = ERSIN | Source = Application Hang | ID = 1002
Description = Hanging application ashSimpl.exe, version 4.8.1356.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 30/10/2009 22:59:28 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 31/10/2009 11:06:13 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 31/10/2009 16:33:13 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 01/11/2009 01:00:57 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 01/11/2009 09:54:26 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 02/11/2009 09:45:57 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 02/11/2009 15:08:43 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 02/11/2009 20:25:12 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 02/11/2009 23:47:18 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 03/11/2009 11:21:13 | Computer Name = ERSIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-03 23:59:06
Windows 5.1.2600 Service Pack 2
Running: wim1eomv.exe; Driver: C:\DOCUME~1\HP_OWN~1.ERS\LOCALS~1\Temp\pxldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB4B556B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA61CE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA5FDCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA5FDECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA61D610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA61D8C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB4B5514C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA61BB14]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB4B5508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB4B550F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB4B5576E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA61DD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB4B5572E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA61D0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA5FD982]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB4B5E678]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB4B5E7AC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 2 Bytes [22, CE] {AND CL, DH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2428 8050112C 2 Bytes [10, D6] {ADC DH, DL}
.text ntkrnlpa.exe!ZwCallbackReturn + 2430 80501134 2 Bytes [C4, D8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2508 8050120C 2 Bytes [14, BB] {ADC AL, 0xbb}
.text ntkrnlpa.exe!ZwCallbackReturn + 262C 80501330 2 Bytes [30, DD] {XOR CH, BL}
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 8057832A 7 Bytes JMP B4B5E7B0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8059F23E 7 Bytes JMP B4B5E67C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xBA653380]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00860001
.text C:\WINDOWS\system32\spoolsv.exe[516] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01090001
.text C:\Program Files\CyberLink\PowerCinema\PCMService.exe[612] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D90001
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01130001
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe[760] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01990001
.text ...
.text C:\WINDOWS\Explorer.EXE[1796] SHELL32.dll!SHFileOperationW 7CA6D1B9 5 Bytes JMP 00C51102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E10001
.text C:\WINDOWS\system32\wdfmgr.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00880001
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[2120] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 013A0001
.text C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe[2176] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01690001
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [39, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [30, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [18, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [21, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [2D, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [1B, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [33, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [2A, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [36, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AA0001
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] USER32.dll!SetWindowPos 77D4C78E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] USER32.dll!SetWindowPos + 4 77D4C792 2 Bytes [0B, 5F]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] USER32.dll!SetForegroundWindow 77D566A7 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] USER32.dll!ChangeDisplaySettingsExA 77D66A51 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2208] USER32.dll!ChangeDisplaySettingsExW 77D891B6 6 Bytes JMP 5F100F5A
.text c:\windows\system\hpsysdrv.exe[2216] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003C0001
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2240] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003D0001
.text C:\Program Files\Unlocker\UnlockerAssistant.exe[2284] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003F0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2328] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003D0001
.text C:\HP\KBD\KBD.EXE[2332] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A90001
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0136DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01374832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01299315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0148DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0148E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0148DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0136DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 012D1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0148DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0148DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0148E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0148DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2916] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0137488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\wscntfy.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 009D0001
.text C:\WINDOWS\system32\ctfmon.exe[3116] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AE0001
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[3136] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B80001
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CC0001
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01304832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01229315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0141DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0141E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0141DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0141DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0141DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0141E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0141DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\alg.exe[3512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00840001
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3824] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003F0001

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[892] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[892] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2916] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [BA6469F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by OneAndOnlyErsin, 03 November 2009 - 07:19 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 04 November 2009 - 07:12 AM

You are welcome. :(
One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
=================================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    2009/10/15 22:26:01 | 00,018,856 | ---- | M] () -- C:\WINDOWS\eduj.dl
    [2009/10/15 22:26:01 | 00,018,311 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xyrinyj.bin
    [2009/10/15 22:26:01 | 00,018,116 | ---- | M] () -- C:\Program Files\Common Files\opedufiq.bat
    [2009/10/15 22:26:01 | 00,017,518 | ---- | M] () -- C:\WINDOWS\afawiqof.dat
    [2009/10/15 22:26:01 | 00,015,150 | ---- | M] () -- C:\WINDOWS\xecyroxed.bin
    [2009/10/15 22:26:01 | 00,014,180 | ---- | M] () -- C:\Program Files\Common Files\ywedopoh._dl
    [2009/10/15 22:26:01 | 00,013,025 | ---- | M] () -- C:\WINDOWS\pimut.inf
    [2009/10/15 22:26:00 | 00,019,038 | ---- | M] () -- C:\WINDOWS\minapaqula.com
    [2009/10/15 22:26:00 | 00,013,849 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ulody.pif
    [2009/10/15 21:17:40 | 00,019,591 | ---- | M] () -- C:\WINDOWS\bymizyw.exe
    [2009/10/15 21:17:40 | 00,019,356 | ---- | M] () -- C:\WINDOWS\apuz.dat
    [2009/10/15 21:17:40 | 00,019,226 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zopekoqob.bat
    [2009/10/15 21:17:40 | 00,016,289 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\etuhama.dl
    [2009/10/15 21:17:40 | 00,015,734 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\didevi.com
    [2009/10/15 21:17:40 | 00,014,377 | ---- | M] () -- C:\WINDOWS\reninygek.lib
    [2009/10/15 21:17:40 | 00,012,903 | ---- | M] () -- C:\Program Files\Common Files\akakabo.inf
    [2009/10/15 21:17:40 | 00,012,703 | ---- | M] () -- C:\Program Files\Common Files\uhywusosu.bin
    [2009/10/15 21:17:40 | 00,011,183 | ---- | M] () -- C:\Program Files\Common Files\rihypikavu.lib
    [2009/10/15 21:17:40 | 00,010,115 | ---- | M] () -- C:\Program Files\Common Files\ujydy.inf
    [2009/10/15 18:18:25 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
    [2009/10/13 03:23:57 | 00,000,004 | ---- | M] () -- C:\WINDOWS\num41.jbd
    [2009/10/13 03:23:57 | 00,000,004 | ---- | M] () -- C:\WINDOWS\info147.sys
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
===================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by kahdah, 04 November 2009 - 07:12 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 OneAndOnlyErsin

OneAndOnlyErsin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 04 November 2009 - 11:25 AM

I had no idea it was that serious, once again thank you very very much for your help.

The logs you requested:

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Documents\xyrinyj.bin moved successfully.
C:\Program Files\Common Files\opedufiq.bat moved successfully.
C:\WINDOWS\afawiqof.dat moved successfully.
C:\WINDOWS\xecyroxed.bin moved successfully.
C:\Program Files\Common Files\ywedopoh._dl moved successfully.
C:\WINDOWS\pimut.inf moved successfully.
C:\WINDOWS\minapaqula.com moved successfully.
C:\Documents and Settings\All Users\Documents\ulody.pif moved successfully.
C:\WINDOWS\bymizyw.exe moved successfully.
C:\WINDOWS\apuz.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\zopekoqob.bat moved successfully.
C:\Documents and Settings\All Users\Documents\etuhama.dl moved successfully.
C:\Documents and Settings\All Users\Documents\didevi.com moved successfully.
C:\WINDOWS\reninygek.lib moved successfully.
C:\Program Files\Common Files\akakabo.inf moved successfully.
C:\Program Files\Common Files\uhywusosu.bin moved successfully.
C:\Program Files\Common Files\rihypikavu.lib moved successfully.
C:\Program Files\Common Files\ujydy.inf moved successfully.
C:\p2hhr.bat moved successfully.
C:\WINDOWS\num41.jbd moved successfully.
C:\WINDOWS\info147.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 30721 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 30721 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: HP_Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26622578 bytes

User: HP_Owner.ERSIN
->Temp folder emptied: 787038 bytes
->Temporary Internet Files folder emptied: 15502207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24548794 bytes

User: HP_Owner.YOUR-C94F920E24
->Temp folder emptied: 4928307 bytes
->Temporary Internet Files folder emptied: 102332995 bytes
->Java cache emptied: 7364 bytes
->FireFox cache emptied: 48871557 bytes

User: HP_OWN~1~YOU

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 2938787 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 11474119 bytes

Total Files Cleaned = 227.27 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11042009_152444

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_7e4.dat moved successfully.

Registry entries deleted on Reboot...




ComboFix 09-11-03.03 - HP_Owner 04/11/2009 15:59.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1982.1522 [GMT 0:00]
Running from: c:\documents and settings\HP_Owner.ERSIN\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091104-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\ejate.vbs
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\iniasd.txt
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\itimujepu.com
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\nygoko.pif
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\sabim.pif
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\owapejasyl.dll
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\qiqepyk.dl
c:\program files\StormII
c:\recycler\S-1-5-21-2227651596-963175227-1128496273-1008
c:\recycler\S-1-5-21-2227651596-963175227-1128496273-500
c:\windows\eduj.dl
c:\windows\qmdispatch.dll
c:\windows\system32\ps2.bat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 15:46 . 2005-06-17 13:33 872064 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-04 15:24 . 2009-11-04 15:24 -------- d-----w- C:\_OTL
2009-11-03 18:16 . 2009-11-03 18:16 291328 ----a-w- C:\wim1eomv.exe
2009-10-30 16:47 . 2009-10-30 16:47 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\Identities
2009-10-30 16:36 . 2006-06-29 13:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-29 15:24 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-29 15:24 . 2004-08-04 00:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-29 04:27 . 2009-10-29 04:27 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\Help
2009-10-29 04:22 . 2009-10-29 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-10-29 04:22 . 2009-10-29 04:27 -------- d-----w- c:\program files\Security Task Manager
2009-10-28 20:33 . 2009-10-28 20:33 -------- d-----w- C:\fixwareout
2009-10-28 14:11 . 2009-10-28 14:11 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\5400 Series
2009-10-27 15:50 . 2009-11-04 15:57 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\TSVNCache
2009-10-27 15:45 . 2009-10-27 15:45 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\TortoiseSVN
2009-10-27 15:33 . 2009-10-27 15:33 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\Subversion
2009-10-27 13:51 . 2005-06-24 02:37 40960 ----a-w- c:\windows\system32\lxctvs.dll
2009-10-27 13:51 . 2006-07-11 18:54 335872 ----a-w- c:\windows\system32\lxctcoin.dll
2009-10-27 13:48 . 2006-07-10 23:34 40960 ----a-w- c:\windows\system32\lxctpmon.dll
2009-10-27 13:48 . 2006-07-10 23:34 32768 ----a-w- c:\windows\system32\LXCTFXPU.DLL
2009-10-27 13:48 . 2006-07-10 23:36 12288 ----a-w- c:\windows\system32\lxctpmrc.dll
2009-10-27 13:48 . 2006-06-20 13:40 692224 ----a-w- c:\windows\system32\lxctdrs.dll
2009-10-27 13:48 . 2006-05-18 11:01 65536 ----a-w- c:\windows\system32\lxctcaps.dll
2009-10-27 13:48 . 2006-05-03 14:31 61440 ----a-w- c:\windows\system32\lxctcnv4.dll
2009-10-27 13:39 . 2009-10-27 13:39 -------- d-----w- C:\drivers
2009-10-27 13:34 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-10-27 13:34 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-10-27 13:34 . 2004-08-03 22:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-27 13:34 . 2004-08-03 22:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-27 13:33 . 2006-04-26 10:15 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-10-27 13:33 . 2006-04-26 10:15 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-10-27 13:30 . 2001-08-17 14:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-27 13:30 . 2001-08-17 14:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-27 13:30 . 2004-08-03 23:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-27 13:30 . 2004-08-03 23:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-27 13:29 . 2004-08-03 23:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-27 13:29 . 2004-08-03 23:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-26 19:45 . 2009-10-26 19:45 -------- d-----w- c:\program files\RealVNC
2009-10-26 16:13 . 2009-10-26 16:13 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\AdobeUM
2009-10-25 22:23 . 2009-10-25 22:23 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\2DBoy
2009-10-25 22:23 . 2009-10-25 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-10-25 22:22 . 2009-10-25 22:23 -------- d-----w- c:\program files\WorldOfGoo
2009-10-24 20:57 . 2009-10-24 20:57 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\CyberLink
2009-10-24 19:20 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-24 19:20 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-24 19:17 . 2009-10-24 19:17 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\WMTools Downloaded Files
2009-10-24 18:17 . 2009-10-24 18:17 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\dwhelper
2009-10-23 22:22 . 2009-10-23 22:43 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\ImgBurn
2009-10-23 14:15 . 2009-10-23 14:15 -------- d-----w- C:\VJVod_Cache
2009-10-23 04:25 . 2009-10-23 04:25 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\HP
2009-10-23 03:11 . 2009-10-23 03:11 -------- d-----w- C:\My Music
2009-10-23 02:46 . 2009-10-23 02:46 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\Threat Expert
2009-10-23 02:36 . 2009-10-23 02:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-23 02:36 . 2009-09-24 07:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-23 02:36 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-23 02:36 . 2009-09-23 15:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-23 02:36 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-23 02:36 . 2009-10-23 02:36 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\PC Tools
2009-10-23 02:18 . 2009-10-23 02:18 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\Malwarebytes
2009-10-23 02:18 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 02:18 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 01:19 . 2009-10-23 01:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-22 04:31 . 2009-10-22 04:31 -------- d-sh--w- c:\documents and settings\HP_Owner.ERSIN\IECompatCache
2009-10-22 04:03 . 2009-10-22 04:03 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\WinBatch
2009-10-22 03:35 . 2009-10-22 04:04 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\HpUpdate
2009-10-22 03:30 . 2009-10-22 03:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-10-21 21:14 . 2009-10-21 21:14 -------- d-----w- c:\windows\system32\LogFiles
2009-10-21 21:06 . 2009-10-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-21 17:21 . 2009-10-21 17:21 -------- d-----w- c:\windows\system32\nagasoft
2009-10-21 09:15 . 2009-11-04 15:46 -------- d-sh--r- c:\windows\system32\dllcache
2009-10-21 04:26 . 2009-10-21 04:26 -------- d-sh--w- c:\documents and settings\HP_Owner.ERSIN\PrivacIE
2009-10-21 04:06 . 2009-10-21 04:06 -------- d-sh--w- c:\documents and settings\HP_Owner.ERSIN\IETldCache
2009-10-21 03:05 . 2009-11-03 04:39 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\vlc
2009-10-21 02:38 . 2009-11-02 20:09 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\Adobe
2009-10-21 02:34 . 2009-10-21 02:34 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\Mozilla
2009-10-21 02:08 . 2009-11-04 15:38 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Tracing
2009-10-21 02:04 . 2009-10-21 02:19 42704 ----a-w- c:\documents and settings\HP_Owner.ERSIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 01:57 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-21 01:57 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-21 01:57 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-21 01:57 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-21 01:57 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-21 01:57 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-21 01:57 . 2009-11-03 19:23 -------- d-----w- c:\documents and settings\HP_Owner.ERSIN\Application Data\BitTorrent
2009-10-21 01:57 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-21 01:57 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-21 01:57 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-21 01:53 . 2009-10-21 01:53 -------- d-sh--w- c:\documents and settings\HP_Owner.ERSIN\UserData
2009-10-21 01:49 . 2004-08-04 11:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-21 01:45 . 2006-04-11 13:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-10-21 01:45 . 2006-04-11 13:26 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-10-15 22:30 . 2009-10-15 22:30 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\Threat Expert
2009-10-15 22:28 . 2009-10-08 10:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-15 22:28 . 2009-10-08 10:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-15 22:28 . 2009-10-08 10:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-15 22:28 . 2009-10-08 10:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-15 22:28 . 2009-10-02 13:19 1152470 ----a-w- c:\windows\UDB.zip
2009-10-15 22:28 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2009-10-15 22:26 . 2009-11-03 18:17 -------- d-----w- c:\program files\Spyware Doctor
2009-10-15 22:26 . 2009-10-15 22:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-15 22:26 . 2009-10-15 22:26 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\PC Tools
2009-10-15 22:26 . 2009-10-15 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-15 04:03 . 2009-10-15 04:03 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\HHD Software
2009-10-09 17:23 . 2009-10-09 17:23 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\Batchwork

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 15:58 . 2008-04-21 15:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 15:38 . 2008-01-29 18:53 -------- d-----w- c:\program files\Lx_cats
2009-11-04 00:23 . 2006-04-11 13:20 -------- d-----w- c:\program files\Common Files\Real
2009-11-04 00:00 . 2006-04-11 13:32 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-11-03 19:21 . 2008-04-26 13:50 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\BitTorrent
2009-11-03 19:20 . 2007-10-31 16:40 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2009-10-29 04:16 . 2008-10-08 17:11 -------- d-----w- c:\program files\QMacro
2009-10-28 14:14 . 2008-12-12 19:32 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-27 13:49 . 2009-10-27 13:47 -------- d-----w- c:\program files\Lexmark 5400 Series
2009-10-27 02:06 . 2009-05-29 01:45 -------- d-----w- c:\program files\Hotspot Shield
2009-10-24 19:20 . 2008-06-02 15:10 -------- d-----w- c:\program files\Xvid
2009-10-24 18:54 . 2008-12-19 21:40 -------- d-----w- c:\program files\DVDlabPro2
2009-10-23 03:49 . 2009-02-12 03:09 -------- d-----w- c:\program files\Unlocker
2009-10-23 02:18 . 2009-08-20 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 01:19 . 2006-04-11 12:54 -------- d-----w- c:\program files\Java
2009-10-22 03:50 . 2005-01-24 16:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-10-22 03:35 . 2006-04-11 13:07 -------- d-----w- c:\program files\HP
2009-10-22 03:35 . 2006-04-11 13:23 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-21 21:12 . 2008-10-18 04:22 -------- d-----w- c:\program files\Microsoft
2009-10-21 03:00 . 2008-02-19 22:15 -------- d-----w- c:\program files\Total Video Converter
2009-10-21 02:18 . 2006-04-11 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-21 02:18 . 2006-04-11 13:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-21 02:18 . 2006-04-11 13:39 -------- d-----w- c:\program files\Symantec
2009-10-21 02:15 . 2008-04-13 11:48 -------- d-----w- c:\program files\SopCast
2009-10-21 02:09 . 2006-04-11 13:36 -------- d-----w- c:\program files\Google
2009-10-21 01:49 . 2009-10-21 01:49 1721 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ES067AA-ABU a1429.uk_YC_0Pavi_QCNH616_E62GBheBLA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L409_M1983_J200_7AMD_8Athlon 64_91.99_#060703_N10EC8139_Z11C10620_G10025954.MRK
2009-10-21 00:51 . 2009-01-31 21:35 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\BitTorrent
2009-10-20 21:32 . 2006-07-09 00:53 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-15 21:17 . 2009-10-15 21:17 19588 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\fiwexepoc.dat
2009-10-10 14:50 . 2009-01-31 20:36 63864 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 17:34 . 2009-04-26 21:15 -------- d-----w- c:\program files\MSECACHE
2009-10-05 20:30 . 2009-10-04 01:09 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\TortoiseSVN
2009-10-05 15:27 . 2009-10-05 15:25 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\MilkShape 3D 1.x.x
2009-10-05 15:22 . 2009-10-05 15:22 -------- d-----w- c:\program files\MilkShape 3D 1.8.5
2009-10-04 01:01 . 2009-10-04 01:01 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\Subversion
2009-10-04 01:01 . 2009-10-04 01:01 -------- d-----w- c:\program files\TortoiseSVN
2009-10-04 01:01 . 2009-10-04 01:01 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-10-02 04:38 . 2009-09-09 19:31 167528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-02 03:26 . 2009-10-02 03:26 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\HpUpdate
2009-10-01 23:41 . 2009-10-01 23:41 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-10-01 23:41 . 2009-10-01 23:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-26 03:39 . 2009-02-01 21:06 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\Vso
2009-09-23 15:26 . 2009-09-23 15:14 -------- d-----w- c:\program files\Winamp
2009-09-23 15:14 . 2009-09-23 15:14 -------- d-----w- c:\program files\x264
2009-09-21 20:40 . 2009-09-21 20:36 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\DeepBurner
2009-09-16 02:20 . 2009-10-23 02:36 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 05:20 . 2009-10-23 02:36 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 01:12 . 2009-10-23 02:36 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01 . 2009-10-23 02:36 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-09 18:46 . 2009-09-09 18:46 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\EA
2009-03-05 17:08 . 2009-04-27 04:55 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-10-27 02:05 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 294912]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"PCDrProfiler"="" [BU]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Documents and Settings\\HP_Owner.ERSIN\\Desktop\\ZEQ2\\ZEQ2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/10/2009 02:36 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/10/2009 01:57 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/10/2009 01:57 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [15/10/2009 22:28 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/10/2009 22:26 358600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath - c:\documents and settings\HP_Owner.ERSIN\Application Data\Mozilla\Firefox\Profiles\uwve1vzf.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 16:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-04 16:12
ComboFix-quarantined-files.txt 2009-11-04 16:12
ComboFix2.txt 2009-02-09 08:22

Pre-Run: 121,928,220,672 bytes free
Post-Run: 121,897,365,504 bytes free

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 04 November 2009 - 01:19 PM

You are welcome :(

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 OneAndOnlyErsin

OneAndOnlyErsin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 04 November 2009 - 05:09 PM

The Malwarebytes scan came back clean so the only log is from Eset

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7426aaaa6fafb34ea85ed9a1509b3978
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-04 08:12:13
# local_time=2009-11-04 08:12:13 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 23197974 23197974 0 0
# compatibility_mode=769 16775125 100 98 6093 193638084 2800 0
# compatibility_mode=1026 16777214 0 2 42346434 42346434 0 0
# compatibility_mode=2049 16777214 0 5 15352140 15352140 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3719 3719 0 0
# scanned=32499
# found=0
# cleaned=0
# scan_time=5022
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7426aaaa6fafb34ea85ed9a1509b3978
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-04 10:02:13
# local_time=2009-11-04 10:02:13 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 23203109 23203109 0 0
# compatibility_mode=769 16775125 100 98 11228 193643219 7935 0
# compatibility_mode=1026 16777214 0 2 42351569 42351569 0 0
# compatibility_mode=2049 16777214 0 5 15357275 15357275 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 8854 8854 0 0
# scanned=249842
# found=4
# cleaned=4
# scan_time=6487
C:\Program Files\Sports Interactive\Football Manager 2009\fm91_t1.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 00000000000000000000000000000000 C

I did a 7 hour full scan with spyware doctor the other day and found 4 threats, yet it completely missed everything you found.
Where do you learn all this stuff? Any good guides/books to get started?

Ersin

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 04 November 2009 - 08:01 PM

I did a 7 hour full scan with spyware doctor the other day and found 4 threats, yet it completely missed everything you found.
Where do you learn all this stuff? Any good guides/books to get started?

I did train at a school from Geekstogo.com.
But I help here as well and at other forums.
Mostly that is where I learned malware removal.
But mostly it is hands on experience.
There is also a malware removal training program here as well.
You can sign up here > http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

I am not a fan of Spyware Doctor I think they are highly overrated and you have to pay money for disinfection.
==================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 OneAndOnlyErsin

OneAndOnlyErsin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 05 November 2009 - 11:39 AM

Here you go :(

OTL logfile created on: 05/11/2009 16:36:30 - Run 2
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\HP_Owner.ERSIN\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 64.65% Memory free
3.78 Gb Paging File | 3.03 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.59 Gb Total Space | 113.48 Gb Free Space | 62.84% Space Free | Partition Type: NTFS
Drive D: | 5.70 Gb Total Space | 0.44 Gb Free Space | 7.80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERSIN
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\system32\lxctcoms.exe ( )
PRC - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\NOTEPAD.EXE (Microsoft Corporation)
PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP)
SRV - (lxct_device) -- C:\WINDOWS\System32\lxctcoms.exe ( )
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/23 01:19:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/04 00:22:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/04 00:22:59 | 00,000,000 | ---D | M]

[2009/10/21 02:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Extensions
[2009/10/21 02:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/24 15:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Firefox\Profiles\uwve1vzf.default\extensions
[2009/10/24 15:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla\Firefox\Profiles\uwve1vzf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/24 15:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/21 03:54:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/18 17:24:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/18 16:47:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/10 00:47:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 01:49:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/17 20:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/23 01:19:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 20:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/08/24 20:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/05 17:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009/02/24 19:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/01/08 00:45:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/07/08 21:07:06 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2009/10/23 01:19:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/24 19:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/07/02 23:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/01/29 03:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2009/05/14 16:42:24 | 00,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/01/07 17:29:18 | 01,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/08/24 20:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/04/18 01:53:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 17:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/23 15:36:40 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/02/24 19:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/24 18:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 18:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 18:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 18:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 18:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 18:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 18:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 23:32:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/04 18:46:51 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/04 18:11:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Text files
[2009/11/04 18:09:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Virus Logs
[2009/11/04 17:56:52 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/04 17:56:51 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/04 17:56:50 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/04 17:56:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/04 17:56:47 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/04 17:56:47 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/04 17:56:46 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/04 17:56:46 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/04 17:56:23 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/04 15:46:25 | 00,872,064 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2009/11/04 15:24:44 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/03 16:05:04 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe
[2009/11/03 04:41:30 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Recent
[2009/10/30 16:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Identities
[2009/10/30 16:36:33 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/10/29 15:24:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\eBay pictures
[2009/10/29 15:24:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/10/29 15:24:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/10/29 04:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Help
[2009/10/29 04:27:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Help
[2009/10/29 04:22:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/10/29 04:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/10/28 20:33:42 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/10/28 14:11:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\5400 Series
[2009/10/27 15:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\TSVNCache
[2009/10/27 15:45:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\TortoiseSVN
[2009/10/27 15:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ZEQ2
[2009/10/27 15:33:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Subversion
[2009/10/27 13:48:26 | 00,012,288 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctpmrc.dll
[2009/10/27 13:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 5400 Series
[2009/10/27 13:47:18 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2009/10/27 13:47:18 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2009/10/27 13:47:17 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2009/10/27 13:47:17 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2009/10/27 13:47:17 | 00,458,752 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctutil.dll
[2009/10/27 13:47:17 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2009/10/27 13:47:16 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2009/10/27 13:47:16 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2009/10/27 13:47:16 | 00,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctinsb.dll
[2009/10/27 13:47:16 | 00,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctjswr.dll
[2009/10/27 13:47:16 | 00,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctinsr.dll
[2009/10/27 13:47:16 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2009/10/27 13:47:15 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2009/10/27 13:47:15 | 00,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctih.exe
[2009/10/27 13:47:15 | 00,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctins.dll
[2009/10/27 13:47:14 | 00,983,107 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxctgf.dll
[2009/10/27 13:47:14 | 00,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcoms.exe
[2009/10/27 13:47:14 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[2009/10/27 13:47:14 | 00,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcub.dll
[2009/10/27 13:47:14 | 00,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcu.dll
[2009/10/27 13:47:14 | 00,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxctcur.dll
[2009/10/27 13:47:13 | 00,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2009/10/27 13:47:13 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcfg.exe
[2009/10/27 13:47:13 | 00,077,824 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxctcfg.dll
[2009/10/27 13:39:21 | 00,000,000 | ---D | C] -- C:\drivers
[2009/10/27 13:34:07 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2009/10/27 13:34:07 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/10/27 13:34:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/10/27 13:34:06 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/10/27 13:33:25 | 00,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL
[2009/10/27 13:33:25 | 00,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL
[2009/10/27 13:33:25 | 00,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL
[2009/10/27 13:33:25 | 00,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL
[2009/10/27 13:33:25 | 00,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL
[2009/10/27 13:30:41 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/10/27 13:30:41 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/10/27 13:30:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/10/27 13:30:33 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/10/27 13:29:55 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/10/27 13:29:55 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/10/26 19:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2009/10/26 16:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\AdobeUM
[2009/10/25 22:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\2DBoy
[2009/10/25 22:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/10/25 22:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\WorldOfGoo
[2009/10/24 20:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\CyberLink
[2009/10/24 19:17:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\WMTools Downloaded Files
[2009/10/24 18:17:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\dwhelper
[2009/10/24 17:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\Pazera_Free_FLV_to_AVI_Converter
[2009/10/23 22:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\ImgBurn
[2009/10/23 14:15:17 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/10/23 04:25:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HP
[2009/10/23 03:11:26 | 00,000,000 | ---D | C] -- C:\My Music
[2009/10/23 03:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/23 02:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Threat Expert
[2009/10/23 02:36:47 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/23 02:36:31 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/23 02:36:31 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/23 02:36:20 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/23 02:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\PC Tools
[2009/10/23 02:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Malwarebytes
[2009/10/23 02:18:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/23 02:18:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/23 01:19:31 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/23 01:19:31 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/23 01:19:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/23 01:19:31 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/23 01:19:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/22 04:31:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\IECompatCache
[2009/10/22 04:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\WinBatch
[2009/10/22 03:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HpUpdate
[2009/10/21 21:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/21 21:06:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/21 17:21:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nagasoft
[2009/10/21 09:15:26 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/21 04:26:58 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\PrivacIE
[2009/10/21 04:06:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\IETldCache
[2009/10/21 03:27:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\MSN scenes
[2009/10/21 03:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Chat Logs
[2009/10/21 03:05:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\vlc
[2009/10/21 02:38:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Videos
[2009/10/21 02:38:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Adobe
[2009/10/21 02:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Adobe
[2009/10/21 02:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Mozilla
[2009/10/21 02:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Mozilla
[2009/10/21 02:30:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/10/21 02:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\WinRAR
[2009/10/21 02:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\Downloads
[2009/10/21 02:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Sun
[2009/10/21 02:21:33 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/21 02:21:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/10/21 02:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Tracing
[2009/10/21 01:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Google
[2009/10/21 01:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\BitTorrent
[2009/10/21 01:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Macromedia
[2009/10/21 01:53:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\UserData
[2009/10/21 01:49:38 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/10/21 01:47:10 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Microsoft
[2009/10/21 01:47:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Identities
[2009/10/21 01:47:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\SendTo
[2009/10/21 01:47:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Start Menu
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Pictures
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents\My Music
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\My Documents
[2009/10/21 01:47:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Favorites
[2009/10/21 01:47:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Cookies
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Templates
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\PrintHood
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\NetHood
[2009/10/21 01:47:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\WINDOWS
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\PowerCinema
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\Microsoft
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\ApplicationHistory
[2009/10/21 01:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2009/10/15 22:28:27 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/15 22:28:27 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/15 22:28:27 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/15 22:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2005/09/24 06:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/05 15:28:55 | 00,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/05 15:14:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/05 15:13:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/05 15:13:56 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/05 14:10:38 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\NTUSER.DAT
[2009/11/05 14:10:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\ntuser.ini
[2009/11/04 17:56:47 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/04 16:11:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/04 15:41:27 | 03,533,737 | R--- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ComboFix.exe
[2009/11/03 18:16:09 | 00,291,328 | ---- | M] () -- C:\wim1eomv.exe
[2009/11/03 16:05:15 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\OTL.exe
[2009/10/30 20:28:15 | 03,233,084 | -H-- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\IconCache.db
[2009/10/28 20:05:21 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\HijackThis.lnk
[2009/10/27 13:52:27 | 00,021,293 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/26 19:45:28 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\VNC Viewer 4.lnk
[2009/10/25 22:23:31 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2009/10/25 13:34:12 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 13:34:12 | 00,382,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/25 13:34:12 | 00,053,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 19:16:46 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/23 22:08:10 | 00,001,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/10/23 02:36:27 | 00,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/23 02:18:24 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 01:19:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/23 01:19:16 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/23 01:19:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/23 01:19:16 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/23 01:19:16 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/22 03:50:41 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/10/21 03:54:25 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/21 02:21:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/21 02:19:40 | 00,042,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 02:18:09 | 00,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/21 01:52:44 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\My Computer.lnk
[2009/10/21 01:49:25 | 00,001,721 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ES067AA-ABU a1429.uk_YC_0Pavi_QCNH616_E62GBheBLA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L409_M1983_J200_7AMD_8Athlon 64_91.99_#060703_N10EC8139_Z11C10620_G10025954.MRK
[2009/10/21 01:47:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/21 01:45:59 | 00,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/21 01:45:53 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/10/21 01:45:02 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/10/20 21:32:28 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/10/20 04:31:01 | 00,000,883 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/08 10:31:46 | 00,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/08 10:31:44 | 01,636,304 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/08 10:31:44 | 00,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/08 10:31:14 | 00,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 17:56:23 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/11/04 15:43:13 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/04 15:43:13 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/04 15:40:47 | 03,533,737 | R--- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\ComboFix.exe
[2009/11/03 18:16:08 | 00,291,328 | ---- | C] () -- C:\wim1eomv.exe
[2009/10/28 20:05:21 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\HijackThis.lnk
[2009/10/27 13:51:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2009/10/27 13:51:54 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2009/10/27 13:48:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2009/10/27 13:48:46 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2009/10/27 13:48:13 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2009/10/27 13:48:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2009/10/27 13:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2009/10/27 13:47:18 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2009/10/27 13:47:18 | 00,021,293 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2009/10/27 13:47:15 | 00,752,383 | ---- | C] () -- C:\WINDOWS\System32\lxcthelp.chm
[2009/10/27 13:47:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2009/10/27 13:47:13 | 00,002,180 | ---- | C] () -- C:\WINDOWS\System32\lxct.loc
[2009/10/26 19:45:28 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\VNC Viewer 4.lnk
[2009/10/25 22:23:31 | 00,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Goo.lnk
[2009/10/25 19:21:03 | 03,233,084 | -H-- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\IconCache.db
[2009/10/24 19:20:09 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/24 19:20:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/10/24 19:20:08 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/23 22:08:10 | 00,001,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2009/10/23 02:36:47 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/10/23 02:36:31 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/10/23 02:36:31 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/23 02:36:27 | 00,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/23 02:36:20 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/10/22 03:58:57 | 00,052,296 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/10/22 03:58:43 | 00,002,125 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\HPSU_48BitScanUpdate.log
[2009/10/22 03:50:42 | 00,036,984 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/21 02:41:07 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 02:04:01 | 00,042,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/21 01:52:44 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Desktop\My Computer.lnk
[2009/10/21 01:49:21 | 00,001,721 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ES067AA-ABU a1429.uk_YC_0Pavi_QCNH616_E62GBheBLA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L409_M1983_J200_7AMD_8Athlon 64_91.99_#060703_N10EC8139_Z11C10620_G10025954.MRK
[2009/10/21 01:49:18 | 20,788,55168 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/21 01:47:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\Application Data\desktop.ini
[2009/10/21 01:47:09 | 03,407,872 | -H-- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\NTUSER.DAT
[2009/10/21 01:47:09 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Owner.ERSIN\ntuser.ini
[2009/10/15 22:28:28 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/15 22:28:27 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/10/15 22:28:27 | 00,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/15 22:28:27 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/10/15 22:28:27 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/08/11 04:22:51 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2009/07/10 16:06:25 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/09 18:39:11 | 00,000,656 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2009/07/09 18:38:41 | 00,000,216 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2009/07/09 17:46:47 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/07/08 00:33:03 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/05/11 17:48:29 | 00,000,056 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2009/05/11 02:26:07 | 00,000,336 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/04/03 13:44:42 | 00,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/03/04 17:44:09 | 00,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/01/12 01:48:28 | 00,000,703 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2008/07/02 15:53:37 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/04/16 12:13:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/04/13 22:06:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/05 19:36:43 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/10/17 21:07:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/10/17 21:07:24 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/10/17 19:35:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/10/10 13:30:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\sysc_drv.ini
[2007/09/22 17:00:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/07/06 10:40:04 | 00,000,065 | ---- | C] () -- C:\WINDOWS\LudoValue.INI
[2006/12/07 15:30:19 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/29 12:49:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/23 23:25:01 | 00,000,139 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2006/07/11 20:19:42 | 00,006,980 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/10 21:26:41 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/07 16:56:59 | 00,015,136 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/11 13:51:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/11 13:32:41 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/04/11 13:29:07 | 00,013,560 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/04/11 13:29:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/04/11 13:24:14 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/04/11 13:21:37 | 00,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/04/11 13:07:49 | 00,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/11 13:06:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/11 12:50:53 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/11 12:47:56 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/04/11 12:47:56 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/04/11 12:47:36 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/15 08:24:00 | 00,023,286 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2005/12/09 21:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 23:32:08 | 00,000,497 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/12/05 23:24:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/12/05 23:24:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 11:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/24 19:10:06 | 00,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 21:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 05 November 2009 - 01:33 PM

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 OneAndOnlyErsin

OneAndOnlyErsin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 05 November 2009 - 05:41 PM

Thanks you so much for all your help, really appreciate it :(

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:54 AM

Posted 06 November 2009 - 07:15 AM

You are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users