Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Invisible task running in Task Scheduler (Vista)

Started by spyhunter , Aug 26 2010 11:39 AM

  • This topic is locked This topic is locked

#1
spyhunter
Posted 26 August 2010 - 11:39 AM

spyhunter

    Member

  • Member
  • PipPip
  • 48 posts
Hi, I have a Toshiba Satellite A200 running 32 bit Vista and have discovered a strange task 'qweuxzdx' running in the Task Scheduler.

It appears in the 'Task Status' pane as 'Running' but does not appear in the 'Active Tasks' pane at all.

Anyone know how to find out where it's coming from and/or what it is?

Thanks :)
  • 0

Advertisements

#2
Essexboy
Posted 26 August 2010 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me see what you have

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan all users
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
    %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
spyhunter
Posted 26 August 2010 - 01:53 PM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Am on it :)

Have tried to run Gmer on this machine already but it crashed each time :)

Will let you know how it goes!
  • 0

#4
spyhunter
Posted 26 August 2010 - 03:01 PM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi again,

Here's the Ark.txt


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-26 21:29:55
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Boss\AppData\Local\Temp\kfldqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



And now OTL.txt





OTL logfile created on: 26.08.2010 21:34:24 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Boss\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 18,64 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive D: | 971,63 Mb Total Space | 673,28 Mb Free Space | 69,29% Space Free | Partition Type: FAT
Drive E: | 54,43 Gb Total Space | 41,47 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ÖÖÖ-PC
Current User Name: Boss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.04.12 10:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010.03.25 21:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2010.03.01 20:37:32 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010.03.01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.03.01 20:37:28 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.02.24 02:43:13 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2007.06.13 06:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.12 10:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.02.24 02:43:13 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.08.24 22:07:58 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2010.08.24 21:54:26 | 000,059,392 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.01 20:37:32 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.06.20 07:37:00 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007.06.12 00:05:00 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.22 05:28:44 | 001,771,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.01.24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007.01.18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006.05.03 23:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2006.03.22 16:53:54 | 010,220,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tr.msn.com/
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2714116563-557772809-270244157-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.25 17:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.25 17:15:25 | 000,000,000 | ---D | M]

[2010.08.26 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions
[2010.08.26 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010.08.26 17:50:13 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions
[2010.08.26 11:59:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.26 17:50:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.25 17:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005.04.27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010.07.23 01:34:34 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-tr.xml

O1 HOSTS File: ([2009.01.05 16:57:10 | 000,290,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10017 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-2714116563-557772809-270244157-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2714116563-557772809-270244157-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\ööö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Türkçe'ye Çevir [Kelime Çevirisi] - {10954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\Simka Çeviri Lite\SimkaCeviriLite.exe ()
O9 - Extra 'Tools' menuitem : Tools Menu Item - {10954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\Simka Çeviri Lite\SimkaCeviriLite.exe ()
O9 - Extra Button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Authentication Packages - (C:\Windows\system32\iifeeEur) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.03 10:48:52 | 000,586,212 | ---- | M] () - D:\Autoruns.zip -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.08.26 21:31:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2010.08.26 20:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010.08.26 19:28:32 | 000,000,000 | ---D | C] -- E:\Documents\LimeWire
[2010.08.26 19:28:32 | 000,000,000 | ---D | C] -- E:\Documents\Alınan Dosyalarım
[2010.08.26 19:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.26 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\LimeWire
[2010.08.26 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010.08.26 15:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.08.26 12:33:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.26 12:33:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.26 12:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.25 17:15:33 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Mozilla
[2010.08.25 16:59:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.08.25 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Apps
[2010.08.25 14:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.08.25 14:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.08.25 14:42:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.08.25 14:08:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.08.25 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Adobe
[2010.08.25 06:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.24 23:04:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.24 22:00:41 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\InstallShield
[2010.08.24 19:44:26 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Winamp
[2010.08.24 13:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.08.24 08:49:48 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\TFC.exe
[2010.08.24 00:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.08.23 23:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.08.23 23:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.08.23 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.23 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Apple Computer
[2010.08.23 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Apple Computer
[2010.08.23 23:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.08.23 23:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.08.23 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.23 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Malwarebytes
[2008.07.30 13:06:03 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005.11.23 15:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2005.04.21 01:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004.02.16 21:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.08.26 21:37:00 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job
[2010.08.26 21:33:16 | 001,835,008 | -HS- | M] () -- C:\Users\Boss\ntuser.dat
[2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2010.08.26 20:22:15 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.26 20:22:15 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.26 20:22:15 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.26 20:15:31 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 20:15:31 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 20:15:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.26 20:15:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.26 20:14:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.26 20:02:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.08.26 20:02:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.26 20:01:41 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.08.26 20:01:41 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.08.26 19:32:48 | 000,524,288 | -HS- | M] () -- C:\Users\Boss\ntuser.dat{4e734984-334a-11de-92f4-001b38ade14c}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 19:32:48 | 000,065,536 | -HS- | M] () -- C:\Users\Boss\ntuser.dat{4e734984-334a-11de-92f4-001b38ade14c}.TM.blf
[2010.08.26 19:32:33 | 002,678,140 | -H-- | M] () -- C:\Users\Boss\AppData\Local\IconCache.db
[2010.08.26 19:17:11 | 000,000,918 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.26 18:48:30 | 000,001,665 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.08.26 18:46:59 | 000,001,707 | ---- | M] () -- C:\Users\Boss\Desktop\LimeWire 5.5.14.lnk
[2010.08.26 12:33:22 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 12:05:20 | 000,000,539 | ---- | M] () -- C:\Users\Boss\Desktop\Fırefox Downloaded Fıles - Shortcut.lnk
[2010.08.26 10:56:46 | 000,013,312 | ---- | M] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 22:52:36 | 000,000,943 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010.08.25 18:48:51 | 631,086,022 | ---- | M] () -- E:\Documents\0compressed (2).zip
[2010.08.25 17:15:28 | 000,001,753 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.25 17:15:28 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.25 14:47:47 | 000,326,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.25 14:03:48 | 257,764,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.24 21:54:26 | 000,059,392 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010.08.24 15:22:34 | 000,002,137 | ---- | M] () -- C:\Windows\wininit.ini
[2010.08.24 14:08:49 | 000,001,084 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.08.24 14:08:49 | 000,001,060 | ---- | M] () -- C:\Users\Boss\Desktop\Spybot - Search & Destroy.lnk
[2010.08.24 13:56:12 | 000,000,817 | ---- | M] () -- C:\Users\Boss\Desktop\SpywareBlaster.lnk
[2010.08.24 13:19:59 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.08.24 08:34:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.24 00:09:23 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 23:57:58 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.23 23:09:51 | 000,000,948 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.08.23 22:38:42 | 000,083,680 | ---- | M] () -- C:\Users\Boss\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.26 03:50:40 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.26 20:02:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.08.26 20:02:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.26 19:28:32 | 000,000,763 | ---- | C] () -- E:\Documents\Paylaşım Klasörlerim.lnk
[2010.08.26 19:17:11 | 000,000,918 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.26 18:48:30 | 000,001,665 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.08.26 18:46:59 | 000,001,707 | ---- | C] () -- C:\Users\Boss\Desktop\LimeWire 5.5.14.lnk
[2010.08.26 13:04:43 | 000,000,310 | -H-- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.08.26 13:01:49 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.08.26 12:33:22 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 12:05:22 | 000,000,539 | ---- | C] () -- C:\Users\Boss\Desktop\Fırefox Downloaded Fıles - Shortcut.lnk
[2010.08.26 11:08:14 | 631,086,022 | ---- | C] () -- E:\Documents\0compressed (2).zip
[2010.08.25 22:52:36 | 000,000,943 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010.08.25 18:02:20 | 000,013,312 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 17:15:28 | 000,001,753 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.25 17:15:28 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.25 12:19:39 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.25 09:48:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job
[2010.08.24 14:08:49 | 000,001,084 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.08.24 14:08:49 | 000,001,060 | ---- | C] () -- C:\Users\Boss\Desktop\Spybot - Search & Destroy.lnk
[2010.08.24 13:56:12 | 000,000,817 | ---- | C] () -- C:\Users\Boss\Desktop\SpywareBlaster.lnk
[2010.08.24 13:19:59 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.08.24 00:09:23 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 23:57:58 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.23 22:57:14 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.09.17 15:29:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.01.05 21:35:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.05 17:41:01 | 000,002,137 | ---- | C] () -- C:\Windows\wininit.ini
[2009.01.05 12:31:22 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\atuhugur.ini
[2009.01.04 22:04:34 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\alijeniy.ini
[2009.01.04 09:02:56 | 001,266,218 | -HS- | C] () -- C:\Windows\System32\eporadoy.ini
[2009.01.02 18:47:50 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\adufawag.ini
[2009.01.02 16:38:05 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\uhopihep.ini
[2008.12.29 11:53:50 | 000,565,556 | -HS- | C] () -- C:\Windows\System32\cfPXaccf.ini
[2008.02.22 03:02:41 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2007.07.10 15:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.07.10 15:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.10 15:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.10 15:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.10 15:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.10 15:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.10 15:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.04.17 12:15:57 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.04.17 12:15:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.04.17 12:15:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.04.13 17:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.13 16:43:02 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.13 16:43:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.13 16:43:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.13 16:43:02 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.05.03 23:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2006.03.22 16:53:54 | 010,220,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2006.03.09 18:47:34 | 000,000,696 | ---- | C] () -- C:\Windows\ASUSCAM.ini
[2006.03.09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2004.12.09 19:23:10 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2003.01.18 01:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

========== LOP Check ==========

[2010.08.26 20:44:19 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\LimeWire
[2008.01.30 01:11:38 | 000,000,000 | ---D | M] -- C:\Users\ööö\AppData\Roaming\DesktopSMS
[2008.02.24 02:43:25 | 000,000,000 | ---D | M] -- C:\Users\ööö\AppData\Roaming\Netscape
[2008.02.24 02:42:52 | 000,000,000 | ---D | M] -- C:\Users\ööö\AppData\Roaming\Photodex
[2008.03.18 22:22:52 | 000,000,000 | ---D | M] -- C:\Users\ööö\AppData\Roaming\Toshiba
[2010.03.30 15:40:40 | 000,000,000 | ---D | M] -- C:\Users\ööö\AppData\Roaming\Windows Live Writer
[2010.08.26 20:13:33 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.26 21:37:00 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007.04.13 06:42:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.10.31 12:36:33 | 000,000,268 | ---- | M] () -- C:\ez_log.htm
[2010.08.26 20:14:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2008.02.06 20:35:00 | 000,230,424 | ---- | M] () -- C:\img1-001.raw
[2008.02.05 21:30:17 | 000,230,424 | ---- | M] () -- C:\img1-002.raw
[2008.02.04 01:47:05 | 000,230,424 | ---- | M] () -- C:\img1-004.raw
[2010.04.25 16:18:57 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2008.02.22 02:51:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.02.22 02:51:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.26 20:14:49 | 2451,247,104 | -HS- | M] () -- C:\pagefile.sys
[2008.02.24 02:43:36 | 000,001,601 | ---- | M] () -- C:\photodex-presenter-install.log
[2009.07.19 22:14:57 | 000,230,424 | ---- | M] () -- C:\snp2sxp-001.raw
[2009.05.03 21:41:36 | 000,230,424 | ---- | M] () -- C:\snp2sxp-002.raw
[2009.01.19 00:37:04 | 000,230,424 | ---- | M] () -- C:\snp2sxp-003.raw
[2008.11.16 20:38:19 | 000,230,424 | ---- | M] () -- C:\snp2sxp-004.raw
[2008.03.02 18:17:15 | 000,921,624 | ---- | M] () -- C:\snp2sxp-005.raw
[2008.03.02 18:22:25 | 000,230,424 | ---- | M] () -- C:\snp2sxp-006.raw
[2009.01.21 16:42:14 | 000,230,424 | ---- | M] () -- C:\snp2sxp-007.raw
[2008.08.31 19:17:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.09.01 14:07:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.09.15 17:21:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008.09.15 21:37:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008.09.15 21:54:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008.09.16 14:05:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008.09.16 17:47:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008.09.16 17:59:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008.09.30 22:35:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008.10.31 12:40:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008.11.28 21:12:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008.12.01 20:48:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008.12.19 18:35:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008.12.19 19:53:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008.12.20 18:25:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009.01.06 15:57:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008.08.31 19:17:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.09.01 14:07:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.09.15 17:21:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008.09.15 21:37:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008.09.15 21:54:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008.09.16 14:05:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008.09.16 17:47:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008.09.16 17:59:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008.09.30 22:35:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008.10.31 12:40:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008.11.28 21:12:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008.12.01 20:48:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008.12.19 18:35:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008.12.19 19:53:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008.12.20 18:25:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009.01.06 15:57:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2007.07.11 01:25:19 | 000,000,600 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.08.25 14:28:34 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009.07.10 13:49:38 | 000,307,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.01.06 16:13:14 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2008.07.30 13:05:47 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\System32\config\*.sav >
[2007.04.13 06:42:19 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.04.13 06:42:18 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.04.13 06:42:19 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.04.13 06:42:27 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.04.13 06:42:28 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004.12.09 19:23:46 | 000,013,022 | ---- | M] () -- C:\Windows\snp2std.src
[2003.01.18 01:35:40 | 000,013,023 | ---- | M] () -- C:\Windows\snpstd.src
[2009.06.26 18:21:02 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2010.07.23 03:18:13 | 000,910,296 | ---- | M] (Mozilla Corporation) MD5=BACCDA841C689D1CBA941F478E8ED24B -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2010.06.26 07:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Program Files\Internet Explorer\iexplore.exe

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010.08.25 22:52:36 | 000,000,286 | -HS- | M] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Boss\Desktop\gmer.exe
[2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2010.02.27 00:44:30 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\TFC.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-26 18:38:37

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >




And Extras:



OTL Extras logfile created on: 26.08.2010 21:34:24 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Boss\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 18,64 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Drive D: | 971,63 Mb Total Space | 673,28 Mb Free Space | 69,29% Space Free | Partition Type: FAT
Drive E: | 54,43 Gb Total Space | 41,47 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ÖÖÖ-PC
Current User Name: Boss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2714116563-557772809-270244157-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085D218E-B12F-40F1-8609-8AEE71826AC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C433E40-D0BA-40C4-963F-B54952917E3A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E801255-E3D8-4B6D-B43F-3A3B00A688A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A8F5EE4-585A-4C92-BDA0-F112A3D8CDE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{592D9A04-1BCA-41E1-9F62-A694B3A4E0DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D585617-7BEE-4362-A942-6C4269B0AF82}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C8F27A5-6188-48B4-9FC6-47A814B9BAA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{8113868B-F232-4F53-AA12-3933A2EFA183}" = rport=139 | protocol=6 | dir=out | app=system |
"{946B7021-30F4-47C6-AD1A-6D44F50B8A3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A429CEFC-A836-458B-83AE-344E660D9B2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD37A4EE-24ED-4F38-B65E-A80094C8817C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F935F2A2-C863-4E7E-BA4B-7394ED6E98A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C38872-F8C3-4062-8C7C-86664878CECF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{11CF4587-5A54-40D6-BC25-C0997EF03CF6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{11FCB998-38B1-4751-A700-F6443CA3C18F}" = protocol=1 | dir=in | [email protected],-28543 |
"{1E65B39D-D9D6-42B9-88F8-E5ADB3B0F336}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{1E9BDB90-D9BB-4B67-8500-1178A94A1723}" = protocol=6 | dir=in | app=c:\windows\system32\agrsmsvc.exe |
"{21A7A6DA-A1D9-4D43-9E8C-E3E94F21F3AC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25BA3D91-FC4B-4AB0-B377-28D4A125A9B3}" = protocol=17 | dir=in | app=c:\windows\system32\agrsmsvc.exe |
"{2A1A1A7A-CA3A-44C6-B3D4-AC3AD0F404E5}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{2F82C4DE-6C36-48F1-B22D-80F2170FEC43}" = protocol=17 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaantmon.exe |
"{2FACA2CC-F897-47AF-82AB-159ACCE1BAC4}" = protocol=58 | dir=in | [email protected],-28545 |
"{33D35BC5-CC74-4E72-B733-9AB0D3249D7E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3848CCAB-0394-4AEE-9E49-CA3A88762478}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4623A832-5A7A-4CF1-9B39-5C975B728009}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4942B862-BF9C-480F-B14C-0C59FEAA2DF6}" = protocol=17 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaantmon.exe |
"{4BB0538D-A52D-4FE1-99B3-B2B98EBDC0C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F6F300C-D52B-4F5D-A978-A3B51EC58291}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{523C412B-3A63-4DD9-8D2C-7E166F94EEBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{6B8FBC74-1D18-460A-86B1-01C6BD492A4A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{6BF55432-8FF3-45AD-8B7B-F55E96AE483F}" = protocol=6 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaantmon.exe |
"{79DB5A32-FEEE-45FE-B6EE-8A0A05C5D35C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{7DA11933-7C9E-4716-9654-3C89AFB7074C}" = protocol=6 | dir=in | app=c:\users\ööö\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{81394494-A6CF-4E1B-91CB-A6269DB4A645}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{85B151AC-5954-49BD-9CA8-8C235BC9C332}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{8B6DEF65-9F77-46FB-B816-5256E31191BD}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9E4E4EB0-DD8D-4906-89E7-5AC25FEC5FB0}" = protocol=6 | dir=in | app=c:\program files\intel\intel matrix storage manager\iaantmon.exe |
"{A0A1BF72-549A-4DA1-89C5-1F3FBE02E434}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{A65738C9-0618-4079-9D34-8A13EE2631FE}" = protocol=58 | dir=out | [email protected],-28546 |
"{A7DC354F-A9D1-449F-91D4-A33359338DBF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{ABE7590B-6E7A-42DE-8975-79C315E595B5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AE7FB029-1288-47FE-837E-A738DBEC14F8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B3E076EB-E785-4932-90F7-D3354D8951CC}" = protocol=1 | dir=out | [email protected],-28544 |
"{C31E5E5E-9C60-4597-9B88-D5FFF38A2F3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C355F868-2164-4E26-8782-34CAE97DA2C8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{C7E26FB3-618D-4683-817B-E814924CCBE6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CCECF95A-25D9-4782-877F-E33EEFC1ABEF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{D1377291-AAE2-41A6-A6D1-914120322445}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{D2C10E6D-C328-4A18-857D-C0D89F26F9F0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{E762138F-42FF-4B4F-B73E-76843B03C90F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{F1DF485C-1448-4F2B-852E-E0C55B5C14E4}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{FE11FCE9-4AA3-4B7E-8A61-AC50CF674374}" = protocol=17 | dir=in | app=c:\users\ööö\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{FF324A0B-DEB8-46F1-90F7-FC2959B5B6E6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{43DAFBCA-6FE0-494D-9302-85E88B53589E}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{8FD9107E-E510-47C6-9F44-2A04E19CF75C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E0A68B63-211E-4F26-BC52-E1D1F447B835}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0BD1CA00-B329-46CA-8F6E-631732222110}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2AF27A16-AEFC-4B24-9599-E8628372B3A2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{445E1332-A853-48EE-A6CC-8DBDAC70234A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00811113-FA7B-4781-A146-0FD74D617624}" = Windows Live Call
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0935DF3B-EA44-4C5E-9011-BD1958E88DFE}" = Akıllı Menüler (Windows Live Toolbar)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D0250AF-4FA7-480c-A568-9FE885DD8B73}" = Need for Speed™ Carbon Demo
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1BD77AAE-6901-4532-9629-766475C609D8}" = Windows Live Temel Parçalar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Karşıya Yükleme Aracı
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{30EDE085-7423-41A3-9FE9-4956AA61985D}" = Windows Live Writer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{375C3CC8-B3D1-4C47-B7E9-AF91C77A7B8C}" = Windows Live Aile Koruması
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C6848FB-3F23-45F5-BBE1-3DA8A208442D}" = WeFi
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer
"{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}" = Nokia Software Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B46B3B-EDA3-4978-AAFE-FED6E997AD53}" = Windows Live Toolbar
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F7BC615-A7E3-4309-B60E-BC8BF3DEAE83}" = Windows Live Mail
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9233A730-542C-43B5-9A16-6C9EF69281B2}" = Windows Live Toolbar Uzantısı (Windows Live Toolbar)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A09B2DA7-8004-4252-B52C-92FFEA2C5DBD}" = Desktop Smiley Toolbar
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C10EF4FC-77B4-4C05-86C3-BCC5D2AFB2BA}" = ProÇeviri
"{C1103EAA-CD9B-466F-B6D3-8CA337845F5E}" = Windows Live Fotoğraf Galerisi
"{C59CEB1E-097E-4603-8B43-EE0D8482897D}" = Vurgu Görüntüleyicisi (Windows Live Toolbar)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5700E09-9C7F-411C-8DDB-CF816CE80116}" = TSM YAZILI SINAV 9 - DENEME CD
"{DA966F45-F8A1-41F5-B186-36E184409432}" = Windows Live Messenger
"{DAE273DB-B035-42B7-AEE1-2B767971B3EB}" = Windows Live Sync
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DCF60B7D-5830-4AF6-998F-1CD79E1A4BF6}" = Microsoft LifeCam
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA648367-41C2-4891-96DF-FEE1A5EC96FF}" = Windows Live Movie Maker
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"AXA INGILIZCE KONUSAN SOZLUK 2.0" = AXA INGILIZCE KONUSAN SOZLUK 2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImTranslator for IE" = ImTranslator for IE
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LHTTSENG" = L&H TTS3000 British English
"LimeWire" = LimeWire 5.5.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"Simka Çeviri" = Simka Çeviri Lite Edition
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Temel Parçalar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.10.2008 08:36:56 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 10.10.2008 14:45:30 | Computer Name = ööö-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x14ec, application
start time 0x01c92b082a59a2e0.

Error - 10.10.2008 14:47:27 | Computer Name = ööö-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1694, application
start time 0x01c92b08652cfe30.

Error - 10.10.2008 16:02:00 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 10.10.2008 17:33:47 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 10.10.2008 17:33:54 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 11.10.2008 05:57:10 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 11.10.2008 05:57:18 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 11.10.2008 09:05:47 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

Error - 11.10.2008 09:05:51 | Computer Name = ööö-PC | Source = RasClient | ID = 20227
Description =

[ Media Center Events ]
Error - 19.05.2010 10:59:51 | Computer Name = ööö-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





I must also say that it has just had 5 Microsoft updates done and since the restart cannot I log into the second (limited account) user profile, it gives me a TEMP desktop instead
  • 0

#5
Essexboy
Posted 26 August 2010 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing I can see no sign of that task

I must also say that it has just had 5 Microsoft updates done and since the restart cannot I log into the second (limited account) user profile, it gives me a TEMP desktop instead

Do you mean like a safe mode desktop

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No CLSID value found.
    O30 - LSA: Authentication Packages - (C:\Windows\system32\iifeeEur) - File not found
    [2010.08.25 16:59:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2009.01.05 12:31:22 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\atuhugur.ini
    [2009.01.04 22:04:34 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\alijeniy.ini
    [2009.01.04 09:02:56 | 001,266,218 | -HS- | C] () -- C:\Windows\System32\eporadoy.ini
    [2009.01.02 18:47:50 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\adufawag.ini
    [2009.01.02 16:38:05 | 001,266,209 | -HS- | C] () -- C:\Windows\System32\uhopihep.ini
    [2008.12.29 11:53:50 | 000,565,556 | -HS- | C] () -- C:\Windows\System32\cfPXaccf.ini

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#6
spyhunter
Posted 26 August 2010 - 04:08 PM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
[/quote]Do you mean like a safe mode desktop

When logging on a pop up from the taskbar states:

'You have been logged on with a temporary profile. Changes you make to this profile will be lost when you log off. See the Event log for details or contact your administrator'

Don't know if it's nasties or the updates but the touchpad has started playing up again, it was one of the original symptoms of illness on the system.

Am doing the scans now, back soon.

Thanks!

Edited by spyhunter, 26 August 2010 - 04:09 PM.

  • 0

#7
spyhunter
Posted 26 August 2010 - 05:28 PM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
:)

I just cocked up! I forgot to run OTL again after the fix and before running Combofix
Think i'm a bit tired!

I ran the quick scan after instead, don't know what difference it might make :)


Here are the logs (including the OTL fix log first)



OTL fix log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\Windows\system32\iifeeEur deleted successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.
C:\Windows\System32\atuhugur.ini moved successfully.
C:\Windows\System32\alijeniy.ini moved successfully.
C:\Windows\System32\eporadoy.ini moved successfully.
C:\Windows\System32\adufawag.ini moved successfully.
C:\Windows\System32\uhopihep.ini moved successfully.
C:\Windows\System32\cfPXaccf.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Boss\Desktop\cmd.bat deleted successfully.
C:\Users\Boss\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Boss
->Temp folder emptied: 5431647 bytes
->Temporary Internet Files folder emptied: 600256 bytes
->FireFox cache emptied: 31648872 bytes
->Flash cache emptied: 564 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ööö
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 163201 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1312256 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36548 bytes
RecycleBin emptied: 13424488 bytes

Total Files Cleaned = 50,00 mb


[EMPTYFLASH]

User: All Users

User: Boss
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: ööö
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.10.0 log created on 08262010_231514

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\SET16C4.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...





Now (in chronological order) Combofix:



ComboFix 10-08-26.02 - Boss 26.08.2010 23:28:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1110 [GMT 1:00]
Running from: c:\users\Boss\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 22:38 . 2010-08-26 22:42 -------- d-----w- c:\users\Boss\AppData\Local\temp
2010-08-26 22:38 . 2010-08-26 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 22:15 . 2010-08-26 22:15 -------- d-----w- C:\_OTL
2010-08-26 19:13 . 2010-08-26 19:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-26 18:36 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-26 18:34 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-26 18:34 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-26 18:34 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-26 18:17 . 2010-08-26 18:17 -------- d-----w- c:\program files\ERUNT
2010-08-26 17:47 . 2010-08-26 22:23 -------- d-----w- c:\users\Boss\AppData\Roaming\LimeWire
2010-08-26 17:46 . 2010-08-26 17:47 -------- d-----w- c:\program files\LimeWire
2010-08-26 14:38 . 2010-08-26 14:38 -------- d-----w- c:\program files\Trend Micro
2010-08-26 11:33 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 11:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 11:33 . 2010-08-26 11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 14:04 . 2010-08-25 14:04 -------- d-----w- c:\users\Boss\AppData\Local\Apps
2010-08-25 13:42 . 2010-08-25 13:43 -------- d-----w- c:\windows\system32\ca-ES
2010-08-25 13:42 . 2010-08-25 13:43 -------- d-----w- c:\windows\system32\eu-ES
2010-08-25 13:42 . 2010-08-25 13:43 -------- d-----w- c:\windows\system32\vi-VN
2010-08-25 13:08 . 2010-08-25 13:08 -------- d-----w- c:\windows\system32\EventProviders
2010-08-25 12:53 . 2010-08-25 12:53 -------- d-----w- c:\users\Boss\AppData\Local\Adobe
2010-08-25 05:27 . 2010-08-25 05:27 -------- d-----w- c:\programdata\WindowsSearch
2010-08-24 21:00 . 2010-08-24 21:00 -------- d-----w- c:\users\Boss\AppData\Roaming\InstallShield
2010-08-24 18:44 . 2010-08-24 18:44 -------- d-----w- c:\users\Boss\AppData\Roaming\Winamp
2010-08-24 17:16 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-08-24 12:19 . 2010-08-24 12:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-23 23:08 . 2010-08-23 23:09 -------- d-----w- c:\program files\QuickTime
2010-08-23 22:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-23 22:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-23 22:56 . 2010-08-23 22:56 -------- d-----w- c:\program files\iPod
2010-08-23 22:56 . 2010-08-23 22:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-23 22:56 . 2010-08-23 22:57 -------- d-----w- c:\program files\iTunes
2010-08-23 22:55 . 2010-08-25 05:15 -------- d-----w- c:\users\Boss\AppData\Roaming\Apple Computer
2010-08-23 22:55 . 2010-08-23 22:55 -------- d-----w- c:\users\Boss\AppData\Local\Apple Computer
2010-08-23 22:39 . 2010-08-23 22:39 -------- d-----w- c:\program files\Bonjour
2010-08-23 22:09 . 2010-08-23 22:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-08-23 21:51 . 2010-08-23 21:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-23 20:53 . 2010-08-23 20:53 -------- d-----w- c:\users\Boss\AppData\Roaming\Malwarebytes
2010-08-23 20:25 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-23 20:24 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-23 20:24 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-23 20:23 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-23 20:23 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-23 20:23 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-23 20:23 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-23 20:23 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 20:23 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-23 20:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 19:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-26 19:02 . 2010-08-26 19:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-26 19:02 . 2010-08-26 19:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-26 11:56 . 2009-01-06 00:29 -------- d-----w- c:\program files\SpywareBlaster
2010-08-25 15:57 . 2007-04-13 05:41 -------- d-----w- c:\program files\TOSHIBA
2010-08-25 15:11 . 2008-07-30 12:03 -------- d-----w- c:\program files\Yahoo!
2010-08-25 15:09 . 2007-04-13 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 15:04 . 2008-02-21 16:30 -------- d-----w- c:\program files\Winamp
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-25 13:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-25 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-24 21:07 . 2009-05-28 21:41 4233728 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-08-24 20:54 . 2007-07-10 14:20 59392 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-08-24 18:52 . 2009-01-05 20:26 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-24 18:49 . 2008-07-30 12:05 -------- d-----w- c:\program files\Common Files\Real
2010-08-24 13:17 . 2009-01-05 15:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-24 13:12 . 2009-01-05 15:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-23 22:56 . 2009-04-19 16:55 -------- d-----w- c:\program files\Common Files\Apple
2010-08-23 22:25 . 2010-08-23 22:25 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-23 21:49 . 2009-11-08 14:35 -------- d-----w- c:\program files\Microsoft
2010-08-23 21:47 . 2007-05-11 05:39 -------- d-----w- c:\programdata\Microsoft Help
2010-08-23 21:38 . 2009-01-06 15:59 83680 ----a-w- c:\users\Boss\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-28 15:46 . 2007-05-11 05:41 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-23 21:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-23 21:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-23 21:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-23 21:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-01 17:37 . 2009-10-02 20:06 221568 ------w- c:\windows\system32\MpSigStub.exe
2008-07-30 12:05 . 2008-07-30 12:06 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"VX1000"="c:\windows\vVX1000.exe" [2010-03-01 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-8-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8a,90,de,2e,5c,44,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-08-24 4233728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-05 14:31]

2010-08-26 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-01-05 14:31]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job
- c:\windows\system32\msfeedssync.exe [2010-08-23 04:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{10954C80-4F0F-11d3-B17C-00C0DFE39738} - c:\program files\Simka Çeviri Lite\SimkaCeviriLite.exe
FF - ProfilePath - c:\users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
AddRemove-{A09B2DA7-8004-4252-B52C-92FFEA2C5DBD} - c:\programdata\{E756E9FD-CEAA-4495-B5DB-9E9558D9267A}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 23:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-08-26 23:50:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 22:50

Pre-Run: 17.988.845.568 bytes free
Post-Run: 20.436.172.800 bytes free

- - End Of File - - AB166F9F2F50CACCBDFEEA6B13CFF5B2




and the OTL log from after combofix :)


OTL logfile created on: 27.08.2010 00:12:56 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Boss\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 19,08 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 41,47 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ÖÖÖ-PC
Current User Name: Boss
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
PRC - [2010.08.19 17:23:30 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.04.12 10:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010.03.01 20:37:32 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010.03.01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010.03.01 20:37:28 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.02.24 02:43:13 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2007.06.13 06:11:00 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.23 15:57:12 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007.05.22 16:32:00 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.14 22:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006.11.14 21:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
MOD - [2009.04.11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.12 10:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.02.24 02:43:13 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.08.24 22:07:58 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2010.08.24 21:54:26 | 000,059,392 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.01 20:37:32 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.06.20 07:37:00 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.09.26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007.06.12 00:05:00 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.22 05:28:44 | 001,771,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
DRV - [2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.01.24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007.01.18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006.05.03 23:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2006.03.22 16:53:54 | 010,220,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.25 17:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.25 17:15:25 | 000,000,000 | ---D | M]

[2010.08.26 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions
[2010.08.26 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010.08.26 17:50:13 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions
[2010.08.26 11:59:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.26 17:50:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\9h4gn3l6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.25 17:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005.04.27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010.07.23 01:34:34 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-tr.xml

O1 HOSTS File: ([2010.08.26 23:41:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Türkçe'ye Çevir [Kelime Çevirisi] - {10954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\Simka Çeviri Lite\SimkaCeviriLite.exe ()
O9 - Extra 'Tools' menuitem : Tools Menu Item - {10954C80-4F0F-11d3-B17C-00C0DFE39738} - C:\Program Files\Simka Çeviri Lite\SimkaCeviriLite.exe ()
O9 - Extra Button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.08.26 23:50:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.26 23:50:55 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\temp
[2010.08.26 23:49:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.26 23:26:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.26 23:26:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.26 23:26:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.26 23:25:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.26 23:25:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.26 23:15:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.26 21:31:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2010.08.26 20:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010.08.26 19:28:32 | 000,000,000 | ---D | C] -- E:\Documents\LimeWire
[2010.08.26 19:28:32 | 000,000,000 | ---D | C] -- E:\Documents\Alınan Dosyalarım
[2010.08.26 19:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.26 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\LimeWire
[2010.08.26 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010.08.26 15:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.08.26 12:33:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.26 12:33:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.26 12:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.25 17:15:33 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Mozilla
[2010.08.25 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Apps
[2010.08.25 14:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.08.25 14:42:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.08.25 14:42:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.08.25 14:08:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.08.25 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Adobe
[2010.08.25 06:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.24 23:04:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.24 22:00:41 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\InstallShield
[2010.08.24 19:44:26 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Winamp
[2010.08.24 13:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.08.24 08:49:48 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Boss\Desktop\TFC.exe
[2010.08.24 00:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.08.23 23:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.08.23 23:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.08.23 23:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.23 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Apple Computer
[2010.08.23 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Local\Apple Computer
[2010.08.23 23:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.08.23 23:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.08.23 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.23 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\Boss\AppData\Roaming\Malwarebytes
[2008.07.30 13:06:03 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005.11.23 15:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2005.04.21 01:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2004.02.16 21:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.08.27 00:15:03 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job
[2010.08.27 00:13:29 | 001,835,008 | -HS- | M] () -- C:\Users\Boss\ntuser.dat
[2010.08.27 00:12:08 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 00:12:08 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 00:11:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.27 00:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.27 00:11:38 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.27 00:10:55 | 000,524,288 | -HS- | M] () -- C:\Users\Boss\ntuser.dat{4e734984-334a-11de-92f4-001b38ade14c}.TMContainer00000000000000000001.regtrans-ms
[2010.08.27 00:10:55 | 000,065,536 | -HS- | M] () -- C:\Users\Boss\ntuser.dat{4e734984-334a-11de-92f4-001b38ade14c}.TM.blf
[2010.08.27 00:10:52 | 001,853,176 | -H-- | M] () -- C:\Users\Boss\AppData\Local\IconCache.db
[2010.08.26 23:47:36 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.26 23:47:36 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.26 23:47:36 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.26 23:41:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.26 23:41:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.26 23:12:42 | 003,828,691 | R--- | M] () -- C:\Users\Boss\Desktop\ComboFix.exe
[2010.08.26 20:40:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boss\Desktop\OTL.exe
[2010.08.26 20:02:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.08.26 20:02:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.26 20:01:41 | 000,000,310 | -H-- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.08.26 20:01:41 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.08.26 19:17:11 | 000,000,918 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.26 18:48:30 | 000,001,665 | ---- | M] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.08.26 18:46:59 | 000,001,707 | ---- | M] () -- C:\Users\Boss\Desktop\LimeWire 5.5.14.lnk
[2010.08.26 12:33:22 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 12:05:20 | 000,000,539 | ---- | M] () -- C:\Users\Boss\Desktop\Fırefox Downloaded Fıles - Shortcut.lnk
[2010.08.26 10:56:46 | 000,013,312 | ---- | M] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 22:52:36 | 000,000,943 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010.08.25 18:48:51 | 631,086,022 | ---- | M] () -- E:\Documents\0compressed (2).zip
[2010.08.25 17:15:28 | 000,001,753 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.25 17:15:28 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.25 14:47:47 | 000,326,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.25 14:03:48 | 257,764,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.24 21:54:26 | 000,059,392 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010.08.24 15:22:34 | 000,002,137 | ---- | M] () -- C:\Windows\wininit.ini
[2010.08.24 14:08:49 | 000,001,084 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.08.24 14:08:49 | 000,001,060 | ---- | M] () -- C:\Users\Boss\Desktop\Spybot - Search & Destroy.lnk
[2010.08.24 13:56:12 | 000,000,817 | ---- | M] () -- C:\Users\Boss\Desktop\SpywareBlaster.lnk
[2010.08.24 13:19:59 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.08.24 08:34:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.24 00:09:23 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 23:57:58 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.23 23:09:51 | 000,000,948 | ---- | M] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.08.23 22:38:42 | 000,083,680 | ---- | M] () -- C:\Users\Boss\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.26 03:50:40 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.26 23:26:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.26 23:26:22 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.26 23:26:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.26 23:26:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.26 23:26:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.26 23:24:12 | 003,828,691 | R--- | C] () -- C:\Users\Boss\Desktop\ComboFix.exe
[2010.08.26 20:02:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.08.26 20:02:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.26 19:28:32 | 000,000,763 | ---- | C] () -- E:\Documents\Paylaşım Klasörlerim.lnk
[2010.08.26 19:17:11 | 000,000,918 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.26 18:48:30 | 000,001,665 | ---- | C] () -- C:\Users\Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010.08.26 18:46:59 | 000,001,707 | ---- | C] () -- C:\Users\Boss\Desktop\LimeWire 5.5.14.lnk
[2010.08.26 13:04:43 | 000,000,310 | -H-- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.08.26 13:01:49 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.08.26 12:33:22 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.26 12:05:22 | 000,000,539 | ---- | C] () -- C:\Users\Boss\Desktop\Fırefox Downloaded Fıles - Shortcut.lnk
[2010.08.26 11:08:14 | 631,086,022 | ---- | C] () -- E:\Documents\0compressed (2).zip
[2010.08.25 22:52:36 | 000,000,943 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010.08.25 18:02:20 | 000,013,312 | ---- | C] () -- C:\Users\Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.25 17:15:28 | 000,001,753 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.08.25 17:15:28 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.25 12:19:39 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.25 09:48:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job
[2010.08.24 14:08:49 | 000,001,084 | ---- | C] () -- C:\Users\Boss\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.08.24 14:08:49 | 000,001,060 | ---- | C] () -- C:\Users\Boss\Desktop\Spybot - Search & Destroy.lnk
[2010.08.24 13:56:12 | 000,000,817 | ---- | C] () -- C:\Users\Boss\Desktop\SpywareBlaster.lnk
[2010.08.24 13:19:59 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.08.24 00:09:23 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.23 23:57:58 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.23 22:57:14 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.09.17 15:29:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.01.05 21:35:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.05 17:41:01 | 000,002,137 | ---- | C] () -- C:\Windows\wininit.ini
[2008.02.22 03:02:41 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2007.07.10 15:38:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.07.10 15:34:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.10 15:34:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.10 15:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.10 15:34:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.10 15:34:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.10 15:34:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.04.17 12:15:57 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.04.17 12:15:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.04.17 12:15:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.04.13 17:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.13 16:43:02 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.13 16:43:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.13 16:43:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.13 16:43:02 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.05.03 23:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2006.03.22 16:53:54 | 010,220,032 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2006.03.09 18:47:34 | 000,000,696 | ---- | C] () -- C:\Windows\ASUSCAM.ini
[2006.03.09 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2004.12.09 19:23:10 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2003.01.18 01:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

========== LOP Check ==========

[2010.08.27 00:13:37 | 000,000,000 | ---D | M] -- C:\Users\Boss\AppData\Roaming\LimeWire
[2010.08.27 00:10:57 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.27 00:15:03 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC648ABF-9C02-40EC-8A13-E7374B6423EA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >



Thanks again, need sleep now! Will check back tomorrow :)
  • 0

#8
Essexboy
Posted 27 August 2010 - 02:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The order of run on those two programmes was not a problem - regards the other sign on it may well be that the settings are corrupt. Do you know how to make a new user account ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
spyhunter
Posted 27 August 2010 - 04:32 AM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's the mbam log, it's come up clear, the same result I had before I found the mysterious task.

As regard the new user creation, do you know if there a simple way to save all the old user's files without searching for them and moving them manually first?

Thanks!




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4488

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27.08.2010 10:20:22
mbam-log-2010-08-27 (10-20-22).txt

Scan type: Quick scan
Objects scanned: 145770
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by spyhunter, 27 August 2010 - 04:44 AM.

  • 0

#10
Essexboy
Posted 27 August 2010 - 04:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does the task still show as running ?
  • 0

Advertisements

#11
spyhunter
Posted 27 August 2010 - 05:27 AM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
No, it hasn't run today :):)


But I did redo the user, trusted it do save all the files to a folder on my desktop and, lo and behold ..... no folder :)

but on recreating the user with the same name the files are still thereand it's no longer a temporary desktop :)

Thanks again for all the help :)

I will do the cleanup then, as I am beginning to think the touchpad problem might be a bad connection or something similar, I will take it apart to have a look. :)

Edited by spyhunter, 27 August 2010 - 06:26 AM.

  • 0

#12
Essexboy
Posted 27 August 2010 - 05:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is an MS guide on creating a new profile and moving the old profile here

Looking at that I am a happy bunny :)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
spyhunter
Posted 27 August 2010 - 07:43 AM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Can't get the ComboFix /Uninstall to run, it claims not to find it??

:)
  • 0

#14
Essexboy
Posted 27 August 2010 - 08:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing - but of no major concern as OTL clears what is left when you run the cleanup button
  • 0

#15
spyhunter
Posted 27 August 2010 - 12:10 PM

spyhunter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ok, will just do that, but now I have another slightly wierd issue. Hoping to solve the touchpad issue, I downloaded the latest drivers from the Toshibe website and installed them and now every time I log on I get an 'Open File - Security warning', Unknown publisher for SynTPEnh.exe, Run/Cancel' Dialogue box. even if I tick don't ask me this again. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP