Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware eats all my CPU [RESOLVED]

Started by okucu , Oct 26 2008 11:17 AM

  • This topic is locked This topic is locked

#31
okucu
Posted 11 November 2008 - 10:05 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi Ewgene,

I was using the OTMoveIt because I had to - as my computer became useless after a while everytime I got connected . I wouuln't have been able to run anything you wanted since my CPU was 100% taken by the spyware .

Anyway , I ran your instructions ...Here is the combofix log . Hope I'm clean ..

Ugur


ComboFix 08-11-03.06 - OKUCU 2008-11-11 19:46:32.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1033.18.1033 [GMT -8:00]
Running from: c:\documents and settings\OKUCU\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OKUCU\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Applications
c:\windows\AppPatch\AcSpecf.dll
c:\windows\AppPatch\AcXtrnel.sdb
c:\windows\Downloaded Program Files\ThunderAdvise.dll
c:\windows\Fonts\Framdee.ttf
c:\windows\MKMKrnl.dll
c:\windows\MP4Krnl.dll
c:\windows\MPKrnl.dll
c:\windows\MSVB50CHS.dll
c:\windows\system32\01AFE3DC.cfg
c:\windows\system32\01AFE3DC.dll
c:\windows\system32\08223B03.cfg
c:\windows\system32\08223B03.dll
c:\windows\system32\122B901E.cfg
c:\windows\system32\122B901E.dll
c:\windows\system32\2EF0D734.cfg
c:\windows\system32\2EF0D734.dll
c:\windows\system32\3F21AA0C.cfg
c:\windows\system32\3F21AA0C.dll
c:\windows\system32\43ACDCC5.cfg
c:\windows\system32\43ACDCC5.dll
c:\windows\system32\4D023DE9.cfg
c:\windows\system32\4D023DE9.dll
c:\windows\system32\5243F5FA.cfg
c:\windows\system32\5243F5FA.dll
c:\windows\system32\58FF3024.cfg
c:\windows\system32\58FF3024.dll
c:\windows\system32\5934EA2B.cfg
c:\windows\system32\5934EA2B.dll
c:\windows\system32\59964D2B.cfg
c:\windows\system32\66AFCB56.cfg
c:\windows\system32\66AFCB56.dll
c:\windows\system32\70B0129E.cfg
c:\windows\system32\70B0129E.dll
c:\windows\system32\93DEE065.cfg
c:\windows\system32\93DEE065.dll
c:\windows\system32\9CA963CA.cfg
c:\windows\system32\9CA963CA.dll
c:\windows\system32\9F684DE8.cfg
c:\windows\system32\B3721C07.cfg
c:\windows\system32\B3721C07.dll
c:\windows\system32\BA7EDF54.cfg
c:\windows\system32\BA7EDF54.dll
c:\windows\system32\c39e8db.sys
c:\windows\system32\C8FFD223.cfg
c:\windows\system32\C8FFD223.dll
c:\windows\system32\ca99d57.sys
c:\windows\system32\d7b49fa.sys
c:\windows\system32\D7C79813.cfg
c:\windows\system32\D7C79813.dll
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DA63E650.dll
c:\windows\system32\drivers\HBKernel32.sys
c:\windows\system32\E0D39066.cfg
c:\windows\system32\E3367679.cfg
c:\windows\system32\E4814792.cfg
c:\windows\system32\E5D39975.cfg
c:\windows\system32\F2CBFAC4.cfg
c:\windows\system32\F2CBFAC4.dll
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\F65BDEC7.dll
c:\windows\system32\F8E07BB2.cfg
c:\windows\system32\F8E07BB2.dll
c:\windows\system32\HBmhly.dll
c:\windows\system32\HBZHUXIAN.dll
c:\windows\system32\system.exe
c:\windows\system32\unxxx.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_C39E8DB
-------\Service_c39e8db
-------\Service_ca99d57
-------\Service_d7b49fa
-------\Service_HBKernel32


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-02 18:25 . 2008-11-02 18:25 <DIR> d-------- c:\documents and settings\OKUCU\DoctorWeb
2008-11-02 17:46 . 2008-11-02 18:24 250 --a------ c:\windows\gmer.ini
2008-10-27 09:43 . 2008-11-05 23:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-27 09:43 . 2008-10-27 09:43 1,409 --a------ c:\windows\QTFont.for
2008-10-26 18:12 . 2008-10-26 18:12 <DIR> d-------- C:\rsit
2008-10-25 05:09 . 2008-10-25 05:09 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-24 19:55 . 2008-10-24 19:55 <DIR> d-------- C:\_OTScanIt
2008-10-23 16:18 . 2008-10-23 16:18 2,302,017 --a------ c:\windows\system32\GPhotos.scr
2008-10-15 06:16 . 2008-11-03 18:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Visage
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Common Files\Visage Software
2008-10-15 00:12 . 2008-11-01 20:24 167 --a------ c:\windows\ConverterCore.INI
2008-10-15 00:10 . 2008-10-15 00:10 <DIR> d-------- c:\program files\SolidDocuments
2008-10-15 00:10 . 2008-11-11 10:50 <DIR> d-------- c:\documents and settings\OKUCU\Application Data\SolidDocuments
2008-10-15 00:09 . 2008-10-15 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SolidDocuments
2008-10-15 00:00 . 2008-03-27 04:42 7,477 --a------ c:\windows\system32\novap5.ctm
2008-10-14 23:58 . 2008-03-27 04:42 7,477 --a------ c:\windows\system32\dopdf6.ctm
2008-10-14 23:47 . 2008-10-14 23:49 <DIR> d-------- C:\STA4V12
2008-10-14 23:47 . 2008-10-14 23:48 <DIR> d-------- C:\STA4
2008-10-14 23:41 . 2008-10-25 08:06 <DIR> d-------- C:\Sta4v11
2008-10-14 23:38 . 2008-10-14 23:38 <DIR> d-------- c:\program files\PDFCreator
2008-10-14 23:38 . 2008-10-14 23:38 <DIR> d-------- c:\documents and settings\OKUCU\Application Data\PDFCreator
2008-10-14 23:30 . 2004-01-31 09:14 420,000 --a------ c:\windows\system32\drivers\hardlock.sys
2008-10-14 23:30 . 2003-12-18 07:53 47,616 --a------ c:\windows\system32\drivers\haspnt.sys
2008-10-14 23:29 . 2008-10-14 23:42 <DIR> d-------- C:\HaspEmulPE.XP
2008-10-14 23:19 . 2004-02-22 13:00 1,386,496 --a------ c:\windows\system32\MSVBVM60.DLL
2008-10-14 23:19 . 2003-09-10 18:08 665,600 --a------ c:\windows\system32\HARDLOCK.SYS
2008-10-14 23:19 . 2002-07-29 18:13 434,252 --a------ c:\windows\system32\HARDLOCK.VXD
2008-10-14 23:19 . 2002-08-27 19:07 291,328 --a------ c:\windows\system32\hlvdd.dll
2008-10-14 23:19 . 2003-07-25 08:17 148,992 --a------ c:\windows\system32\HASPVB32.DLL
2008-10-14 23:19 . 2001-11-01 23:50 49,750 --a------ c:\windows\system32\HASP95DL.VXD
2008-10-14 23:19 . 2001-11-01 22:15 45,664 --a------ c:\windows\system32\HASP95.VXD
2008-10-14 23:19 . 2001-11-01 22:15 6,656 --a------ c:\windows\system32\haspvdd.dll
2008-10-14 23:19 . 2001-03-02 05:00 383 --a------ c:\windows\system32\haspdos.sys
2008-10-13 22:53 . 2003-07-25 08:17 148,992 --a------ c:\windows\system32\STALOCK.DLL
2008-10-13 22:45 . 2008-10-13 22:45 23,392 --a------ c:\windows\nscompat.tlb
2008-10-13 22:45 . 2008-10-13 22:45 16,832 --a------ c:\windows\amcompat.tlb
2008-10-13 22:45 . 2008-10-13 22:53 2,682 --a------ c:\windows\system32\config.hsp
2008-10-13 22:43 . 2002-01-09 16:01 110,592 --a------ c:\windows\system32\tsccvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 03:36 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-11 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-31 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 04:12 76,856 ----a-w c:\documents and settings\OKUCU\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 13:09 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-25 12:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-25 11:36 --------- d-----w c:\documents and settings\OKUCU\Application Data\Skype
2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 15:47 --------- d-----w c:\documents and settings\OKUCU\Application Data\LimeWire
2008-10-14 05:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 20:55 --------- d-----w c:\program files\MathType
2008-10-12 11:08 --------- d-----w c:\documents and settings\OKUCU\Application Data\Autodesk
2008-10-12 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-10-11 09:25 --------- d-----w c:\program files\MSXML 6.0
2008-10-10 08:32 --------- d-----w c:\program files\Nikon_Capture_NX2_v2.1.0
2008-10-10 08:13 --------- d-----w c:\program files\AutoCAD 2008
2008-10-10 08:12 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-09 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-09 18:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 18:30 --------- d-----w c:\program files\Bonjour
2008-10-09 18:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-09 17:00 --------- d-----w c:\program files\turbo squid tentacles
2008-10-09 16:54 --------- d-----w c:\program files\Autodesk
2008-10-05 06:22 --------- d-----w c:\program files\Google
2008-10-02 06:33 --------- d-----w c:\program files\eMule
2008-10-02 06:31 --------- d-----w c:\program files\Swiss International Air Lines TravelDesk
2008-10-02 06:29 --------- d-----w c:\program files\Netopia
2008-09-29 12:20 61,440 ----a-w c:\windows\system32\drivers\qkcgs.sys
2008-09-29 05:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-29 05:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-25 07:44 --------- d-----w c:\documents and settings\OKUCU\Application Data\U3
2008-08-10 06:58 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-11-04_ 7.03.36.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-12-25 15:50:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-12 03:52:58 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-25 15:50:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-12 03:52:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-09 06:58:58 8,470 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[1].bin
+ 2008-11-11 03:13:25 15,770 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[2].bin
+ 2008-11-11 05:18:34 8,470 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[3].bin
+ 2008-11-12 03:52:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 12:00:00 66,048 ----a-w c:\windows\system32\mscaeo.exe
+ 2007-04-16 15:52:53 20,480 ----a-w c:\windows\system32\upnpsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-19 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-05-05 22656]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 c:\windows\KHALMNPR.Exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 c:\windows\system32\TCtrlIOHook.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-28 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01}"= "3F21AA0C.dll" [BU]
"{5243F5FA-75D6-4469-90A8-A181E2AAAA5B}"= "5243F5FA.dll" [BU]
"{F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C}"= "F2CBFAC4.dll" [BU]
"{70B0129E-726E-4789-A7C0-5DDC33241E94}"= "70B0129E.dll" [BU]
"{01AFE3DC-2242-436E-9B44-6DD1C664E828}"= "01AFE3DC.dll" [BU]
"{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}"= "5934EA2B.dll" [BU]
"{93DEE065-EC9B-4505-ADD3-19880AD3C38F}"= "93DEE065.dll" [BU]
"{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9}"= "C8FFD223.dll" [BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-03 09:11 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 12:36 1207080 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 03:58 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-27 01:18 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 05:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 06:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 06:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2005-08-30 02:53 1077329 c:\program files\Toshiba\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 08:20 20058152 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 01:31 118784 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 09:45 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 00:58 24576 c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-03 29744]
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 03:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MPKrnl - c:\windows\MPKrnl.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 19:51:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-11 19:58:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 03:58:24
ComboFix2.txt 2008-11-11 05:11:45
ComboFix3.txt 2008-11-04 15:04:12
ComboFix4.txt 2008-11-01 04:04:48
ComboFix5.txt 2008-11-12 03:45:26

Pre-Run: 14,560,849,920 bytes free
Post-Run: 14,558,142,464 bytes free

368 --- E O F --- 2008-10-16 20:32:25
  • 0

Advertisements

#32
okucu
Posted 12 November 2008 - 01:35 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sorry Ewgene , it seems I still have it ...came back after 2 hours on the net ...
  • 0

#33
Egwene
Posted 12 November 2008 - 03:32 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts

Sorry Ewgene , it seems I still have it ...came back after 2 hours on the net ...


Hello,

I'm not surprised, you have a nasty infection. But don't worry, now i have more time to help, i will not let you wait so long now. I'm very sorry for letting you wait so long.

We will remove the malwares from your computer... your log looks better :) Let's go on ! :)

1) Run a CFscript :

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Sysrst::

FileLook::
c:\windows\system32\novap5.ctm
c:\windows\system32\dopdf6.ctm

DirLook::
C:\STA4V12
C:\STA4
C:\Sta4v11

File::
c:\windows\system32\3F21AA0C.dll
c:\windows\system32\5243F5FA.dll
c:\windows\system32\F2CBFAC4.dll
c:\windows\system32\70B0129E.dll
c:\windows\system32\01AFE3DC.dll
c:\windows\system32\5934EA2B.dll
c:\windows\system32\93DEE065.dll
c:\windows\system32\C8FFD223.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01}"=-
"{5243F5FA-75D6-4469-90A8-A181E2AAAA5B}"=-
"{F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C}"=-
"{70B0129E-726E-4789-A7C0-5DDC33241E94}"=-
"{01AFE3DC-2242-436E-9B44-6DD1C664E828}"=-
"{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}"=-
"{93DEE065-EC9B-4505-ADD3-19880AD3C38F}"=-
"{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9}"=-
Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2) Run SDfix :

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Reboot into normal mode.

3) Run LopSD option 1 :

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Regards,
Egwene.
  • 0

#34
okucu
Posted 12 November 2008 - 10:38 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi Ewgene,

All done as you instructed . Thanks again for your help .
Here are the 3 logs :

ComboFix 08-11-03.06 - OKUCU 2008-11-12 7:28:34.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1033.18.1015 [GMT -8:00]
Running from: c:\documents and settings\OKUCU\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OKUCU\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\01AFE3DC.dll
c:\windows\system32\3F21AA0C.dll
c:\windows\system32\5243F5FA.dll
c:\windows\system32\5934EA2B.dll
c:\windows\system32\70B0129E.dll
c:\windows\system32\93DEE065.dll
c:\windows\system32\C8FFD223.dll
c:\windows\system32\F2CBFAC4.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Messenger\msgmr.dll
c:\windows\AppPatch\AcSpecf.dll
c:\windows\AppPatch\AcXtrnel.sdb
c:\windows\Downloaded Program Files\ThunderAdvise.dll
c:\windows\Fonts\Framdee.ttf
c:\windows\MSVB50CHS.dll
c:\windows\system32\01AFE3DC.dll
c:\windows\system32\08223B03.cfg
c:\windows\system32\08223B03.dll
c:\windows\system32\122B901E.cfg
c:\windows\system32\122B901E.dll
c:\windows\system32\2EF0D734.cfg
c:\windows\system32\2EF0D734.dll
c:\windows\system32\3F21AA0C.dll
c:\windows\system32\43ACDCC5.cfg
c:\windows\system32\43ACDCC5.dll
c:\windows\system32\4D023DE9.cfg
c:\windows\system32\4D023DE9.dll
c:\windows\system32\4FBFD5A4.dll
c:\windows\system32\58FF3024.cfg
c:\windows\system32\58FF3024.dll
c:\windows\system32\5934EA2B.dll
c:\windows\system32\66AFCB56.cfg
c:\windows\system32\66AFCB56.dll
c:\windows\system32\70B0129E.dll
c:\windows\system32\93DEE065.dll
c:\windows\system32\9CA963CA.cfg
c:\windows\system32\9CA963CA.dll
c:\windows\system32\9F684DE8.cfg
c:\windows\system32\9F684DE8.dll
c:\windows\system32\B3721C07.cfg
c:\windows\system32\B3721C07.dll
c:\windows\system32\BA7EDF54.cfg
c:\windows\system32\BA7EDF54.dll
c:\windows\system32\C8FFD223.dll
c:\windows\system32\ca99d57.sys
c:\windows\system32\D7C79813.cfg
c:\windows\system32\D7C79813.dll
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DA63E650.dll
c:\windows\system32\drivers\HBKernel32.sys
c:\windows\system32\E0D39066.cfg
c:\windows\system32\E0D39066.dll
c:\windows\system32\E3367679.cfg
c:\windows\system32\E3367679.dll
c:\windows\system32\E4814792.cfg
c:\windows\system32\E4814792.dll
c:\windows\system32\F2CBFAC4.dll
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\F65BDEC7.dll
c:\windows\system32\F8E07BB2.dll
c:\windows\system32\HBmhly.dll
c:\windows\system32\HBZHUXIAN.dll
c:\windows\system32\system.exe
c:\windows\system32\unxxx.bat
c:\windows\temp\wmsetup.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ca99d57
-------\Service_HBKernel32


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 20:06 . 2008-11-11 20:06 10,240 --a------ c:\windows\MKMKrnl.dll
2008-11-11 20:06 . 2008-11-11 20:06 204 --ahs---- c:\windows\system32\C8FFD223.cfg
2008-11-11 20:05 . 2008-11-11 20:05 184 --ahs---- c:\windows\system32\93DEE065.cfg
2008-11-11 20:04 . 2008-11-11 20:04 20,480 --a------ c:\windows\MPKrnl.dll
2008-11-11 20:04 . 2008-11-11 20:04 272 --ahs---- c:\windows\system32\F2CBFAC4.cfg
2008-11-11 20:04 . 2008-11-11 20:04 244 --ahs---- c:\windows\system32\70B0129E.cfg
2008-11-11 20:04 . 2008-11-11 20:04 220 --ahs---- c:\windows\system32\F8E07BB2.cfg
2008-11-11 20:04 . 2008-11-11 20:04 204 --ahs---- c:\windows\system32\5934EA2B.cfg
2008-11-11 20:04 . 2008-11-11 20:04 152 --ahs---- c:\windows\system32\01AFE3DC.cfg
2008-11-11 20:03 . 2008-11-11 20:03 5,504 --a------ c:\windows\system32\de8296f.sys
2008-11-11 20:03 . 2008-11-11 20:03 5,504 --a------ c:\windows\system32\d7b49fa.sys
2008-11-11 20:03 . 2008-11-11 20:03 5,504 --a------ c:\windows\system32\c39e8db.sys
2008-11-11 20:03 . 2008-11-11 20:03 312 --ahs---- c:\windows\system32\3F21AA0C.cfg
2008-11-11 20:03 . 2008-11-11 20:03 212 --ahs---- c:\windows\system32\4FBFD5A4.cfg
2008-11-02 18:25 . 2008-11-02 18:25 <DIR> d-------- c:\documents and settings\OKUCU\DoctorWeb
2008-11-02 17:46 . 2008-11-02 18:24 250 --a------ c:\windows\gmer.ini
2008-10-27 09:43 . 2008-11-05 23:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-27 09:43 . 2008-10-27 09:43 1,409 --a------ c:\windows\QTFont.for
2008-10-26 18:12 . 2008-10-26 18:12 <DIR> d-------- C:\rsit
2008-10-25 05:09 . 2008-10-25 05:09 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-24 19:55 . 2008-10-24 19:55 <DIR> d-------- C:\_OTScanIt
2008-10-23 16:18 . 2008-10-23 16:18 2,302,017 --a------ c:\windows\system32\GPhotos.scr
2008-10-15 06:16 . 2008-11-03 18:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Visage
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-15 01:49 . 2008-10-15 01:49 <DIR> d-------- c:\program files\Common Files\Visage Software
2008-10-15 00:12 . 2008-11-01 20:24 167 --a------ c:\windows\ConverterCore.INI
2008-10-15 00:10 . 2008-10-15 00:10 <DIR> d-------- c:\program files\SolidDocuments
2008-10-15 00:10 . 2008-11-11 10:50 <DIR> d-------- c:\documents and settings\OKUCU\Application Data\SolidDocuments
2008-10-15 00:09 . 2008-10-15 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SolidDocuments
2008-10-15 00:00 . 2008-03-27 04:42 7,477 --a------ c:\windows\system32\novap5.ctm
2008-10-14 23:58 . 2008-03-27 04:42 7,477 --a------ c:\windows\system32\dopdf6.ctm
2008-10-14 23:47 . 2008-10-14 23:49 <DIR> d-------- C:\STA4V12
2008-10-14 23:47 . 2008-10-14 23:48 <DIR> d-------- C:\STA4
2008-10-14 23:41 . 2008-10-25 08:06 <DIR> d-------- C:\Sta4v11
2008-10-14 23:38 . 2008-10-14 23:38 <DIR> d-------- c:\program files\PDFCreator
2008-10-14 23:38 . 2008-10-14 23:38 <DIR> d-------- c:\documents and settings\OKUCU\Application Data\PDFCreator
2008-10-14 23:30 . 2004-01-31 09:14 420,000 --a------ c:\windows\system32\drivers\hardlock.sys
2008-10-14 23:30 . 2003-12-18 07:53 47,616 --a------ c:\windows\system32\drivers\haspnt.sys
2008-10-14 23:29 . 2008-10-14 23:42 <DIR> d-------- C:\HaspEmulPE.XP
2008-10-14 23:19 . 2004-02-22 13:00 1,386,496 --a------ c:\windows\system32\MSVBVM60.DLL
2008-10-14 23:19 . 2003-09-10 18:08 665,600 --a------ c:\windows\system32\HARDLOCK.SYS
2008-10-14 23:19 . 2002-07-29 18:13 434,252 --a------ c:\windows\system32\HARDLOCK.VXD
2008-10-14 23:19 . 2002-08-27 19:07 291,328 --a------ c:\windows\system32\hlvdd.dll
2008-10-14 23:19 . 2003-07-25 08:17 148,992 --a------ c:\windows\system32\HASPVB32.DLL
2008-10-14 23:19 . 2001-11-01 23:50 49,750 --a------ c:\windows\system32\HASP95DL.VXD
2008-10-14 23:19 . 2001-11-01 22:15 45,664 --a------ c:\windows\system32\HASP95.VXD
2008-10-14 23:19 . 2001-11-01 22:15 6,656 --a------ c:\windows\system32\haspvdd.dll
2008-10-14 23:19 . 2001-03-02 05:00 383 --a------ c:\windows\system32\haspdos.sys
2008-10-13 22:53 . 2003-07-25 08:17 148,992 --a------ c:\windows\system32\STALOCK.DLL
2008-10-13 22:45 . 2008-10-13 22:45 23,392 --a------ c:\windows\nscompat.tlb
2008-10-13 22:45 . 2008-10-13 22:45 16,832 --a------ c:\windows\amcompat.tlb
2008-10-13 22:45 . 2008-10-13 22:53 2,682 --a------ c:\windows\system32\config.hsp
2008-10-13 22:43 . 2002-01-09 16:01 110,592 --a------ c:\windows\system32\tsccvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 15:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-12 06:16 --------- d-----w c:\documents and settings\OKUCU\Application Data\Skype
2008-11-11 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-31 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 04:12 76,856 ----a-w c:\documents and settings\OKUCU\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 13:09 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-25 12:51 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 23:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-18 15:47 --------- d-----w c:\documents and settings\OKUCU\Application Data\LimeWire
2008-10-14 05:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 20:55 --------- d-----w c:\program files\MathType
2008-10-12 11:08 --------- d-----w c:\documents and settings\OKUCU\Application Data\Autodesk
2008-10-12 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-10-11 09:25 --------- d-----w c:\program files\MSXML 6.0
2008-10-10 08:32 --------- d-----w c:\program files\Nikon_Capture_NX2_v2.1.0
2008-10-10 08:13 --------- d-----w c:\program files\AutoCAD 2008
2008-10-10 08:12 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-10-09 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-09 18:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-09 18:30 --------- d-----w c:\program files\Bonjour
2008-10-09 18:17 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-09 17:00 --------- d-----w c:\program files\turbo squid tentacles
2008-10-09 16:54 --------- d-----w c:\program files\Autodesk
2008-10-05 06:22 --------- d-----w c:\program files\Google
2008-10-02 06:33 --------- d-----w c:\program files\eMule
2008-10-02 06:31 --------- d-----w c:\program files\Swiss International Air Lines TravelDesk
2008-10-02 06:29 --------- d-----w c:\program files\Netopia
2008-09-29 12:20 61,440 ----a-w c:\windows\system32\drivers\qkcgs.sys
2008-09-29 05:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-29 05:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2008-09-25 07:44 --------- d-----w c:\documents and settings\OKUCU\Application Data\U3
2008-08-10 06:58 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dopdf6.ctm -- Not a PE file.
MD5: 5ffda58e424142f01bc93e8ea48bf863

c:\windows\system32\novap5.ctm -- Not a PE file.
MD5: 866e4e3e910227507f5a175ffb9a867f

---- Directory of C:\STA4 ----

2003-09-10 18:08 665600 --a------ c:\sta4\HARDLOCK.SYS
2003-09-10 18:08 47616 --a------ c:\sta4\haspnt.sys
2003-07-25 06:17 148992 --a------ c:\sta4\HASPVB32.DLL
2002-08-27 19:07 291328 --a------ c:\sta4\hlvdd.dll
2002-07-29 18:13 434252 --a------ c:\sta4\HARDLOCK.VXD
2001-11-01 23:50 49750 --a------ c:\sta4\HASP95DL.VXD
2001-11-01 22:15 6656 --a------ c:\sta4\haspvdd.dll
2001-11-01 22:15 45664 --a------ c:\sta4\HASP95.VXD
2001-03-01 23:00 383 --a------ c:\sta4\haspdos.sys

---- Directory of C:\Sta4v11 ----

1995-10-13 01:52 871 --a------ c:\sta4v11\STA4.CFG
1995-10-13 01:52 871 --a------ c:\sta4v11\STA1.CFG
1995-10-13 01:52 859 --a------ c:\sta4v11\STA4CAD.CFG

---- Directory of C:\STA4V12 ----

2008-10-14 23:48 661 --a------ c:\sta4v12\STACARD.OPS
2006-03-26 23:54 1190 --a------ c:\sta4v12\STA4.SPE
2006-03-26 23:54 1190 --a------ c:\sta4v12\STA4$.SPE
2006-03-26 23:52 681988 --a------ c:\sta4v12\OUTPRN.EXE
2006-03-26 23:52 679428 --a------ c:\sta4v12\OUTPRN$.EXE
2006-03-26 23:32 72192 --a------ c:\sta4v12\PROG5.EXE
2006-03-26 23:30 101376 --a------ c:\sta4v12\TEMANAL.EXE
2006-03-26 22:34 72192 --a------ c:\sta4v12\prog5$.exe
2006-03-26 22:34 1334272 --a------ c:\sta4v12\OUTSTA$.EXE
2006-03-26 22:34 100864 --a------ c:\sta4v12\temanal$.exe
2006-03-26 22:30 1342976 --a------ c:\sta4v12\OUTSTA.EXE
2006-03-25 00:57 380416 --a------ c:\sta4v12\RADSON.EXE
2006-03-25 00:56 228864 --a------ c:\sta4v12\RADSTA.EXE
2006-03-24 21:16 839684 --a------ c:\sta4v12\Stascr$.EXE
2006-03-24 21:16 838148 --a------ c:\sta4v12\STASCR.EXE
2006-03-24 21:16 206340 --a------ c:\sta4v12\PROG1.EXE
2006-03-23 06:21 249348 --a------ c:\sta4v12\prog2$.exe
2006-03-23 06:21 206852 --a------ c:\sta4v12\PROG1$.EXE
2006-03-23 05:56 249348 --a------ c:\sta4v12\PROG2.EXE
2006-03-22 21:51 194560 --a------ c:\sta4v12\PRNEDIT$.exe
2006-03-22 21:10 195072 --a------ c:\sta4v12\PRNEDIT.EXE
2006-03-21 21:41 228352 --a------ c:\sta4v12\radsta$.exe
2006-03-21 21:40 379904 --a------ c:\sta4v12\RADSON$.EXE
2006-03-21 01:59 375808 --a------ c:\sta4v12\Sta3D.exe
2006-03-21 01:52 262656 --a------ c:\sta4v12\FEASON.EXE
2006-03-20 22:47 353796 --a------ c:\sta4v12\STATEM.EXE
2006-03-20 22:47 353796 --a------ c:\sta4v12\STATEM$.EXE
2006-03-20 22:47 336388 --a------ c:\sta4v12\STAKIR$.EXE
2006-03-20 22:41 148992 --a------ c:\sta4v12\STAOPS$.exe
2006-03-20 21:51 640 --a------ c:\sta4v12\UBC.ops
2006-03-20 21:47 338436 --a------ c:\sta4v12\STAKIR.EXE
2006-03-20 21:40 148992 --a------ c:\sta4v12\STAOPS.EXE
2006-03-19 21:53 365060 --a------ c:\sta4v12\STAKOL$.EXE
2006-03-19 21:53 327172 --a------ c:\sta4v12\STAKAL$.EXE
2006-03-19 21:49 307200 --a------ c:\sta4v12\STAASM$.EXE
2006-03-19 21:38 365572 --a------ c:\sta4v12\STAKOL.EXE
2006-03-19 21:38 328708 --a------ c:\sta4v12\STAKAL.EXE
2006-03-19 21:22 3289464 --a------ c:\sta4v12\STA4.chm
2006-03-19 21:19 308224 --a------ c:\sta4v12\STAASM.EXE
2006-03-18 02:22 409600 --a------ c:\sta4v12\temelbil$.exe
2006-03-18 02:18 409600 --a------ c:\sta4v12\TEMELBIL.EXE
2006-03-13 01:27 434176 --a------ c:\sta4v12\PROG4$.EXE
2006-03-13 01:25 434688 --a------ c:\sta4v12\PROG4.EXE
2006-03-11 01:16 46741 --a------ c:\sta4v12\STA4DATA\ORNEK15.ST4
2006-03-09 23:08 287744 --a------ c:\sta4v12\STA4Draw.exe
2006-03-08 23:14 40960 --a------ c:\sta4v12\USERLOAD$.exe
2006-03-08 23:11 40960 --a------ c:\sta4v12\USERLOAD.EXE
2006-03-08 21:01 75776 --a------ c:\sta4v12\prog3$.exe
2006-03-08 04:55 75776 --a------ c:\sta4v12\PROG3.EXE
2006-03-04 02:00 233472 --a------ c:\sta4v12\STAEDIT.EXE
2006-03-04 02:00 232960 --a------ c:\sta4v12\STAEDIT$.exe
2006-03-04 01:24 358916 --a------ c:\sta4v12\STA$.EXE
2006-03-04 01:24 358404 --a------ c:\sta4v12\STA.EXE
2006-03-01 01:59 419840 --a------ c:\sta4v12\STA2EXT$.EXE
2006-03-01 01:57 214016 --a------ c:\sta4v12\sta2dwg$.exe
2006-03-01 01:56 375808 --a------ c:\sta4v12\Sta3D$.exe
2006-03-01 01:51 219648 --a------ c:\sta4v12\STA1$.exe
2006-03-01 01:47 53248 --a------ c:\sta4v12\prograd$.exe
2006-03-01 01:44 181760 --a------ c:\sta4v12\staplot$.exe
2006-03-01 01:43 139776 --a------ c:\sta4v12\OUTAXD$.EXE
2006-03-01 01:42 225280 --a------ c:\sta4v12\OUT3DXF$.EXE
2006-03-01 01:41 254976 --a------ c:\sta4v12\MEVKOL$.EXE
2006-03-01 01:40 266240 --a------ c:\sta4v12\feasta$.exe
2006-03-01 01:40 262656 --a------ c:\sta4v12\FEASON$.EXE
2006-03-01 00:02 419328 --a------ c:\sta4v12\STA2EXT.EXE
2006-02-28 23:59 214016 --a------ c:\sta4v12\sta2dwg.exe
2006-02-28 23:58 220160 --a------ c:\sta4v12\STA1.EXE
2006-02-28 23:57 181760 --a------ c:\sta4v12\STAPLOT.EXE
2006-02-28 23:50 139776 --a------ c:\sta4v12\OUTAXD.EXE
2006-02-28 23:49 254464 --a------ c:\sta4v12\MEVKOL.EXE
2006-02-28 23:49 225280 --a------ c:\sta4v12\OUT3DXF.EXE
2006-02-28 23:48 266240 --a------ c:\sta4v12\FEASTA.EXE
2006-02-28 23:44 52736 --a------ c:\sta4v12\PROGRAD.EXE
2006-02-23 21:36 51712 --a------ c:\sta4v12\VERDUZ.EXE
2006-02-22 06:35 237568 --a------ c:\sta4v12\STASHOW$.exe
2006-02-22 02:44 785354 --a------ c:\sta4v12\HANDBOOK$.chm
2006-02-22 02:27 1045744 --a------ c:\sta4v12\HANDBOOK.chm
2006-02-21 04:08 1546253 --a------ c:\sta4v12\TDY2006.pdf
2006-02-17 21:17 75407 --a------ c:\sta4v12\STA4DATA\ORNEK4.ST4
2006-02-06 04:47 43520 --a------ c:\sta4v12\KatmanAyar.exe
2006-02-06 04:01 287 --a------ c:\sta4v12\Sta4Draw.ini
2006-01-31 03:33 192728 --a------ c:\sta4v12\STA4DATA\ORNEK6.ST4
2006-01-31 01:22 57 --a------ c:\sta4v12\LIB\Tdy2006.lib
2006-01-28 02:05 7640 --a------ c:\sta4v12\STA4DATA\Ornek6.gif
2006-01-28 02:05 660 --a------ c:\sta4v12\STA4DATA\ORNEK6.OPS
2006-01-28 02:05 381 --a------ c:\sta4v12\STA4DATA\ORNEK6.AKS
2006-01-28 02:05 171 --a------ c:\sta4v12\STA4DATA\ORNEK6.COD
2006-01-28 02:05 15372 --a------ c:\sta4v12\STA4DATA\ORNEK6.DYF
2006-01-27 01:20 87 --a------ c:\sta4v12\STA4DATA\CAMI1.AKS
2006-01-27 01:20 7017 --a------ c:\sta4v12\STA4DATA\CAMI1.GIF
2006-01-27 01:20 20373 --a------ c:\sta4v12\STA4DATA\CAMI1.ST4
2006-01-27 01:03 7992 --a------ c:\sta4v12\STA4DATA\CAMI.ST4
2006-01-27 01:03 5652 --a------ c:\sta4v12\STA4DATA\Cami.gif
2006-01-27 01:03 129 --a------ c:\sta4v12\STA4DATA\CAMI.AKS
2006-01-27 00:00 654 --a------ c:\sta4v12\STA4DATA\CAMI.OPS
2006-01-25 04:42 660 --a------ c:\sta4v12\STA4DATA\CAMI1.OPS
2006-01-23 05:40 124200 --a------ c:\sta4v12\STA4DATA\Tunel_Kalip.st4
2006-01-23 05:03 7422 --a------ c:\sta4v12\STA4DATA\Tunel_Kalip.GIF
2006-01-23 05:03 199 --a------ c:\sta4v12\STA4DATA\Tunel_Kalip.AKS
2006-01-20 01:41 595 --a------ c:\sta4v12\STA4DATA\CAMI1.BAR
2006-01-18 23:25 177152 --a------ c:\sta4v12\STA4web.exe
2006-01-16 04:08 114176 --a------ c:\sta4v12\STASEARCH.exe
2006-01-15 22:34 6631 --a------ c:\sta4v12\STA4DATA\Ornek24.gif
2006-01-15 22:34 37030 --a------ c:\sta4v12\STA4DATA\ORNEK24.ST4
2006-01-15 22:34 120 --a------ c:\sta4v12\STA4DATA\ORNEK24.AKS
2006-01-15 22:33 7055 --a------ c:\sta4v12\STA4DATA\Ornek13.gif
2006-01-15 22:33 660 --a------ c:\sta4v12\STA4DATA\ORNEK24.OPS
2006-01-15 22:33 40435 --a------ c:\sta4v12\STA4DATA\ORNEK13.ST4
2006-01-15 22:33 357 --a------ c:\sta4v12\STA4DATA\ORNEK13.AKS
2006-01-15 22:33 171 --a------ c:\sta4v12\STA4DATA\ORNEK24.COD
2006-01-15 22:32 7318 --a------ c:\sta4v12\STA4DATA\Ornek25.gif
2006-01-15 22:32 660 --a------ c:\sta4v12\STA4DATA\ORNEK11.OPS
2006-01-15 22:32 28981 --a------ c:\sta4v12\STA4DATA\ORNEK25.ST4
2006-01-15 22:32 203 --a------ c:\sta4v12\STA4DATA\ORNEK25.AKS
2006-01-15 22:32 171 --a------ c:\sta4v12\STA4DATA\ORNEK11.COD
2006-01-15 22:32 1264 --a------ c:\sta4v12\STA4DATA\ORNEK25.DYF
2006-01-15 22:30 654 --a------ c:\sta4v12\STA4DATA\ORNEK25.OPS
2006-01-15 22:30 171 --a------ c:\sta4v12\STA4DATA\ORNEK25.COD
2006-01-15 22:20 7478 --a------ c:\sta4v12\STA4DATA\Ornek11.gif
2006-01-15 22:20 262114 --a------ c:\sta4v12\STA4DATA\ORNEK11.ST4
2006-01-15 22:20 209 --a------ c:\sta4v12\STA4DATA\ORNEK11.AKS
2006-01-15 22:07 6980 --a------ c:\sta4v12\STA4DATA\Ornek23.gif
2006-01-15 22:07 571 --a------ c:\sta4v12\STA4DATA\ORNEK23.AKS
2006-01-15 22:07 184030 --a------ c:\sta4v12\STA4DATA\ORNEK23.ST4
2006-01-15 22:06 6899 --a------ c:\sta4v12\STA4DATA\Ornek26.gif
2006-01-15 22:06 562 --a------ c:\sta4v12\STA4DATA\ORNEK26.AKS
2006-01-15 22:06 134712 --a------ c:\sta4v12\STA4DATA\ORNEK26.ST4
2006-01-15 20:21 6492 --a------ c:\sta4v12\STA4DATA\Ornek4.gif
2006-01-15 20:21 205 --a------ c:\sta4v12\STA4DATA\ORNEK4.AKS
2006-01-15 20:20 656 --a------ c:\sta4v12\STA4DATA\ORNEK4.OPS
2006-01-14 04:29 660 --a------ c:\sta4v12\STA4DATA\Tunel_Kalip.OPS
2006-01-14 04:29 660 --a------ c:\sta4v12\STA4DATA\ORNEK26.OPS
2006-01-14 04:29 660 --a------ c:\sta4v12\STA4DATA\ORNEK23.OPS
2006-01-10 03:54 23 --a------ c:\sta4v12\LISAN.OPS
2005-12-18 00:20 68096 --a------ c:\sta4v12\statools$.exe
2005-12-18 00:18 68096 --a------ c:\sta4v12\statools.exe
2005-12-06 01:47 659 --a------ c:\sta4v12\TDY2006.OPS
2005-12-06 01:47 659 --a------ c:\sta4v12\TDY2005.OPS
2005-11-29 21:12 640 --a------ c:\sta4v12\TDY1975.OPS
2005-11-29 21:09 643 --a------ c:\sta4v12\TDY1997.OPS
2005-11-29 21:08 642 --a------ c:\sta4v12\SNIP.ops
2005-11-29 21:07 642 --a------ c:\sta4v12\EUROCODE.ops
2005-11-29 21:07 642 --a------ c:\sta4v12\BRITISH.ops
2005-11-28 21:26 114688 --a------ c:\sta4v12\STAanimate.exe
2005-11-28 05:42 51200 --a------ c:\sta4v12\VERDUZ$.exe
2005-11-23 01:00 997 --a------ c:\sta4v12\STA4DATA\ORNEK26.USE
2005-11-23 01:00 997 --a------ c:\sta4v12\STA4DATA\ORNEK24.USE
2005-11-23 01:00 997 --a------ c:\sta4v12\STA4DATA\ORNEK23.USE
2005-11-23 01:00 997 --a------ c:\sta4v12\STA4DATA\ORNEK11.USE
2005-11-23 00:37 997 --a------ c:\sta4v12\LOAD.USE
2005-11-19 01:50 291840 --a------ c:\sta4v12\stapool.exe
2005-11-18 00:36 114176 --a------ c:\sta4v12\STAanimate$.exe
2005-11-14 03:41 171 --a------ c:\sta4v12\STA4.COD
2005-10-25 22:23 7935274 --a------ c:\sta4v12\LIB\DOCS\Docs5.pdf
2005-10-22 01:45 31232 --a------ c:\sta4v12\HaspSetup.exe
2005-10-22 00:17 33792 --a------ c:\sta4v12\STACHECK.exe
2005-10-21 02:35 35840 --a------ c:\sta4v12\HASIRLIB.exe
2005-09-02 21:16 17185 --a------ c:\sta4v12\TS498.chm
2005-08-30 21:27 14032 --a------ c:\sta4v12\STA4DATA\ORNEK19.DYF
2005-08-30 00:43 28 --a------ c:\sta4v12\ZEMIN.498
2005-08-30 00:42 1022 --a------ c:\sta4v12\Load_eng.use
2005-08-30 00:41 983 --a------ c:\sta4v12\Load_tr.use
2005-08-29 20:01 452916 --a------ c:\sta4v12\Outprn.lib
2005-08-26 22:12 654 --a------ c:\sta4v12\STA4DATA\ORNEK19.OPS
2005-08-06 05:15 178688 --a------ c:\sta4v12\sta4web$.exe
2005-07-17 19:50 321796 --a------ c:\sta4v12\Courstabd.ttf
2005-07-17 19:48 312636 --a------ c:\sta4v12\Coursta.ttf
2005-07-12 00:34 5556773 --a------ c:\sta4v12\LIB\STAslayt2$.swf
2005-07-09 01:13 2154878 --a------ c:\sta4v12\LIB\STAslayt1$.swf
2005-07-08 20:53 60852 --a------ c:\sta4v12\RomanSTA.ttf
2005-07-07 04:13 238080 --a------ c:\sta4v12\Stashow.exe
2005-07-07 01:44 415186 --a------ c:\sta4v12\LIB\tanitim.swf
2005-07-04 23:50 5330802 --a------ c:\sta4v12\LIB\STAslayt6.swf
2005-07-02 03:19 4922844 --a------ c:\sta4v12\LIB\STAslayt5.swf
2005-06-30 22:04 601 --a------ c:\sta4v12\STA4DATA\Tunel_Kalip.BAR
2005-06-28 03:01 4496 --a------ c:\sta4v12\STA4DATA\ornek3.DYF
2005-06-25 01:49 654 --a------ c:\sta4v12\STA4DATA\ornek3.OPS
2005-06-23 04:09 642 --a------ c:\sta4v12\STA4-CAD V12.0.LNK
2005-06-22 00:28 706677 --a------ c:\sta4v12\LIB\FLASHLOAD.EXE
2005-06-21 04:27 5186525 --a------ c:\sta4v12\LIB\STAslayt4.swf
2005-06-18 02:19 10326251 --a------ c:\sta4v12\LIB\STAslayt3.swf
2005-06-14 22:27 4820270 --a------ c:\sta4v12\LIB\STAslayt2.swf
2005-06-14 05:49 15360 --a------ c:\sta4v12\STAsystem.exe
2005-06-10 04:45 2889062 --a------ c:\sta4v12\STA4$.chm
2005-06-09 20:35 2020207 --a------ c:\sta4v12\LIB\STAslayt1.swf
2005-06-04 01:51 6820 --a------ c:\sta4v12\PAFTASTA.CAD
2005-06-04 01:51 6820 --a------ c:\sta4v12\Pafta2.PAF
2005-06-04 01:51 29 --a------ c:\sta4v12\PAFTASTA.OPS
2005-06-04 01:51 29 --a------ c:\sta4v12\Pafta2.OPS
2005-06-01 05:42 20992 --a------ c:\sta4v12\DEMORUN.EXE
2005-05-19 22:36 12288 --a------ c:\sta4v12\YaziDuz.exe
2005-05-19 21:36 492822 --a------ c:\sta4v12\sta4draw.chm
2005-05-13 01:24 6899 --a------ c:\sta4v12\STA4DATA\YÜZME HAVUZU1.GIF
2005-05-13 01:24 66706 --a------ c:\sta4v12\STA4DATA\YÜZME HAVUZU1.ST4
2005-05-12 21:22 69614 --a------ c:\sta4v12\STA4DATA\YÜZME HAVUZU.ST4
2005-05-12 21:22 6899 --a------ c:\sta4v12\STA4DATA\YÜZME HAVUZU.GIF
2005-05-12 21:01 6355 --a------ c:\sta4v12\STA4DATA\KapaliHavuz.GIF
2005-05-12 21:01 46035 --a------ c:\sta4v12\STA4DATA\KapaliHavuz.ST4
2005-05-09 22:20 67 --a------ c:\sta4v12\FIYAT.BIL
2005-05-09 01:29 103424 --a------ c:\sta4v12\Beton$.exe
2005-05-09 01:28 103424 --a------ c:\sta4v12\BETON.EXE
2005-05-08 20:56 942651 --a------ c:\sta4v12\LIB\DOCS\STA4-Guclendırme.pdf
2005-05-08 20:51 562162 --a------ c:\sta4v12\GUCPERDE.chm
2005-05-03 23:30 160088 --a------ c:\sta4v12\staFAQ.chm
2005-05-03 23:18 200708 --a------ c:\sta4v12\STAnon.chm
2005-05-03 22:56 276003 --a------ c:\sta4v12\STA3D.chm
2005-05-01 19:59 13933 --a------ c:\sta4v12\STA1\YAPI1.ST3
2005-04-29 03:55 30771 --a------ c:\sta4v12\STA1\KREN.ST3
2005-04-29 03:46 16651 --a------ c:\sta4v12\STA1\YAPI2.ST3
2005-04-29 00:25 5266 --a------ c:\sta4v12\STA1\Cerceve1.ST3
2005-04-23 04:09 22567 --a------ c:\sta4v12\STA3D.PRO
2005-04-23 02:37 309063 --a------ c:\sta4v12\STA1\uzaykafes.ST3
2005-04-14 04:45 13160 --a------ c:\sta4v12\STA1\Cerceve2.ST3
2005-03-14 19:53 2106 --a------ c:\sta4v12\STA1\Cerceve.st1
2005-03-03 22:57 58 --a------ c:\sta4v12\STA2EXT.OPS
2005-03-03 22:51 33 --a------ c:\sta4v12\STA2DWG.OPS
2005-03-03 22:49 3028 --a------ c:\sta4v12\STA4.TXT
2005-02-15 20:48 32 --a------ c:\sta4v12\STAanimate.ops
2005-02-12 00:01 12 --a------ c:\sta4v12\Ayarlar.s4d
2005-02-10 08:01 3175 --a------ c:\sta4v12\STA4e.txt
2005-02-10 07:33 135426 --a------ c:\sta4v12\STA4DATA\OtoPark.ST4
2005-02-09 00:42 23 --a------ c:\sta4v12\STA4DATA\Working.dir
2005-02-09 00:42 12 --a------ c:\sta4v12\STA4DATA\WORKING
2005-02-08 21:57 479 --a------ c:\sta4v12\STA4-CADe V12.0.lnk
2005-02-08 21:53 136192 --a------ c:\sta4v12\STA4edu$.exe
2005-02-08 21:39 136192 --a------ c:\sta4v12\STA4edu.exe
2005-02-08 21:02 30720 --a------ c:\sta4v12\BETROD.EXE
2005-02-08 21:02 22016 --a------ c:\sta4v12\Dwg2dxf.exe
2005-02-08 20:58 30720 --a------ c:\sta4v12\betrod$.exe
2005-02-08 20:57 49664 --a------ c:\sta4v12\ASISTAN$.exe
2005-02-08 07:50 220672 --a------ c:\sta4v12\poolout$.exe
2005-02-08 07:48 292352 --a------ c:\sta4v12\stapool$.exe
2005-02-08 04:39 35840 --a------ c:\sta4v12\HASIRLIB$.exe
2005-02-07 02:51 66582 --a------ c:\sta4v12\STA4DATA\CIRCLE.KMX
2005-02-07 02:51 28428 --a------ c:\sta4v12\STA4DATA\CIRCLE.SMX
2005-02-07 02:51 23384 --a------ c:\sta4v12\STA4DATA\CIRCLE.DMX
2005-02-07 02:51 1104 --a------ c:\sta4v12\STA4DATA\CIRCLE.SWX
2005-02-07 02:50 9848 --a------ c:\sta4v12\STA4DATA\CIRCLE.SSM
2005-02-07 02:50 85 --a------ c:\sta4v12\STA4DATA\CIRCLE.TP1
2005-02-07 02:50 657 --a------ c:\sta4v12\STA4DATA\CIRCLE.MAS
2005-02-07 02:50 643 --a------ c:\sta4v12\STA4DATA\CIRCLE.DRP
2005-02-07 02:50 49728 --a------ c:\sta4v12\STA4DATA\CIRCLE.DIS
2005-02-07 02:50 4240 --a------ c:\sta4v12\STA4DATA\CIRCLE.SWL
2005-02-07 02:50 27264 --a------ c:\sta4v12\STA4DATA\CIRCLE.PDE
2005-02-07 02:50 2207 --a------ c:\sta4v12\STA4DATA\CIRCLE.EAR
2005-02-07 02:50 218652 --a------ c:\sta4v12\STA4DATA\CIRCLE.BEA
2005-02-07 02:50 218652 --a------ c:\sta4v12\STA4DATA\CIRCLE.BE1
2005-02-07 02:50 21488 --a------ c:\sta4v12\STA4DATA\CIRCLE.FLO
2005-02-07 02:50 18404 --a------ c:\sta4v12\STA4DATA\CIRCLE.CST
2005-02-07 02:50 13460 --a------ c:\sta4v12\STA4DATA\CIRCLE.KNT
2005-02-07 02:50 13281 --a------ c:\sta4v12\STA4DATA\CIRCLE.CQC
2005-02-07 02:50 1152 --a------ c:\sta4v12\STA4DATA\CIRCLE.HCR
2005-02-07 02:50 109180 --a------ c:\sta4v12\STA4DATA\CIRCLE.COL
2005-02-07 02:50 109180 --a------ c:\sta4v12\STA4DATA\CIRCLE.CO1
2005-02-07 02:50 104960 --a------ c:\sta4v12\STA4DATA\CIRCLE.LOA
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.ZEM
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.TMX
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.THE
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.TBI
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.PMX
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.JLO
2005-02-07 02:50 0 --a------ c:\sta4v12\STA4DATA\CIRCLE.ERR
2005-02-03 07:49 9178 --a------ c:\sta4v12\STA4DATA\ORNEK1.ST4
2005-01-31 10:37 42905 --a------ c:\sta4v12\STAWIN.EXE
2005-01-30 07:31 8718 --a------ c:\sta4v12\STA4DATA\3D_EV1.ST4
2005-01-30 07:31 6375 --a------ c:\sta4v12\STA4DATA\3D_EV1.GIF
2005-01-27 00:06 80060 --a------ c:\sta4v12\STA4DATA\CIRCLE.RAD
2005-01-27 00:06 491708 --a------ c:\sta4v12\STA4DATA\CIRCLE.DE1
2005-01-27 00:06 1604800 --a------ c:\sta4v12\STA4DATA\CIRCLE.SO1
2005-01-26 20:39 6319 --a------ c:\sta4v12\STA4DATA\CIRCLE.GIF
2005-01-26 20:39 44298 --a------ c:\sta4v12\STA4DATA\CIRCLE.ST4
2005-01-26 20:39 137 --a------ c:\sta4v12\STA4DATA\CIRCLE.AKS
2005-01-26 09:52 661 --a------ c:\sta4v12\STA4DATA\CIRCLE.OPS
2005-01-25 01:19 6375 --a------ c:\sta4v12\STA4DATA\egik.GIF
2005-01-25 01:19 33181 --a------ c:\sta4v12\STA4DATA\egik.ST4
2005-01-17 03:52 6924 --a------ c:\sta4v12\STA4DATA\OtoPark.GIF
2005-01-07 10:04 50176 --a------ c:\sta4v12\ASISTAN.exe
2005-01-04 21:51 219648 --a------ c:\sta4v12\poolout.exe
2004-11-29 07:35 69632 --a------ c:\sta4v12\StaConf.exe
2004-11-22 05:55 23 --a------ c:\sta4v12\Working.dir
2004-11-19 22:13 15086 --a------ c:\sta4v12\dwg.ico
2004-11-19 01:22 15086 --a------ c:\sta4v12\vdi.ico
2004-11-19 01:20 15086 --a------ c:\sta4v12\dxf.ico
2004-10-13 06:08 94720 --a------ c:\sta4v12\STAMET.EXE
2004-10-11 01:23 159744 --a------ c:\sta4v12\smbutton.ocx
2004-06-04 01:08 61 --a------ c:\sta4v12\sta.mail
2004-06-04 01:08 29 --a------ c:\sta4v12\sta1.mail
2004-06-03 05:29 106496 --a------ c:\sta4v12\STASEARCH$.exe
2004-06-03 05:27 94720 --a------ c:\sta4v12\stamet$.exe
2004-05-29 05:04 134516 --a------ c:\sta4v12\STA4DATA\ornek14.ST4
2004-05-29 05:02 92712 --a------ c:\sta4v12\STA4DATA\ornek18.ST4
2004-05-26 23:27 72032 --a------ c:\sta4v12\STA4DATA\TENNIS-COURT.ST4
2004-05-26 04:51 5707 --a------ c:\sta4v12\STA4DATA\TENNIS-COURT.gif
2004-05-26 04:51 221 --a------ c:\sta4v12\STA4DATA\TENNIS-COURT.AKS
2004-05-22 07:15 644 --a------ c:\sta4v12\STA4DATA\TENNIS-COURT.OPS
2004-05-22 00:30 19968 --a------ c:\sta4v12\NET_SETUP.exe
2004-05-12 23:21 171 --a------ c:\sta4v12\TS500T.COD
2004-05-12 22:50 181 --a------ c:\sta4v12\TS500E.COD
2004-03-29 02:57 817304 --a------ c:\sta4v12\Actbar2.ocx
2004-03-13 15:38 22016 --a------ c:\sta4v12\HaspChk.exe
2004-03-11 09:06 13824 --a------ c:\sta4v12\UNinstall.exe
2004-01-26 02:38 11 --a------ c:\sta4v12\STA4DATA\LASTREAD
2004-01-10 01:05 9794 --a------ c:\sta4v12\STA4DATA\3D_EV.ST4
2004-01-10 01:03 732 --a------ c:\sta4v12\STA4DATA\ALTIGEN.EAR
2004-01-10 01:03 6734 --a------ c:\sta4v12\STA4DATA\ALTIGEN.COL
2004-01-10 01:03 6734 --a------ c:\sta4v12\STA4DATA\ALTIGEN.CO1
2004-01-10 01:03 6444 --a------ c:\sta4v12\STA4DATA\Altigen.gif
2004-01-10 01:03 612 --a------ c:\sta4v12\STA4DATA\ALTIGEN.TBI
2004-01-10 01:03 5977 --a------ c:\sta4v12\STA4DATA\ALTIGEN.ST4
2004-01-10 01:03 5544 --a------ c:\sta4v12\STA4DATA\ALTIGEN.KMX
2004-01-10 01:03 4448 --a------ c:\sta4v12\STA4DATA\ALTIGEN.LOA
2004-01-10 01:03 4224 --a------ c:\sta4v12\STA4DATA\ALTIGEN.DIS
2004-01-10 01:03 39 --a------ c:\sta4v12\STA4DATA\ALTIGEN.AKS
2004-01-10 01:03 3840 --a------ c:\sta4v12\STA4DATA\ALTIGEN.THE
2004-01-10 01:03 380 --a------ c:\sta4v12\STA4DATA\ALTIGEN.DRP
2004-01-10 01:03 2057 --a------ c:\sta4v12\STA4DATA\ALTIGEN.CQC
2004-01-10 01:03 204 --a------ c:\sta4v12\STA4DATA\ALTIGEN.MAS
2004-01-10 01:03 18864 --a------ c:\sta4v12\STA4DATA\ALTIGEN.BEA
2004-01-10 01:03 18864 --a------ c:\sta4v12\STA4DATA\ALTIGEN.BE1
2004-01-10 01:03 1848 --a------ c:\sta4v12\STA4DATA\ALTIGEN.TMX
2004-01-10 01:03 1776 --a------ c:\sta4v12\STA4DATA\ALTIGEN.DMX
2004-01-10 01:03 1638 --a------ c:\sta4v12\STA4DATA\ALTIGEN.SMX
2004-01-10 01:03 1620 --a------ c:\sta4v12\STA4DATA\ALTIGEN.KNT
2004-01-10 01:03 1584 --a------ c:\sta4v12\STA4DATA\ALTIGEN.FLO
2004-01-10 01:03 1224 --a------ c:\sta4v12\STA4DATA\ALTIGEN.ZEM
2004-01-10 01:03 112 --a------ c:\sta4v12\STA4DATA\ALTIGEN.HCR
2004-01-10 01:03 1058 --a------ c:\sta4v12\STA4DATA\ALTIGEN.SSM
2004-01-10 01:03 1014 --a------ c:\sta4v12\STA4DATA\ALTIGEN.CST
2004-01-10 01:03 101 --a------ c:\sta4v12\STA4DATA\ALTIGEN.TP1
2004-01-10 01:03 1008 --a------ c:\sta4v12\STA4DATA\ALTIGEN.TST
2004-01-10 01:03 0 --a------ c:\sta4v12\STA4DATA\ALTIGEN.PMX
2004-01-10 01:03 0 --a------ c:\sta4v12\STA4DATA\ALTIGEN.JLO
2004-01-10 01:03 0 --a------ c:\sta4v12\STA4DATA\ALTIGEN.ERR
2004-01-07 15:37 56 --a------ c:\sta4v12\KOLON.OPS
2004-01-06 21:51 34 --a------ c:\sta4v12\KALIP.OPS
2004-01-02 02:00 898 --a------ c:\sta4v12\STA4DATA\ALTIGEN.OPS
2003-12-02 17:04 44 --a------ c:\sta4v12\TEMEL.OPS
2003-11-14 23:42 6277 --a------ c:\sta4v12\STA4DATA\Bitisik.gif
2003-11-14 23:42 42 --a------ c:\sta4v12\STA4DATA\BITISIK.AKS
2003-11-14 23:42 27746 --a------ c:\sta4v12\STA4DATA\BITISIK.ST4
2003-11-14 23:41 898 --a------ c:\sta4v12\STA4DATA\BITISIK.OPS
2003-11-14 23:41 246 --a------ c:\sta4v12\STA4DATA\BITISIK.COD
2003-11-14 23:25 9368 --a------ c:\sta4v12\STA4DATA\YIGMA1.ST4
2003-11-14 23:25 6239 --a------ c:\sta4v12\STA4DATA\Yigma1.gif
2003-11-14 23:25 24 --a------ c:\sta4v12\STA4DATA\YIGMA1.AKS
2003-10-21 22:17 22 --a------ c:\sta4v12\RADYE.OPS
2003-10-19 23:56 406 --a------ c:\sta4v12\isolator.dat
2003-10-16 23:25 185 --a------ c:\sta4v12\VIEW3D.OPS
2003-10-12 09:59 5680 --a------ c:\sta4v12\STA4DATA\ORNEKD3.ST4
2003-10-09 09:42 657620 --a------ c:\sta4v12\STA4DATA\GUC3d.BEA
2003-10-09 07:07 2442 --a------ c:\sta4v12\STA4DATA\GUC3d.IDX
2003-10-09 07:06 38654 --a------ c:\sta4v12\STA4DATA\GUC3d.KMX
2003-10-09 07:06 3528 --a------ c:\sta4v12\STA4DATA\GUC3d.SWX
2003-10-09 07:06 16380 --a------ c:\sta4v12\STA4DATA\GUC3d.SMX
2003-10-09 07:06 12728 --a------ c:\sta4v12\STA4DATA\GUC3d.DMX
2003-10-09 07:06 119862 --a------ c:\sta4v12\STA4DATA\GUC3d.GPR
2003-10-09 07:04 542 --a------ c:\sta4v12\STA4DATA\GUC3d.DRP
2003-10-09 07:04 45280 --a------ c:\sta4v12\STA4DATA\GUC3d.LOA
2003-10-09 07:04 416 --a------ c:\sta4v12\STA4DATA\GUC3d.HCR
2003-10-09 07:04 3138 --a------ c:\sta4v12\STA4DATA\GUC3d.KNT
2003-10-09 07:04 11352 --a------ c:\sta4v12\STA4DATA\GUC3d.FLO
2003-10-09 07:04 0 --a------ c:\sta4v12\STA4DATA\GUC3d.TMX
2003-10-09 07:04 0 --a------ c:\sta4v12\STA4DATA\GUC3d.PMX
2003-10-09 07:04 0 --a------ c:\sta4v12\STA4DATA\GUC3d.ERR
2003-10-09 07:03 7289 --a------ c:\sta4v12\STA4DATA\GUC3d.HST
2003-10-09 07:03 38976 --a------ c:\sta4v12\STA4DATA\GUC3d.DIS
2003-10-09 07:03 336700 --a------ c:\sta4v12\STA4DATA\GUC3d.COL
2003-10-09 07:03 31720 --a------ c:\sta4v12\STA4DATA\GUC3d.CAP
2003-10-09 07:03 1844 --a------ c:\sta4v12\STA4DATA\GUC3d.EAR
2003-10-09 07:03 14504 --a------ c:\sta4v12\STA4DATA\GUC3d.SWL
2003-10-09 07:03 14504 --a------ c:\sta4v12\STA4DATA\GUC3d.SW1
2003-10-09 07:03 12324 --a------ c:\sta4v12\STA4DATA\GUC3d.CST
2003-10-09 07:03 102 --a------ c:\sta4v12\STA4DATA\GUC3d.TP1
2003-10-09 07:01 872 --a------ c:\sta4v12\STA4DATA\GUC3d.OPS
2003-10-09 07:01 8110 --a------ c:\sta4v12\STA4DATA\GUC3d.CQC
2003-10-09 07:01 67340 --a------ c:\sta4v12\STA4DATA\GUC3d.CO1
2003-10-09 07:01 5252 --a------ c:\sta4v12\STA4DATA\GUC3d.SSM
2003-10-09 07:01 480 --a------ c:\sta4v12\STA4DATA\GUC3d.MAS
2003-10-09 07:01 131524 --a------ c:\sta4v12\STA4DATA\GUC3d.BE1
2003-10-09 07:01 0 --a------ c:\sta4v12\STA4DATA\GUC3d.ZEM
2003-10-09 07:01 0 --a------ c:\sta4v12\STA4DATA\GUC3d.THE
2003-10-09 07:01 0 --a------ c:\sta4v12\STA4DATA\GUC3d.TBI
2003-10-09 07:01 0 --a------ c:\sta4v12\STA4DATA\GUC3d.JLO
2003-10-09 07:00 246 --a------ c:\sta4v12\STA4DATA\GUC3d.COD
2003-10-09 06:58 7107 --a------ c:\sta4v12\STA4DATA\GUC3d.gif
2003-10-09 06:58 45 --a------ c:\sta4v12\STA4DATA\GUC3d.AKS
2003-10-09 06:58 26937 --a------ c:\sta4v12\STA4DATA\GUC3d.ST4
2003-10-09 06:58 15894 --a------ c:\sta4v12\STA4DATA\GUC3d.MED
2003-10-09 06:53 657620 --a------ c:\sta4v12\STA4DATA\GUC3C.BEA
2003-10-09 06:53 5883 --a------ c:\sta4v12\STA4DATA\GUC3C.HST
2003-10-09 06:53 544 --a------ c:\sta4v12\STA4DATA\GUC3C.DRP
2003-10-09 06:53 45280 --a------ c:\sta4v12\STA4DATA\GUC3C.LOA
2003-10-09 06:53 416 --a------ c:\sta4v12\STA4DATA\GUC3C.HCR
2003-10-09 06:53 38654 --a------ c:\sta4v12\STA4DATA\GUC3C.KMX
2003-10-09 06:53 37440 --a------ c:\sta4v12\STA4DATA\GUC3C.DIS
2003-10-09 06:53 336700 --a------ c:\sta4v12\STA4DATA\GUC3C.COL
2003-10-09 06:53 31720 --a------ c:\sta4v12\STA4DATA\GUC3C.CAP
2003-10-09 06:53 3138 --a------ c:\sta4v12\STA4DATA\GUC3C.KNT
2003-10-09 06:53 2520 --a------ c:\sta4v12\STA4DATA\GUC3C.SWX
2003-10-09 06:53 1832 --a------ c:\sta4v12\STA4DATA\GUC3C.EAR
2003-10-09 06:53 16380 --a------ c:\sta4v12\STA4DATA\GUC3C.SMX
2003-10-09 06:53 12728 --a------ c:\sta4v12\STA4DATA\GUC3C.DMX
2003-10-09 06:53 11700 --a------ c:\sta4v12\STA4DATA\GUC3C.CST
2003-10-09 06:53 11352 --a------ c:\sta4v12\STA4DATA\GUC3C.FLO
2003-10-09 06:53 10360 --a------ c:\sta4v12\STA4DATA\GUC3C.SWL
2003-10-09 06:53 10360 --a------ c:\sta4v12\STA4DATA\GUC3C.SW1
2003-10-09 06:53 102 --a------ c:\sta4v12\STA4DATA\GUC3C.TP1
2003-10-09 06:53 0 --a------ c:\sta4v12\STA4DATA\GUC3C.TMX
2003-10-09 06:53 0 --a------ c:\sta4v12\STA4DATA\GUC3C.PMX
2003-10-09 06:53 0 --a------ c:\sta4v12\STA4DATA\GUC3C.ERR
2003-10-09 06:50 8115 --a------ c:\sta4v12\STA4DATA\GUC3C.CQC
2003-10-09 06:50 7061 --a------ c:\sta4v12\STA4DATA\Guc3c.gif
2003-10-09 06:50 67340 --a------ c:\sta4v12\STA4DATA\GUC3C.CO1
2003-10-09 06:50 5252 --a------ c:\sta4v12\STA4DATA\GUC3C.SSM
2003-10-09 06:50 480 --a------ c:\sta4v12\STA4DATA\GUC3C.MAS
2003-10-09 06:50 26925 --a------ c:\sta4v12\STA4DATA\GUC3C.ST4
2003-10-09 06:50 15894 --a------ c:\sta4v12\STA4DATA\GUC3C.MED
2003-10-09 06:50 131524 --a------ c:\sta4v12\STA4DATA\GUC3C.BE1
2003-10-09 06:50 0 --a------ c:\sta4v12\STA4DATA\GUC3c.ZEM
2003-10-09 06:50 0 --a------ c:\sta4v12\STA4DATA\GUC3C.THE
2003-10-09 06:50 0 --a------ c:\sta4v12\STA4DATA\GUC3C.TBI
2003-10-09 06:50 0 --a------ c:\sta4v12\STA4DATA\GUC3C.JLO
2003-10-09 06:46 872 --a------ c:\sta4v12\STA4DATA\GUC3C.OPS
2003-10-09 06:46 246 --a------ c:\sta4v12\STA4DATA\GUC3C.COD
2003-09-24 23:48 541 --a------ c:\sta4v12\STA4DATA\GUC3d.DRP$
2003-09-24 13:30 276 --a------ c:\sta4v12\STA4DATA\GUC3c.EA0
2003-09-24 13:30 10360 --a------ c:\sta4v12\STA4DATA\GUC3c.SW0
2003-09-24 13:30 0 --a------ c:\sta4v12\STA4DATA\GUC3c.TH0
2003-09-24 06:17 45 --a------ c:\sta4v12\STA4DATA\GUC3C.AKS
2003-09-22 17:17 399 --a------ c:\sta4v12\plastbau.ext
2003-09-22 14:39 1243 --a------ c:\sta4v12\STA4DATA\CIRCLE.USE
2003-09-17 11:12 8960 --a------ c:\sta4v12\STA4DATA\3D_EV.THE
2003-09-17 11:12 884 --a------ c:\sta4v12\STA4DATA\3D_EV.TBI
2003-09-17 11:12 8624 --a------ c:\sta4v12\STA4DATA\3D_EV.KMX
2003-09-17 11:12 5525 --a------ c:\sta4v12\STA4DATA\3D_EV.CQC
2003-09-17 11:12 5040 --a------ c:\sta4v12\STA4DATA\3D_EV.SMX
2003-09-17 11:12 4620 --a------ c:\sta4v12\STA4DATA\3D_EV.TMX
2003-09-17 11:12 395 --a------ c:\sta4v12\STA4DATA\3D_EV.MAS
2003-09-17 11:12 3848 --a------ c:\sta4v12\STA4DATA\3D_EV.DMX
2003-09-17 11:12 361 --a------ c:\sta4v12\STA4DATA\3D_EV.DRP
2003-09-17 11:12 3494 --a------ c:\sta4v12\STA4DATA\3D_EV.SSM
2003-09-17 11:12 3432 --a------ c:\sta4v12\STA4DATA\3D_EV.FLO
2003-09-17 11:12 3120 --a------ c:\sta4v12\STA4DATA\3D_EV.CST
2003-09-17 11:12 29344 --a------ c:\sta4v12\STA4DATA\3D_EV.BEA
2003-09-17 11:12 29344 --a------ c:\sta4v12\STA4DATA\3D_EV.BE1
2003-09-17 11:12 2652 --a------ c:\sta4v12\STA4DATA\3D_EV.ZEM
2003-09-17 11:12 2352 --a------ c:\sta4v12\STA4DATA\3D_EV.TST
2003-09-17 11:12 20720 --a------ c:\sta4v12\STA4DATA\3D_EV.COL
2003-09-17 11:12 20720 --a------ c:\sta4v12\STA4DATA\3D_EV.CO1
2003-09-17 11:12 1986 --a------ c:\sta4v12\STA4DATA\3D_EV.KNT
2003-09-17 11:12 192 --a------ c:\sta4v12\STA4DATA\3D_EV.HCR
2003-09-17 11:12 1134 --a------ c:\sta4v12\STA4DATA\3D_EV.EAR
2003-09-17 11:12 10944 --a------ c:\sta4v12\STA4DATA\3D_EV.DIS
2003-09-17 11:12 10240 --a------ c:\sta4v12\STA4DATA\3D_EV.LOA
2003-09-17 11:12 102 --a------ c:\sta4v12\STA4DATA\3D_EV.TP1
2003-09-17 11:12 0 --a------ c:\sta4v12\STA4DATA\3D_EV.PMX
2003-09-17 11:12 0 --a------ c:\sta4v12\STA4DATA\3D_EV.JLO
2003-09-17 11:12 0 --a------ c:\sta4v12\STA4DATA\3D_EV.ERR
2003-09-16 11:07 869 --a------ c:\sta4v12\STA4DATA\3D_EV.OPS
2003-09-16 11:07 246 --a------ c:\sta4v12\STA4DATA\3D_EV.COD
2003-09-16 00:43 75713 --a------ c:\sta4v12\STA4DATA\ornek3.ST4
2003-09-15 06:12 6154 --a------ c:\sta4v12\STA4DATA\3d_ev.gif
2003-09-15 06:12 32 --a------ c:\sta4v12\STA4DATA\3D_EV.AKS
2003-09-15 03:21 9768 --a------ c:\sta4v12\STA4DATA\3D_EV.BAK
2003-09-14 23:13 29 --a------ c:\sta4v12\KIRIS.OPS
2003-09-14 16:22 27 --a------ c:\sta4v12\STAdate.txt
2003-09-11 04:56 37 --a------ c:\sta4v12\NERVUR.OPS
2003-09-10 18:08 665600 --a------ c:\sta4v12\hardlock.sys
2003-09-10 18:08 47616 --a------ c:\sta4v12\Haspnt.sys
2003-08-25 06:22 596 --a------ c:\sta4v12\STA4DATA\CIRCLE.BAR
2003-08-25 06:22 596 --a------ c:\sta4v12\STA4DATA\3D_EV.BAR
2003-08-22 00:00 2496 --a------ c:\sta4v12\STA4DATA\3D_EV.SON
2003-08-22 00:00 1008 --a------ c:\sta4v12\STA4DATA\3D_EV.DEP
2003-08-21 04:56 532 --a------ c:\sta4v12\STA4DATA\3D_EV.FEA
2003-08-07 15:42 60868 --a------ c:\sta4v12\STAlight.ttf
2003-07-25 08:17 148992 --a------ c:\sta4v12\STALOCK.DLL
2003-07-19 01:24 7536 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.ST4
2003-07-19 01:24 5799 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.gif
2003-07-19 01:24 21 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.AKS
2003-07-19 01:19 88630 --a------ c:\sta4v12\STA4DATA\UCGEN.ST4
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\UCGEN.OPS
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\TOWER.OPS
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\SUDEPOSU.OPS
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\PLAZA.OPS
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\PANEL.OPS
2003-07-19 01:19 860 --a------ c:\sta4v12\STA4DATA\ORNEKD3.OPS
2003-07-19 01:19 8192 --a------ c:\sta4v12\STA4DATA\Plaza.gif
2003-07-19 01:19 7428 --a------ c:\sta4v12\STA4DATA\Ucgen.gif
2003-07-19 01:19 7024 --a------ c:\sta4v12\STA4DATA\Tower.gif
2003-07-19 01:19 6943 --a------ c:\sta4v12\STA4DATA\ornek9.gif
2003-07-19 01:19 6889 --a------ c:\sta4v12\STA4DATA\Panel.gif
2003-07-19 01:19 67 --a------ c:\sta4v12\STA4DATA\PANEL.AKS
2003-07-19 01:19 5906 --a------ c:\sta4v12\STA4DATA\Sudeposu.gif
2003-07-19 01:19 5567 --a------ c:\sta4v12\STA4DATA\Ornekd3.gif
2003-07-19 01:19 48 --a------ c:\sta4v12\STA4DATA\ORNEKD3.AKS
2003-07-19 01:19 46356 --a------ c:\sta4v12\STA4DATA\PANEL.ST4
2003-07-19 01:19 463 --a------ c:\sta4v12\STA4DATA\ornek9.AKS
2003-07-19 01:19 39358 --a------ c:\sta4v12\STA4DATA\ornek9.ST4
2003-07-19 01:19 346 --a------ c:\sta4v12\STA4DATA\PLAZA.AKS
2003-07-19 01:19 2721 --a------ c:\sta4v12\STA4DATA\SUDEPOSU.ST4
2003-07-19 01:19 217785 --a------ c:\sta4v12\STA4DATA\PLAZA.ST4
2003-07-19 01:19 210 --a------ c:\sta4v12\STA4DATA\TOWER.AKS
2003-07-19 01:19 197 --a------ c:\sta4v12\STA4DATA\UCGEN.AKS
2003-07-19 01:19 161023 --a------ c:\sta4v12\STA4DATA\TOWER.ST4
2003-07-19 01:19 12 --a------ c:\sta4v12\STA4DATA\SUDEPOSU.AKS
2003-07-19 01:18 860 --a------ c:\sta4v12\STA4DATA\ORNEK7.OPS
2003-07-19 01:18 753 --a------ c:\sta4v12\STA4DATA\ornek8.AKS
2003-07-19 01:18 65 --a------ c:\sta4v12\STA4DATA\ORNEK7.AKS
2003-07-19 01:18 5782 --a------ c:\sta4v12\STA4DATA\Ornek7.gif
2003-07-19 01:18 5269 --a------ c:\sta4v12\STA4DATA\ornek8.gif
2003-07-19 01:18 193805 --a------ c:\sta4v12\STA4DATA\ornek8.ST4
2003-07-19 01:18 17165 --a------ c:\sta4v12\STA4DATA\ORNEK7.ST4
2003-07-19 01:17 7210 --a------ c:\sta4v12\STA4DATA\ornek5.gif
2003-07-19 01:17 7065 --a------ c:\sta4v12\STA4DATA\ornek3.gif
2003-07-19 01:17 431 --a------ c:\sta4v12\STA4DATA\ornek5.AKS
2003-07-19 01:17 311874 --a------ c:\sta4v12\STA4DATA\ornek5.ST4
2003-07-19 01:17 131 --a------ c:\sta4v12\STA4DATA\ornek3.AKS
2003-07-19 01:16 860 --a------ c:\sta4v12\STA4DATA\ORNEK27.OPS
2003-07-19 01:16 860 --a------ c:\sta4v12\STA4DATA\ORNEK22.OPS
2003-07-19 01:16 860 --a------ c:\sta4v12\STA4DATA\ORNEK21.OPS
2003-07-19 01:16 7414 --a------ c:\sta4v12\STA4DATA\Ornek21.gif
2003-07-19 01:16 7215 --a------ c:\sta4v12\STA4DATA\ornek20.gif
2003-07-19 01:16 7026 --a------ c:\sta4v12\STA4DATA\Ornek27.gif
2003-07-19 01:16 6419 --a------ c:\sta4v12\STA4DATA\Ornek22.gif
2003-07-19 01:16 63433 --a------ c:\sta4v12\STA4DATA\ORNEK27.ST4
2003-07-19 01:16 315 --a------ c:\sta4v12\STA4DATA\ornek20.AKS
2003-07-19 01:16 291 --a------ c:\sta4v12\STA4DATA\ORNEK21.AKS
2003-07-19 01:16 275 --a------ c:\sta4v12\STA4DATA\ORNEK27.AKS
2003-07-19 01:16 25876 --a------ c:\sta4v12\STA4DATA\ORNEK22.ST4
2003-07-19 01:16 214980 --a------ c:\sta4v12\STA4DATA\ornek20.ST4
2003-07-19 01:16 21045 --a------ c:\sta4v12\STA4DATA\ORNEK21.ST4
2003-07-19 01:16 148 --a------ c:\sta4v12\STA4DATA\ORNEK22.AKS
2003-07-19 01:15 860 --a------ c:\sta4v12\STA4DATA\ORNEK2.OPS
2003-07-19 01:15 860 --a------ c:\sta4v12\STA4DATA\ORNEK17.OPS
2003-07-19 01:15 7746 --a------ c:\sta4v12\STA4DATA\ornek16.gif
2003-07-19 01:15 7706 --a------ c:\sta4v12\STA4DATA\Ornek17.gif
2003-07-19 01:15 7396 --a------ c:\sta4v12\STA4DATA\ornek18.gif
2003-07-19 01:15 7118 --a------ c:\sta4v12\STA4DATA\Ornek19.gif
2003-07-19 01:15 70924 --a------ c:\sta4v12\STA4DATA\ornek16.ST4
2003-07-19 01:15 6353 --a------ c:\sta4v12\STA4DATA\Ornek2.gif
2003-07-19 01:15 63 --a------ c:\sta4v12\STA4DATA\ORNEK19.AKS
2003-07-19 01:15 62428 --a------ c:\sta4v12\STA4DATA\ORNEK17.ST4
2003-07-19 01:15 39 --a------ c:\sta4v12\STA4DATA\ORNEK2.AKS
2003-07-19 01:15 379 --a------ c:\sta4v12\STA4DATA\ornek16.AKS
2003-07-19 01:15 34915 --a------ c:\sta4v12\STA4DATA\ORNEK2.ST4
2003-07-19 01:15 241 --a------ c:\sta4v12\STA4DATA\ornek18.AKS
2003-07-19 01:15 232145 --a------ c:\sta4v12\STA4DATA\ORNEK19.ST4
2003-07-19 01:15 174 --a------ c:\sta4v12\STA4DATA\ORNEK17.AKS
2003-07-19 01:14 860 --a------ c:\sta4v12\STA4DATA\ORNEK15.OPS
2003-07-19 01:14 7916 --a------ c:\sta4v12\STA4DATA\ornek14.gif
2003-07-19 01:14 7175 --a------ c:\sta4v12\STA4DATA\Ornek15.gif
2003-07-19 01:14 437 --a------ c:\sta4v12\STA4DATA\ornek14.AKS
2003-07-19 01:14 163 --a------ c:\sta4v12\STA4DATA\ORNEK15.AKS
2003-07-19 01:12 860 --a------ c:\sta4v12\STA4DATA\ORNEK13.OPS
2003-07-19 01:12 860 --a------ c:\sta4v12\STA4DATA\ORNEK12.OPS
2003-07-19 01:12 7127 --a------ c:\sta4v12\STA4DATA\Ornek12.gif
2003-07-19 01:12 6098 --a------ c:\sta4v12\STA4DATA\ornek10.gif
2003-07-19 01:12 57801 --a------ c:\sta4v12\STA4DATA\ornek10.ST4
2003-07-19 01:12 49882 --a------ c:\sta4v12\STA4DATA\ORNEK12.ST4
2003-07-19 01:12 347 --a------ c:\sta4v12\STA4DATA\ornek10.AKS
2003-07-19 01:12 128 --a------ c:\sta4v12\STA4DATA\ORNEK12.AKS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\ORNEK1.OPS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\MANTAR2.OPS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\MANTAR1.OPS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\KRADYE.OPS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\KONKOL.OPS
2003-07-19 01:11 860 --a------ c:\sta4v12\STA4DATA\IZGARA.OPS
2003-07-19 01:11 7735 --a------ c:\sta4v12\STA4DATA\MANTAR2.ST4
2003-07-19 01:11 73 --a------ c:\sta4v12\STA4DATA\ORNEK1.AKS
2003-07-19 01:11 6708 --a------ c:\sta4v12\STA4DATA\KONKOL.ST4
2003-07-19 01:11 6552 --a------ c:\sta4v12\STA4DATA\Ornek1.gif
2003-07-19 01:11 6489 --a------ c:\sta4v12\STA4DATA\Hasir.gif
2003-07-19 01:11 6322 --a------ c:\sta4v12\STA4DATA\Mantar2.gif
2003-07-19 01:11 6231 --a------ c:\sta4v12\STA4DATA\Mantar1.gif
2003-07-19 01:11 6158 --a------ c:\sta4v12\STA4DATA\Izgara.gif
2003-07-19 01:11 6078 --a------ c:\sta4v12\STA4DATA\Kradye.gif
2003-07-19 01:11 6021 --a------ c:\sta4v12\STA4DATA\Konkol.gif
2003-07-19 01:11 58613 --a------ c:\sta4v12\STA4DATA\HASIR.st4
2003-07-19 01:11 56 --a------ c:\sta4v12\STA4DATA\KRADYE.AKS
2003-07-19 01:11 4701 --a------ c:\sta4v12\STA4DATA\IZGARA.ST4
2003-07-19 01:11 4653 --a------ c:\sta4v12\STA4DATA\MANTAR1.ST4
2003-07-19 01:11 45 --a------ c:\sta4v12\STA4DATA\HASIR.aks
2003-07-19 01:11 31012 --a------ c:\sta4v12\STA4DATA\KRADYE.ST4
2003-07-19 01:11 30 --a------ c:\sta4v12\STA4DATA\MANTAR1.AKS
2003-07-19 01:11 27 --a------ c:\sta4v12\STA4DATA\KONKOL.AKS
2003-07-19 01:11 27 --a------ c:\sta4v12\STA4DATA\IZGARA.AKS
2003-07-19 01:11 24 --a------ c:\sta4v12\STA4DATA\MANTAR2.AKS
2003-07-19 01:04 860 --a------ c:\sta4v12\STA4DATA\GUC3B.OPS
2003-07-19 01:04 860 --a------ c:\sta4v12\STA4DATA\GUC3A.OPS
2003-07-19 01:04 7071 --a------ c:\sta4v12\STA4DATA\Guc3b.gif
2003-07-19 01:04 6954 --a------ c:\sta4v12\STA4DATA\Guc3a.gif
2003-07-19 01:04 6457 --a------ c:\sta4v12\STA4DATA\Egrisel.gif
2003-07-19 01:04 63973 --a------ c:\sta4v12\STA4DATA\EGRISEL.ST4
2003-07-19 01:04 45 --a------ c:\sta4v12\STA4DATA\GUC3B.AKS
2003-07-19 01:04 45 --a------ c:\sta4v12\STA4DATA\GUC3A.AKS
2003-07-19 01:04 25099 --a------ c:\sta4v12\STA4DATA\GUC3B.ST4
2003-07-19 01:04 24535 --a------ c:\sta4v12\STA4DATA\GUC3A.ST4
2003-07-19 01:04 133 --a------ c:\sta4v12\STA4DATA\EGRISEL.AKS
2003-07-19 01:03 860 --a------ c:\sta4v12\STA4DATA\EGRISEL.OPS
2003-07-19 01:03 860 --a------ c:\sta4v12\STA4DATA\DOSTEST.OPS
2003-07-19 01:03 860 --a------ c:\sta4v12\STA4DATA\DAIRESEL.OPS
2003-07-19 01:03 860 --a------ c:\sta4v12\STA4DATA\DAIRE2.OPS
2003-07-19 01:03 860 --a------ c:\sta4v12\STA4DATA\BODRUM.OPS
2003-07-19 01:03 76397 --a------ c:\sta4v12\STA4DATA\DAIRESEL.ST4
2003-07-19 01:03 6897 --a------ c:\sta4v12\STA4DATA\Bodrum.gif
2003-07-19 01:03 6854 --a------ c:\sta4v12\STA4DATA\Dairesel.gif
2003-07-19 01:03 6665 --a------ c:\sta4v12\STA4DATA\Daire2.gif
2003-07-19 01:03 5897 --a------ c:\sta4v12\STA4DATA\Dostest.gif
2003-07-19 01:03 39 --a------ c:\sta4v12\STA4DATA\BODRUM.AKS
2003-07-19 01:03 36 --a------ c:\sta4v12\STA4DATA\DOSTEST.AKS
2003-07-19 01:03 3462 --a------ c:\sta4v12\STA4DATA\DOSTEST.ST4
2003-07-19 01:03 327 --a------ c:\sta4v12\STA4DATA\DAIRE2.AKS
2003-07-19 01:03 262 --a------ c:\sta4v12\STA4DATA\DAIRESEL.AKS
2003-07-19 01:03 26009 --a------ c:\sta4v12\STA4DATA\BODRUM.ST4
2003-07-19 01:03 25531 --a------ c:\sta4v12\STA4DATA\DAIRE2.ST4
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek9.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek8.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek5.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek20.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek18.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek16.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek14.OPS
2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek10.OPS <
  • 0

#35
Egwene
Posted 12 November 2008 - 10:44 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

The combofix log looks huge, please attach it and post me Sdfix repport in a new reply and the LopSD option 1 repport in an other reply.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Regards,
Egwene.
  • 0

#36
okucu
Posted 12 November 2008 - 10:45 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Not everything fit in ...Copying from where it cut :

2003-07-19 01:02 864 --a------ c:\sta4v12\STA4DATA\ornek10.OPS
2003-07-19 01:02 860 --a------ c:\sta4v12\STA4DATA\BODPER.OPS
2003-07-19 01:02 860 --a------ c:\sta4v12\STA4DATA\A3DUZEN.OPS
2003-07-19 01:02 860 --a------ c:\sta4v12\STA4DATA\A2DUZEN.OPS
2003-07-19 01:02 7382 --a------ c:\sta4v12\STA4DATA\A3DUZEN.ST4
2003-07-19 01:02 6426 --a------ c:\sta4v12\STA4DATA\Bodper.gif
2003-07-19 01:02 6279 --a------ c:\sta4v12\STA4DATA\A2duzen.gif
2003-07-19 01:02 5799 --a------ c:\sta4v12\STA4DATA\A3duzen.gif
2003-07-19 01:02 5002 --a------ c:\sta4v12\STA4DATA\BODPER.ST4
2003-07-19 01:02 33 --a------ c:\sta4v12\STA4DATA\A2DUZEN.AKS
2003-07-19 01:02 21 --a------ c:\sta4v12\STA4DATA\BODPER.AKS
2003-07-19 01:02 21 --a------ c:\sta4v12\STA4DATA\A3DUZEN.AKS
2003-07-19 01:02 20813 --a------ c:\sta4v12\STA4DATA\A2DUZEN.ST4
2003-07-17 00:43 4032 --a------ c:\sta4v12\STA4DATA\3D_EV.MED
2003-07-15 04:48 864 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.OPS
2003-06-04 03:20 862 --a------ c:\sta4v12\STA4DATA\YIGMA1.OPS
2003-05-15 07:51 205 --a------ c:\sta4v12\STA4DATA\TENNIS-COURT.BAR
2003-05-14 06:18 860 --a------ c:\sta4v12\STA1\ORNEK.ST1
2003-05-14 06:17 7158 --a------ c:\sta4v12\STA1\Makas1.st1
2003-05-14 06:17 4691 --a------ c:\sta4v12\STA1\ORNEK2.ST1
2003-05-14 06:16 25067 --a------ c:\sta4v12\STA1\kemer-30m.st1
2003-04-30 07:41 29184 --a------ c:\sta4v12\VerSetup.exe
2003-03-27 19:44 128764 --a------ c:\sta4v12\StaCyril.ttf
2003-03-25 17:56 10806 --a------ c:\sta4v12\ROMANS.FON
2003-02-23 21:55 7642855 --a------ c:\sta4v12\STA1\celik_proje.chm
2002-12-18 22:38 24 --a------ c:\sta4v12\STA4DATA\WORKPOOL
2002-12-17 02:03 860 --a------ c:\sta4v12\STA4DATA\HASIR.OPS
2002-11-19 05:50 11391 --a------ c:\sta4v12\STA4DATA\HAVUZ.POL
2002-09-29 16:05 5295 --a------ c:\sta4v12\ELCENTRO.ACC
2002-09-16 17:56 226 --a------ c:\sta4v12\STA4.BAR
2002-08-31 06:29 1635042 --a------ c:\sta4v12\LIB\DOCS\Docs6.pdf
2002-08-31 05:52 425885 --a------ c:\sta4v12\LIB\DOCS\Docs15.pdf
2002-08-31 05:27 356431 --a------ c:\sta4v12\LIB\DOCS\Docs8.pdf
2002-08-31 05:25 1167011 --a------ c:\sta4v12\LIB\DOCS\Docs3.pdf
2002-08-27 19:07 291328 --a------ c:\sta4v12\hlvdd.dll
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek9.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek8.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek5.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek3.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek20.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek18.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek16.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek14.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\ornek10.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\GUC3d.BAR
2002-08-24 00:02 202 --a------ c:\sta4v12\STA4DATA\GUC3C.BAR
2002-08-22 08:25 328131 --a------ c:\sta4v12\LIB\DOCS\Docs11.pdf
2002-08-22 07:18 142336 --a------ c:\sta4v12\LIB\DOCS\Docs12.pdf
2002-08-21 09:10 1500464 --a------ c:\sta4v12\LIB\DOCS\Docs13.pdf
2002-08-21 08:19 123256 --a------ c:\sta4v12\LIB\DOCS\Docs9.pdf
2002-08-21 08:03 1877244 --a------ c:\sta4v12\LIB\DOCS\Docs14.pdf
2002-08-12 08:06 489415 --a------ c:\sta4v12\LIB\DOCS\Docs10.pdf
2002-08-06 03:17 3864932 --a------ c:\sta4v12\LIB\DOCS\Docs7.pdf
2002-08-06 01:59 317229 --a------ c:\sta4v12\LIB\DOCS\Docs16.pdf
2002-08-04 16:26 284 --a------ c:\sta4v12\BRITISH.COD
2002-08-04 16:10 761 --a------ c:\sta4v12\SNIP.COD
2002-08-03 05:44 190101 --a------ c:\sta4v12\STA4DESIGN.chm
2002-07-30 02:12 2720 --a------ c:\sta4v12\STA4CAD.DDL
2002-07-29 18:13 434252 --a------ c:\sta4v12\hardlock.vxd
2002-07-15 23:58 419 --a------ c:\sta4v12\EUROCODE.COD
2002-07-15 23:57 291 --a------ c:\sta4v12\ACI.COD
2002-06-16 18:24 1017402 --a------ c:\sta4v12\LIB\DOCS\Docs2.pdf
2002-06-06 20:23 1286066 --a------ c:\sta4v12\tdy97.pdf
2002-04-29 23:28 280 --a------ c:\sta4v12\TURKMENISTAN-3.SPC
2002-04-16 00:57 617 --a------ c:\sta4v12\UBC.SPC
2002-04-12 15:50 615436 --a------ c:\sta4v12\LIB\staclip7$.avi
2002-04-12 14:52 541696 --a------ c:\sta4v12\LIB\staclip6$.avi
2002-04-12 13:02 1473536 --a------ c:\sta4v12\LIB\staclip5$.avi
2002-04-12 12:29 940544 --a------ c:\sta4v12\LIB\staclip10$.avi
2002-04-12 02:24 891450 --a------ c:\sta4v12\LIB\staclip9$.avi
2002-04-12 01:05 5588480 --a------ c:\sta4v12\LIB\staclip4$.avi
2002-04-12 00:27 1059328 --a------ c:\sta4v12\LIB\staclip3$.avi
2002-04-11 23:51 4852224 --a------ c:\sta4v12\LIB\staclip2$.avi
2002-04-11 23:45 3307520 --a------ c:\sta4v12\LIB\staclip1$.avi
2002-04-11 14:47 2238 --a------ c:\sta4v12\Sta4.ico
2002-03-08 00:46 2249319 --a------ c:\sta4v12\LIB\DOCS\Docs18.pdf
2002-03-08 00:27 454824 --a------ c:\sta4v12\LIB\DOCS\Docs4.pdf
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\PLAZA.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek9.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek8.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek5.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek3.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ORNEK25.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek20.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek18.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek16.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek14.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\ornek10.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\MANTAR2.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\GUC3d.USE
2002-03-06 07:17 1231 --a------ c:\sta4v12\STA4DATA\GUC3C.USE
2002-03-05 03:08 25271296 --a------ c:\sta4v12\LIB\sta4edu5.avi
2002-03-04 08:21 100352 --a------ c:\sta4v12\LIB\online8$.avi
2002-03-04 08:06 202752 --a------ c:\sta4v12\LIB\online7$.avi
2002-03-04 07:55 29696 --a------ c:\sta4v12\LIB\online6$.avi
2002-03-04 06:53 31232 --a------ c:\sta4v12\LIB\online5$.avi
2002-03-04 06:51 24576 --a------ c:\sta4v12\LIB\online4$.avi
2002-03-04 06:44 71168 --a------ c:\sta4v12\LIB\online3$.avi
2002-03-04 06:33 32256 --a------ c:\sta4v12\LIB\online2$.avi
2002-03-04 06:27 45568 --a------ c:\sta4v12\LIB\online1$.avi
2002-03-03 09:29 63512 --a------ c:\sta4v12\LIB\online8.avi
2002-03-03 09:25 65024 --a------ c:\sta4v12\LIB\online3.avi
2002-03-03 09:21 32768 --a------ c:\sta4v12\LIB\online2.avi
2002-03-03 09:17 53760 --a------ c:\sta4v12\LIB\online1.avi
2002-03-02 14:58 209958 --a------ c:\sta4v12\LIB\online7.avi
2002-03-02 14:53 20480 --a------ c:\sta4v12\LIB\online6.avi
2002-03-02 14:51 26624 --a------ c:\sta4v12\LIB\online5.avi
2002-03-02 14:49 33792 --a------ c:\sta4v12\LIB\online4.avi
2002-03-01 09:07 4215352 --a------ c:\sta4v12\LIB\sta4edu6.avi
2002-03-01 08:46 9755684 --a------ c:\sta4v12\LIB\sta4edu4.avi
2002-03-01 08:41 36366848 --a------ c:\sta4v12\LIB\sta4edu3.avi
2002-03-01 08:26 27162624 --a------ c:\sta4v12\LIB\sta4edu2.avi
2002-03-01 08:15 53294080 --a------ c:\sta4v12\LIB\sta4edu1.avi
2002-03-01 07:06 3034112 --a------ c:\sta4v12\LIB\staclip12.avi
2002-03-01 06:20 401324 --a------ c:\sta4v12\LIB\codec.exe
2002-03-01 06:03 2224640 --a------ c:\sta4v12\LIB\staclip11.avi
2002-03-01 05:56 833024 --a------ c:\sta4v12\LIB\staclip10.avi
2002-03-01 05:52 1467392 --a------ c:\sta4v12\LIB\staclip9.avi
2002-03-01 05:22 377344 --a------ c:\sta4v12\LIB\staclip7.avi
2002-03-01 05:20 1056256 --a------ c:\sta4v12\LIB\staclip8.avi
2002-03-01 04:37 527360 --a------ c:\sta4v12\LIB\staclip6.avi
2002-03-01 04:32 2176512 --a------ c:\sta4v12\LIB\staclip5.avi
2002-03-01 04:04 2447360 --a------ c:\sta4v12\LIB\staclip4.avi
2002-03-01 03:31 4989952 --a------ c:\sta4v12\LIB\staclip2.avi
2002-03-01 03:20 949760 --a------ c:\sta4v12\LIB\staclip3.avi
2002-03-01 02:57 3064320 --a------ c:\sta4v12\LIB\staclip1.avi
2002-02-27 20:19 3945796 --a------ c:\sta4v12\LIB\DOCS\Docs1.pdf
2002-02-20 18:25 509547 --a------ c:\sta4v12\tdy97.chm
2002-01-31 06:19 297472 --a------ c:\sta4v12\nhsrvw32.exe
2001-12-20 20:14 54546 --a------ c:\sta4v12\LIB\DOCS\Docs17.pdf
2001-12-08 05:50 264 --a------ c:\sta4v12\TDY75.SPC
2001-12-08 05:50 264 --a------ c:\sta4v12\BOLGE4.SPC
2001-12-08 05:50 264 --a------ c:\sta4v12\BOLGE3.SPC
2001-12-08 05:50 264 --a------ c:\sta4v12\BOLGE2.SPC
2001-12-08 05:50 264 --a------ c:\sta4v12\BOLGE1.SPC
2001-12-08 01:37 265 --a------ c:\sta4v12\TDY97.SPC
2001-11-02 04:15 6656 --a------ c:\sta4v12\haspvdd.dll
2001-11-01 23:50 49750 --a------ c:\sta4v12\hasp95dl.vxd
2001-11-01 22:15 45664 --a------ c:\sta4v12\hasp95.vxd
2001-07-09 18:10 175372 --a------ c:\sta4v12\CourSTAnewbd.ttf
2001-07-09 16:52 174444 --a------ c:\sta4v12\CourSTAnew.ttf
2001-03-02 05:00 383 --a------ c:\sta4v12\haspdos.sys
2000-12-11 04:31 1239 --a------ c:\sta4v12\STA4DATA\EGRISEL.USE
2000-11-19 00:56 601 --a------ c:\sta4v12\STA4DATA\HASIR.bar
2000-11-11 14:58 5131 --a------ c:\sta4v12\HASIR.LIB
2000-11-08 06:10 601 --a------ c:\sta4v12\STA4DATA\ORNEK2.BAR
2000-10-29 15:11 888 --a------ c:\sta4v12\DEMMA.HAS
2000-10-28 16:28 300 --a------ c:\sta4v12\CESAN.HAS
2000-10-11 04:32 1231 --a------ c:\sta4v12\STA4DATA\PANEL.USE
2000-09-24 19:47 93184 --a------ c:\sta4v12\HASPVB32.DLL
2000-07-03 17:15 45 --a------ c:\sta4v12\DIMS.OPS
2000-06-29 02:45 67528 --a------ c:\sta4v12\LIB\SOLALT.WAV
2000-06-29 02:45 66568 --a------ c:\sta4v12\LIB\ELMSEC.WAV
2000-06-29 02:45 57224 --a------ c:\sta4v12\LIB\SAGUST.WAV
2000-06-29 02:44 53432 --a------ c:\sta4v12\LIB\SAGALT.WAV
2000-06-29 02:43 62136 --a------ c:\sta4v12\LIB\SAGAKS.WAV
2000-06-29 02:43 56088 --a------ c:\sta4v12\LIB\SOLUST.WAV
2000-06-29 02:42 54472 --a------ c:\sta4v12\LIB\SOLAKS.WAV
2000-06-27 05:17 131736 --a------ c:\sta4v12\LIB\STDOS3.WAV
2000-06-27 05:17 131464 --a------ c:\sta4v12\LIB\STDOS4.WAV
2000-06-27 05:16 118376 --a------ c:\sta4v12\LIB\STDOS2.WAV
2000-06-27 05:16 114392 --a------ c:\sta4v12\LIB\STDOS1.WAV
2000-06-27 05:15 95624 --a------ c:\sta4v12\LIB\STKOL1.WAV
2000-06-27 05:14 95336 --a------ c:\sta4v12\LIB\STKIR2.WAV
2000-06-27 05:14 103592 --a------ c:\sta4v12\LIB\STKIR1.WAV
2000-06-27 05:13 139464 --a------ c:\sta4v12\LIB\STAKS3.WAV
2000-06-27 05:13 123976 --a------ c:\sta4v12\LIB\STAKS2.WAV
2000-06-27 05:12 160168 --a------ c:\sta4v12\LIB\STAKS1.WAV
2000-06-27 05:11 140200 --a------ c:\sta4v12\LIB\STPAR.WAV
2000-06-27 05:11 101096 --a------ c:\sta4v12\LIB\ST2NOK.WAV
2000-06-27 05:10 139544 --a------ c:\sta4v12\LIB\STREF.WAV
2000-06-27 05:10 108728 --a------ c:\sta4v12\LIB\ST1NOK.WAV
2000-06-27 05:09 93544 --a------ c:\sta4v12\LIB\STDEL.WAV
2000-06-27 05:08 85832 --a------ c:\sta4v12\LIB\STKESIT.WAV
2000-06-27 05:07 121832 --a------ c:\sta4v12\LIB\STBILGI.WAV
2000-06-27 05:05 158024 --a------ c:\sta4v12\LIB\STKAYDIR.WAV
2000-06-27 05:04 134696 --a------ c:\sta4v12\LIB\STMOVE.WAV
2000-06-27 05:04 105992 --a------ c:\sta4v12\LIB\STCOPY.WAV
2000-06-06 23:44 702 --a------ c:\sta4v12\STA4DATA\ALTIGEN.VEK
2000-06-06 23:44 4160 --a------ c:\sta4v12\STA4DATA\ALTIGEN.CGL
2000-06-06 03:21 21 --a------ c:\sta4v12\STA4DATA\WORKRAD
2000-06-04 08:42 12220 --a------ c:\sta4v12\STA4DATA\GUC3B.GKD
2000-06-04 08:42 12220 --a------ c:\sta4v12\STA4DATA\GUC3A.GKD
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\SUDEPOSU.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK7.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK6.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK4.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK27.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK26.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK24.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK23.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK22.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK21.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK17.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK15.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK13.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK12.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\ORNEK11.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\GUC3B.BAR
2000-06-04 08:15 185 --a------ c:\sta4v12\STA4DATA\GUC3A.BAR
2000-05-19 07:56 81920 --a------ c:\sta4v12\WhMouse.ocx
2000-05-19 07:54 20 --a------ c:\sta4v12\STA4DATA\WORKFEA
2000-05-18 22:17 41 --a------ c:\sta4v12\DONBET
2000-05-11 00:00 6644 --a------ c:\sta4v12\PAFTA.PAF
2000-05-11 00:00 43 --a------ c:\sta4v12\PAFTA.OPS
2000-05-10 23:59 5519 --a------ c:\sta4v12\PAFTA1.PAF
2000-05-10 23:59 47 --a------ c:\sta4v12\PAFTA1.OPS
2000-05-10 22:30 6644 --a------ c:\sta4v12\PAFTA.CAD
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\UCGEN.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\TOWER.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\SUDEPOSU.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEKD3.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK7.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK6.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK4.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK27.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK22.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK21.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK2.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK19.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK17.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK15.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK13.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK12.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ORNEK1.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\MANTAR1.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\KRADYE.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\KONKOL.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\IZGARA.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\HASIR.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\GUC3B.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\GUC3A.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\DOSTEST.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\DAIRESEL.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\DAIRE2.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\CAMI.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\BODRUM.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\BODPER.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\ALTIGEN.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\A3DUZEN.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\A2DUZEN.USE
2000-05-06 13:36 1231 --a------ c:\sta4v12\STA4DATA\3D_EV.USE
2000-05-06 05:36 3790 --a------ c:\sta4v12\YUKANAL.PRN
2000-05-02 02:15 1161 --a------ c:\sta4v12\GRUP.PRO
2000-04-20 19:42 17922 --a------ c:\sta4v12\ROMAND.FON
2000-04-20 19:42 15522 --a------ c:\sta4v12\ROMANC.FON
2000-04-20 07:30 101588 --a------ c:\sta4v12\STA4DATA\CAMI.RAD
2000-04-11 12:42 1260 --a------ c:\sta4v12\STA4DATA\MANTAR2.MAN
2000-04-11 12:40 720 --a------ c:\sta4v12\STA4DATA\MANTAR1.MAN
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\PLAZA.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\ORNEKD3.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\ORNEK25.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\ORNEK19.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\ORNEK1.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\MANTAR2.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\MANTAR1.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\KRADYE.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\KONKOL.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\IZGARA.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\DOSTEST.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\BODRUM.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\BODPER.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\ALTIGEN.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\A3DUZENiso.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\A3DUZEN.BAR
2000-04-11 08:45 188 --a------ c:\sta4v12\STA4DATA\A2DUZEN.BAR
2000-04-11 01:08 5 --a------ c:\sta4v12\METRAJ.OPS
2000-02-28 19:56 8632 --a------ c:\sta4v12\ROMAND.SHX
2000-02-28 19:56 7493 --a------ c:\sta4v12\ROMANC.SHX
2000-02-28 19:55 5084 --a------ c:\sta4v12\Romanstaold.shx
2000-02-28 19:55 5084 --a------ c:\sta4v12\ROMANSTA.SHX
2000-02-28 19:55 5084 --a------ c:\sta4v12\ROMANS.SHX
2000-02-28 19:44 27402 --a------ c:\sta4v12\ROMAND.SHP
2000-02-28 19:41 23895 --a------ c:\sta4v12\ROMANC.SHP
2000-02-28 19:33 16076 --a------ c:\sta4v12\ROMANS.SHP
1999-11-15 22:13 41 --a------ c:\sta4v12\PRINTER.OPS
1999-09-09 00:44 4393 --a------ c:\sta4v12\STA1.PRO
1999-05-05 15:22 313116 --a------ c:\sta4v12\LIB\LOGOFF.WAV
1999-05-05 04:22 65572 --a------ c:\sta4v12\ABALC.TTF
1999-05-05 04:22 139640 --a------ c:\sta4v12\VERDANA.TTF
1999-05-05 04:22 136032 --a------ c:\sta4v12\VERDANAB.TTF
1999-03-10 07:30 749568 --a------ c:\sta4v12\glxCtl.ocx
1998-05-08 21:25 4588 --a------ c:\sta4v12\RUSCA.CIZ
1998-04-15 22:16 551120 --a------ c:\sta4v12\vbogl.tlb
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\UCGEN.BAR
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\TOWER.BAR
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\PANEL.BAR
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\EGRISEL.BAR
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\DAIRESEL.BAR
1998-02-14 04:11 194 --a------ c:\sta4v12\STA4DATA\DAIRE2.BAR
1997-11-07 21:39 4588 --a------ c:\sta4v12\ENGLISH.CIZ
1997-11-07 21:37 4588 --a------ c:\sta4v12\TURKCE.CIZ
1997-10-05 21:10 13962 --a------ c:\sta4v12\STACYRIL.FON
1997-10-02 20:44 7684 --a------ c:\sta4v12\STACYRIL.SHX
1997-10-02 20:44 24153 --a------ c:\sta4v12\STACYRIL.SHP
1997-07-11 01:37 1837 --a------ c:\sta4v12\LIB\ENTER.WAV
1996-12-02 21:02 1452 --a------ c:\sta4v12\STADXF.OVL
1996-06-20 22:10 182 --a------ c:\sta4v12\STA4DATA\CAMI.BAR
1995-10-13 01:52 871 --a------ c:\sta4v12\STA4.CFG
1995-10-13 01:52 871 --a------ c:\sta4v12\STA1.CFG
1995-10-13 01:52 859 --a------ c:\sta4v12\STA4CAD.CFG
1994-03-20 23:04 70 --a------ c:\sta4v12\DONATI
1993-11-08 19:33 26972 --a------ c:\sta4v12\LIB\Crashing.wav


((((((((((((((((((((((((((((( snapshot_2008-11-04_ 7.03.36.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-12-25 15:50:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-12 15:35:12 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-25 15:50:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-12 15:35:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-09 06:58:58 8,470 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[1].bin
+ 2008-11-11 03:13:25 15,770 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[2].bin
+ 2008-11-11 05:18:34 8,470 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\17HTUR26\msusp[3].bin
+ 2008-11-12 15:35:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 12:00:00 66,048 ----a-w c:\windows\system32\mscaeo.exe
+ 2007-04-16 15:52:53 20,480 ----a-w c:\windows\system32\upnpsrv.dll
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\_otmoveit\MovedFiles\10292008_222535\WINDOWS\temp\wmsetup.dll
2008-10-29 20:22 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116055.dll

c:\_otmoveit\MovedFiles\11022008_080543\WINDOWS\temp\wmsetup.dll
2008-11-02 07:36 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116056.dll

c:\_otmoveit\MovedFiles\11022008_181321\DOCUME~1\OKUCU\LOCALS~1\Temp\wmsetup.dll
2008-11-02 17:45 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116057.dll

c:\_otmoveit\MovedFiles\11022008_181321\WINDOWS\temp\wmsetup.dll
2008-11-02 17:45 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116058.dll

c:\_otmoveit\MovedFiles\11022008_195049\WINDOWS\temp\wmsetup.dll
2008-11-02 19:21 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116059.dll

c:\_otmoveit\MovedFiles\11052008_094126\WINDOWS\temp\wmsetup.dll
2008-11-05 09:03 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116060.dll

c:\_otmoveit\MovedFiles\11052008_102649\WINDOWS\temp\wmsetup.dll
2008-11-05 09:55 5632 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116061.dll

C:\12.exe
2008-11-01 20:41 10752 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP824\A0113571.exe
2008-11-05 23:44 10752 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116158.exe

c:\avenger\08223B03.dll
2008-10-16 02:40 11857 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110602.dll
2008-11-06 08:15 12524 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116268.dll

c:\avenger\122B901E.dll
2008-10-16 02:41 12535 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110603.dll
2008-11-05 21:52 12647 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116269.dll

c:\avenger\12B02216.dll
2008-10-23 20:51 11699 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110604.dll
2008-10-28 17:52 11718 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP820\A0111675.dll

c:\avenger\3474A8C2.dll
2008-10-25 05:14 216183 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110689.dll
2008-11-04 07:14 216200 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116073.dll

c:\avenger\43ACDCC5.dll
2008-10-16 02:10 13419 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110605.dll
2008-11-05 21:52 13514 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116270.dll

c:\avenger\495271CA.dll
2008-10-16 03:09 11925 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110606.dll
2008-10-28 20:58 12010 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP821\A0111744.dll

c:\avenger\4BF9CBA3.dll
2008-10-16 02:40 217018 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110607.dll
2008-11-04 07:14 217051 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116075.dll

c:\avenger\4D023DE9.dll
2008-10-16 03:09 11685 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110608.dll
2008-11-05 21:52 11857 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116271.dll

c:\avenger\4F34C688.dll
2008-10-16 03:09 11717 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110609.dll
2008-10-28 21:00 11761 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP821\A0111745.dll

c:\avenger\58FF3024.dll
2008-10-16 02:10 12972 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110610.dll
2008-10-28 16:19 13019 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP820\A0111647.dll

c:\avenger\7ADC2AB1.dll
2008-10-16 02:40 11261 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110285.dll

c:\avenger\82710040.dll
2008-10-16 02:39 11379 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110611.dll

c:\avenger\9CA963CA.dll
2008-10-16 02:41 11907 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110612.dll
2008-11-04 07:15 12564 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116077.dll

c:\avenger\AcSpecf.dll
2008-10-25 04:07 9728 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110613.dll
2008-10-28 21:00 9728 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP821\A0111746.dll

c:\avenger\amvo0.dll
2008-10-24 04:03 54784 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110287.dll
2008-11-05 12:12 54784 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116078.dll

c:\avenger\B3721C07.dll
2008-11-04 17:03 12552 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116079.dll

c:\avenger\C250CF20.dll
2008-10-16 02:40 11652 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110615.dll

c:\avenger\C56BCC10.dll
2008-10-17 22:34 216485 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110616.dll

c:\avenger\D7C79813.dll
2008-10-28 20:59 11734 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP821\A0111749.dll
2008-11-04 07:15 11728 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116080.dll

c:\avenger\D91BC61E.dll
2008-10-16 02:10 12005 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110617.dll

c:\avenger\DA63E650.dll
2008-10-16 02:40 12770 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110618.dll
2008-11-04 07:14 12864 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116081.dll

c:\avenger\DE02F764.dll
2008-10-16 02:09 217178 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110619.dll
2008-11-04 07:14 217249 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116082.dll

c:\avenger\HBBO.dll
2008-10-23 20:51 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110621.dll

c:\avenger\HBCHIBI.dll
2008-10-23 20:51 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110622.dll

c:\avenger\HBFY.dll
2008-10-16 06:00 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110623.dll

c:\avenger\HBKernel32.sys
2008-10-16 02:42 14944 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110288.sys

c:\avenger\HBmhly.dll
2008-10-19 00:55 19968 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110289.dll
2008-11-04 07:14 19968 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116083.dll

c:\avenger\HBQQFFO.dll
2008-10-23 20:52 16384 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110624.dll

c:\avenger\HBQQSG.dll
2008-10-19 00:55 14848 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110625.dll

c:\avenger\HBSO2.dll
2008-10-19 00:55 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110626.dll

c:\avenger\HBZG.dll
2008-10-24 18:44 13312 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110627.dll
2008-10-28 20:59 13312 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP821\A0111752.dll

c:\avenger\HBZHUXIAN.dll
2008-10-23 20:52 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110628.dll
2008-11-04 07:15 24576 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116084.dll

c:\avenger\msgmr.dll
2008-10-24 04:12 15872 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110292.dll
2008-10-28 17:21 15872 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP820\A0111679.dll

c:\avenger\System.exe
2008-10-19 00:54 3572 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110293.exe

c:\avenger\Update.dll
2008-10-16 02:09 237568 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110296.dll
2008-11-04 07:14 237568 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116085.dll

c:\avenger\upnpsrv.dll
2007-04-16 07:52 20480 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110631.dll
2007-04-16 07:52 20480 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116086.dll

C:\copy.exe
2006-05-12 17:40 1211 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP822\A0112004.exe

C:\d6fagcs8.cmd
2008-02-15 05:11 103461 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP812\A0103590.cmd
2008-10-27 20:55 103461 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0115815.cmd

C:\Dc266.EXE
2006-03-18 02:18 409600 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP807\A0102188.EXE

2008-10-25 04:51 2372471 c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2008-09-23 23:59 2189863 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110570.exe

c:\documents and settings\OKUCU\Desktop\OTScanIt2\catchme.exe
2007-11-27 14:14 140288 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110557.exe

c:\documents and settings\OKUCU\Desktop\OTScanIt2\OTScanIt2.exe
2008-10-24 20:11 417792 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110558.exe

c:\documents and settings\OKUCU\Desktop\pdf converter\Crack\ConverterCore.dll
{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP811\A010
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-19 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-05-05 22656]
"MPKrnl"="c:\windows\MPKrnl.dll" [2008-11-11 20480]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 c:\windows\KHALMNPR.Exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 c:\windows\system32\TCtrlIOHook.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 c:\windows\agrsmmsg.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MPMKrnl"="c:\windows\MKMKrnl.dll" [2008-11-11 10240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-28 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F8E07BB2-7A19-4057-80F1-E14646E630B4}"= "F8E07BB2.dll" [BU]
"{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}"= "4FBFD5A4.dll" [BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^OKUCU^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\OKUCU\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-03 09:11 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-20 12:36 1207080 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 03:58 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-27 01:18 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 05:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 06:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 06:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2005-08-30 02:53 1077329 c:\program files\Toshiba\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 08:20 20058152 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 01:31 118784 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 09:45 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2005-06-06 00:58 24576 c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 c39e8db;c39e8db;c:\windows\system32\c39e8db.sys [2008-11-11 5504]
S3 d7b49fa;d7b49fa;c:\windows\system32\d7b49fa.sys [2008-11-11 5504]
S3 de8296f;de8296f;c:\windows\system32\de8296f.sys [2008-11-11 5504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-03 29744]
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 03:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 07:33:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-12 7:41:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 15:41:05
ComboFix2.txt 2008-11-12 07:33:00
ComboFix3.txt 2008-11-12 03:58:35
ComboFix4.txt 2008-11-11 05:11:45
ComboFix5.txt 2008-11-12 15:23:37

Pre-Run: 14,518,075,392 bytes free
Post-Run: 14,512,517,120 bytes free

1452 --- E O F --- 2008-10-16 20:32:25
  • 0

#37
okucu
Posted 12 November 2008 - 10:48 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
And the other 2 logs :


SDFix: Version 1.240
Run by OKUCU on 12/11/2008 at 08:02

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\OKUCU\Desktop\SDFix\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\system.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 08:15:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d019af]
"001247b82717"=hex:ca,3e,7d,b2,e2,9c,1f,d8,0d,b4,7d,8e,b4,d3,7e,32
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d019af]
"001247b82717"=hex:ca,3e,7d,b2,e2,9c,1f,d8,0d,b4,7d,8e,b4,d3,7e,32

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :


File Backups: - C:\DOCUME~1\OKUCU\Desktop\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Wed 12 Nov 2008 11,219 A.SH. --- "C:\WINDOWS\system32\01AFE3DC.dll"
Wed 12 Nov 2008 12,617 A.SH. --- "C:\WINDOWS\system32\08223B03.dll"
Wed 12 Nov 2008 12,647 A.SH. --- "C:\WINDOWS\system32\122B901E.dll"
Wed 12 Nov 2008 216,338 A.SH. --- "C:\WINDOWS\system32\3F21AA0C.dll"
Wed 12 Nov 2008 13,611 A.SH. --- "C:\WINDOWS\system32\43ACDCC5.dll"
Wed 12 Nov 2008 11,960 A.SH. --- "C:\WINDOWS\system32\4D023DE9.dll"
Wed 12 Nov 2008 217,351 A.SH. --- "C:\WINDOWS\system32\4FBFD5A4.dll"
Wed 12 Nov 2008 12,942 A.SH. --- "C:\WINDOWS\system32\58FF3024.dll"
Wed 12 Nov 2008 12,717 A.SH. --- "C:\WINDOWS\system32\5934EA2B.dll"
Wed 12 Nov 2008 217,404 A.SH. --- "C:\WINDOWS\system32\70B0129E.dll"
Wed 12 Nov 2008 11,555 A.SH. --- "C:\WINDOWS\system32\9F684DE8.dll"
Wed 12 Nov 2008 13,085 A.SH. --- "C:\WINDOWS\system32\DA63E650.dll"
Wed 12 Nov 2008 217,420 A.SH. --- "C:\WINDOWS\system32\E3367679.dll"
Wed 12 Nov 2008 11,328 A.SH. --- "C:\WINDOWS\system32\E4814792.dll"
Wed 12 Nov 2008 216,659 A.SH. --- "C:\WINDOWS\system32\F2CBFAC4.dll"
Wed 12 Nov 2008 11,722 A.SH. --- "C:\WINDOWS\system32\F65BDEC7.dll"
Wed 12 Nov 2008 216,781 A.SH. --- "C:\WINDOWS\system32\F8E07BB2.dll"
Sun 25 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 4 Apr 2008 6,104,632 A..HR --- "C:\Program Files\Google\Picasa3\setup.exe"
Thu 23 Oct 2008 216,519 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\01BD9E17.dll"
Thu 23 Oct 2008 11,321 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\9F684DE8.dll"
Thu 23 Oct 2008 11,426 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\A8FC611B.dll"
Mon 27 Oct 2008 11,735 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\CABA599D.dll"
Sun 26 Oct 2008 11,749 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\E0D39066.dll"
Thu 23 Oct 2008 216,859 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\E3367679.dll"
Thu 16 Oct 2008 11,137 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_141050\WINDOWS\system32\E4814792.dll"
Tue 28 Oct 2008 216,520 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_075007\WINDOWS\system32\01BD9E17.dll"
Tue 28 Oct 2008 11,749 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_075007\WINDOWS\system32\E0D39066.dll"
Tue 28 Oct 2008 216,876 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_075007\WINDOWS\system32\E3367679.dll"
Wed 29 Oct 2008 216,483 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_222535\WINDOWS\system32\01BD9E17.dll"
Wed 29 Oct 2008 11,301 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_222535\WINDOWS\system32\9F684DE8.dll"
Wed 29 Oct 2008 11,708 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_222535\WINDOWS\system32\CABA599D.dll"
Wed 29 Oct 2008 11,717 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_222535\WINDOWS\system32\E0D39066.dll"
Wed 29 Oct 2008 216,862 A.SH. --- "C:\_OTMoveIt\MovedFiles\10292008_222535\WINDOWS\system32\E3367679.dll"
Thu 30 Oct 2008 11,301 A.SH. --- "C:\_OTMoveIt\MovedFiles\10302008_212749\WINDOWS\system32\9F684DE8.dll"
Thu 30 Oct 2008 11,708 A.SH. --- "C:\_OTMoveIt\MovedFiles\10302008_212749\WINDOWS\system32\CABA599D.dll"
Thu 30 Oct 2008 11,717 A.SH. --- "C:\_OTMoveIt\MovedFiles\10302008_212749\WINDOWS\system32\E0D39066.dll"
Thu 30 Oct 2008 216,862 A.SH. --- "C:\_OTMoveIt\MovedFiles\10302008_212749\WINDOWS\system32\E3367679.dll"
Fri 31 Oct 2008 11,325 A.SH. --- "C:\_OTMoveIt\MovedFiles\10312008_233237\WINDOWS\system32\9F684DE8.dll"
Fri 31 Oct 2008 11,737 A.SH. --- "C:\_OTMoveIt\MovedFiles\10312008_233237\WINDOWS\system32\CABA599D.dll"
Fri 31 Oct 2008 11,717 A.SH. --- "C:\_OTMoveIt\MovedFiles\10312008_233237\WINDOWS\system32\E0D39066.dll"
Fri 31 Oct 2008 216,862 A.SH. --- "C:\_OTMoveIt\MovedFiles\10312008_233237\WINDOWS\system32\E3367679.dll"
Tue 28 Oct 2008 11,321 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_172702\WINDOWS\system32\9F684DE8.dll"
Tue 28 Oct 2008 11,426 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_172702\WINDOWS\system32\A8FC611B.dll"
Tue 28 Oct 2008 11,735 A.SH. --- "C:\_OTMoveIt\MovedFiles\10282008_191326\WINDOWS\system32\CABA599D.dll"
Tue 4 Nov 2008 11,325 A.SH. --- "C:\_OTMoveIt\MovedFiles\11042008_074914\WINDOWS\system32\9F684DE8.dll"
Tue 4 Nov 2008 11,737 A.SH. --- "C:\_OTMoveIt\MovedFiles\11042008_074914\WINDOWS\system32\CABA599D.dll"
Tue 4 Nov 2008 11,717 A.SH. --- "C:\_OTMoveIt\MovedFiles\11042008_074914\WINDOWS\system32\E0D39066.dll"
Tue 4 Nov 2008 216,862 A.SH. --- "C:\_OTMoveIt\MovedFiles\11042008_074914\WINDOWS\system32\E3367679.dll"
Thu 6 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11062008_174313\WINDOWS\system32\9F684DE8.dll"
Thu 6 Nov 2008 11,897 A.SH. --- "C:\_OTMoveIt\MovedFiles\11062008_174313\WINDOWS\system32\E0D39066.dll"
Thu 6 Nov 2008 217,046 A.SH. --- "C:\_OTMoveIt\MovedFiles\11062008_174313\WINDOWS\system32\E3367679.dll"
Thu 6 Nov 2008 11,328 A.SH. --- "C:\_OTMoveIt\MovedFiles\11062008_174313\WINDOWS\system32\E4814792.dll"
Fri 7 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_092844\WINDOWS\system32\9F684DE8.dll"
Fri 7 Nov 2008 11,897 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_092844\WINDOWS\system32\E0D39066.dll"
Fri 7 Nov 2008 11,328 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_092844\WINDOWS\system32\E4814792.dll"
Sat 8 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_224529\WINDOWS\system32\9F684DE8.dll"
Sat 8 Nov 2008 11,927 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_224529\WINDOWS\system32\E0D39066.dll"
Sat 8 Nov 2008 217,227 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_224529\WINDOWS\system32\E3367679.dll"
Sat 8 Nov 2008 11,328 A.SH. --- "C:\_OTMoveIt\MovedFiles\11082008_224529\WINDOWS\system32\E4814792.dll"
Sun 9 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_202821\WINDOWS\system32\9F684DE8.dll"
Sun 9 Nov 2008 11,927 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_202821\WINDOWS\system32\E0D39066.dll"
Sun 9 Nov 2008 217,227 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_202821\WINDOWS\system32\E3367679.dll"
Sun 9 Nov 2008 11,328 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_202821\WINDOWS\system32\E4814792.dll"
Mon 10 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_214356\WINDOWS\system32\9F684DE8.dll"
Mon 10 Nov 2008 11,927 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_214356\WINDOWS\system32\E0D39066.dll"
Mon 10 Nov 2008 217,227 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_214356\WINDOWS\system32\E3367679.dll"
Mon 10 Nov 2008 11,328 A.SH. --- "C:\_OTMoveIt\MovedFiles\11102008_214356\WINDOWS\system32\E4814792.dll"
Wed 5 Nov 2008 11,472 A.SH. --- "C:\_OTMoveIt\MovedFiles\11052008_222004\WINDOWS\system32\9F684DE8.dll"
Wed 5 Nov 2008 11,897 A.SH. --- "C:\_OTMoveIt\MovedFiles\11052008_222004\WINDOWS\system32\E0D39066.dll"
Wed 5 Nov 2008 217,046 A.SH. --- "C:\_OTMoveIt\MovedFiles\11052008_222004\WINDOWS\system32\E3367679.dll"
Fri 30 Apr 2004 281,088 A..H. --- "C:\Documents and Settings\OKUCU\My Documents\melda\USB Stick Aug 2008 - PwC related\NEW- Melda\Syngenta\syngenta\Tax reconciliations\~WRL0547.tmp"
Fri 30 Apr 2004 36,352 A..H. --- "C:\Documents and Settings\OKUCU\My Documents\melda\USB Stick Aug 2008 - PwC related\NEW- Melda\Syngenta\syngenta\Tax reconciliations\~WRL1939.tmp"

Finished!



--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : OKUCU ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2005 (Not Activated)
Firewall : Norton Internet Security 2005 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:13 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:10 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 12/11/2008| 8:28 )

--------------------\\ Listing folders in APPLIC~1

[10/10/2008|00:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[28/04/2008|07:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[12/10/2008|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[02/02/2006|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[20/05/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
[09/10/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/10/2008|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[11/11/2008|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[14/02/2008|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ifolor
[16/09/2007|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IMSI
[07/08/2008|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/11/2008|20:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/01/2006|06:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar
[28/04/2008|07:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
[28/04/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Organic
[08/09/2008|23:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Piano Med
[14/09/2005|23:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[20/02/2006|03:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[15/10/2008|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SolidDocuments
[31/10/2008|07:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15/09/2005|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/05/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
[18/01/2007|00:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[15/09/2005|01:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[14/09/2005|23:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/09/2005|01:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[15/09/2005|01:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[15/09/2005|22:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[15/09/2005|01:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

[26/04/2006|04:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[14/09/2005|23:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[27/03/2006|02:54] C:\DOCUME~1\OKUCU\APPLIC~1\Acubix PicoBackup Outlook Express Edition
[21/10/2008|09:06] C:\DOCUME~1\OKUCU\APPLIC~1\Adobe
[29/12/2005|05:03] C:\DOCUME~1\OKUCU\APPLIC~1\AdobeUM
[06/01/2006|01:19] C:\DOCUME~1\OKUCU\APPLIC~1\Apple Computer
[13/09/2006|12:09] C:\DOCUME~1\OKUCU\APPLIC~1\Arcsoft
[12/10/2008|03:08] C:\DOCUME~1\OKUCU\APPLIC~1\Autodesk
[08/08/2006|02:36] C:\DOCUME~1\OKUCU\APPLIC~1\Design Science
[23/02/2006|06:57] C:\DOCUME~1\OKUCU\APPLIC~1\FotoWire
[13/09/2006|08:20] C:\DOCUME~1\OKUCU\APPLIC~1\Google
[07/09/2008|07:05] C:\DOCUME~1\OKUCU\APPLIC~1\gtk-2.0
[25/12/2005|14:08] C:\DOCUME~1\OKUCU\APPLIC~1\Help
[14/09/2005|23:53] C:\DOCUME~1\OKUCU\APPLIC~1\Identities
[13/02/2008|03:49] C:\DOCUME~1\OKUCU\APPLIC~1\ifolor
[16/09/2007|11:26] C:\DOCUME~1\OKUCU\APPLIC~1\IMSI
[25/12/2005|14:35] C:\DOCUME~1\OKUCU\APPLIC~1\InterVideo
[18/10/2008|07:47] C:\DOCUME~1\OKUCU\APPLIC~1\LimeWire
[17/07/2006|07:37] C:\DOCUME~1\OKUCU\APPLIC~1\Logitech
[25/12/2005|08:08] C:\DOCUME~1\OKUCU\APPLIC~1\Macromedia
[07/08/2008|01:30] C:\DOCUME~1\OKUCU\APPLIC~1\Malwarebytes
[08/10/2007|11:11] C:\DOCUME~1\OKUCU\APPLIC~1\Microsoft
[26/04/2008|22:57] C:\DOCUME~1\OKUCU\APPLIC~1\Mozilla
[08/01/2006|06:38] C:\DOCUME~1\OKUCU\APPLIC~1\MSN Search Toolbar
[25/01/2006|03:13] C:\DOCUME~1\OKUCU\APPLIC~1\MSNInstaller
[06/09/2008|07:51] C:\DOCUME~1\OKUCU\APPLIC~1\Nikon
[14/10/2008|23:38] C:\DOCUME~1\OKUCU\APPLIC~1\PDFCreator
[22/04/2008|00:56] C:\DOCUME~1\OKUCU\APPLIC~1\Real
[11/11/2008|22:16] C:\DOCUME~1\OKUCU\APPLIC~1\Skype
[11/11/2008|10:50] C:\DOCUME~1\OKUCU\APPLIC~1\SolidDocuments
[15/09/2005|01:46] C:\DOCUME~1\OKUCU\APPLIC~1\Sonic
[27/02/2006|10:17] C:\DOCUME~1\OKUCU\APPLIC~1\Sun
[25/12/2005|11:12] C:\DOCUME~1\OKUCU\APPLIC~1\Symantec
[26/04/2008|23:03] C:\DOCUME~1\OKUCU\APPLIC~1\Talkback
[15/06/2006|09:16] C:\DOCUME~1\OKUCU\APPLIC~1\toshiba
[24/09/2008|23:44] C:\DOCUME~1\OKUCU\APPLIC~1\U3

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/11/2008 22:19][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[12/11/2008 08:12][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/02/2006|03:52] C:\Program Files\ABBYY FineReader 5.0 Sprint
[02/02/2006|03:51] C:\Program Files\ABBYY FineReader 6.0
[09/10/2008|10:32] C:\Program Files\Adobe
[15/09/2005|00:55] C:\Program Files\Apoint2K
[10/10/2008|00:13] C:\Program Files\AutoCAD 2008
[09/10/2008|08:54] C:\Program Files\Autodesk
[09/10/2008|10:30] C:\Program Files\Bonjour
[08/01/2006|05:00] C:\Program Files\CCleaner
[12/11/2008|07:30] C:\Program Files\Common Files
[14/09/2005|23:22] C:\Program Files\ComPlus Applications
[28/12/2005|08:36] C:\Program Files\DVD-RAM
[01/10/2008|22:33] C:\Program Files\eMule
[07/08/2008|08:33] C:\Program Files\Enigma Software Group
[02/02/2006|03:51] C:\Program Files\FaxTools
[04/10/2008|22:22] C:\Program Files\Google
[27/03/2007|06:03] C:\Program Files\Hewlett-Packard
[13/02/2008|03:49] C:\Program Files\ifolor
[16/09/2007|11:11] C:\Program Files\IMSI
[13/10/2008|21:17] C:\Program Files\InstallShield Installation Information
[25/12/2005|07:55] C:\Program Files\Intel
[16/10/2008|12:31] C:\Program Files\Internet Explorer
[25/12/2005|07:57] C:\Program Files\InterVideo
[05/01/2006|16:13] C:\Program Files\iPod
[21/05/2008|23:07] C:\Program Files\IrfanView
[05/01/2006|16:13] C:\Program Files\iTunes
[14/09/2005|23:45] C:\Program Files\Java
[03/03/2006|04:17] C:\Program Files\Klick Photopoint
[23/08/2008|00:48] C:\Program Files\Lexmark X1100 Series
[01/05/2008|12:56] C:\Program Files\LimeWire
[17/07/2006|07:32] C:\Program Files\Logitech
[15/09/2005|00:46] C:\Program Files\ltmoh
[25/10/2008|04:51] C:\Program Files\Malwarebytes' Anti-Malware
[13/10/2008|12:55] C:\Program Files\MathType
[27/01/2006|02:02] C:\Program Files\Mein CEWE FOTOBUCH
[12/11/2008|07:45] C:\Program Files\Messenger
[27/09/2007|13:08] C:\Program Files\Microsoft ActiveSync
[14/09/2005|23:25] C:\Program Files\microsoft frontpage
[25/12/2005|14:42] C:\Program Files\Microsoft Office
[25/12/2005|13:43] C:\Program Files\Microsoft Visual Studio
[15/09/2005|01:50] C:\Program Files\Microsoft.NET
[14/09/2005|23:22] C:\Program Files\Movie Maker
[25/10/2008|03:50] C:\Program Files\Mozilla Firefox
[25/01/2006|03:13] C:\Program Files\MSN
[14/09/2005|23:21] C:\Program Files\MSN Gaming Zone
[26/09/2007|04:47] C:\Program Files\MSN Messenger
[08/01/2006|06:36] C:\Program Files\MSN Toolbar Suite
[17/09/2007|03:02] C:\Program Files\MSXML 4.0
[11/10/2008|01:25] C:\Program Files\MSXML 6.0
[14/09/2005|23:22] C:\Program Files\NetMeeting
[01/10/2008|22:29] C:\Program Files\Netopia
[20/05/2008|05:38] C:\Program Files\Nikon
[10/10/2008|00:32] C:\Program Files\Nikon_Capture_NX2_v2.1.0
[21/03/2006|02:25] C:\Program Files\Norton Internet Security
[14/09/2005|23:23] C:\Program Files\Online Services
[23/07/2008|11:10] C:\Program Files\Outlook Express
[06/12/2006|06:01] C:\Program Files\PartyGaming
[14/10/2008|23:38] C:\Program Files\PDFCreator
[09/12/2006|10:14] C:\Program Files\Philips
[14/02/2008|13:31] C:\Program Files\PhotoBox
[19/04/2006|11:59] C:\Program Files\PIXELA
[28/04/2008|07:17] C:\Program Files\QuickTime
[26/09/2007|04:51] C:\Program Files\Real
[15/09/2005|00:47] C:\Program Files\Realtek AC97
[06/06/2008|11:41] C:\Program Files\Screensaver SBB
[25/10/2008|05:09] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[20/02/2006|03:35] C:\Program Files\Skype
[15/10/2008|00:10] C:\Program Files\SolidDocuments
[15/09/2005|01:34] C:\Program Files\Sonic
[19/04/2006|11:57] C:\Program Files\Sony Corporation
[06/09/2007|06:24] C:\Program Files\Spybot - Search & Destroy
[01/10/2008|22:31] C:\Program Files\Swiss International Air Lines TravelDesk
[15/09/2005|22:29] C:\Program Files\Symantec
[25/10/2008|05:09] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[18/04/2006|00:28] C:\Program Files\Toshiba
[06/08/2008|22:33] C:\Program Files\Trend Micro
[09/10/2008|09:00] C:\Program Files\turbo squid tentacles
[09/10/2008|08:21] C:\Program Files\Uninstall Information
[15/10/2008|01:49] C:\Program Files\Visage
[23/04/2006|23:17] C:\Program Files\Winamp
[22/02/2006|23:55] C:\Program Files\Windows Media Player
[14/09/2005|23:21] C:\Program Files\Windows NT
[14/09/2005|23:23] C:\Program Files\WindowsUpdate
[11/02/2007|13:28] C:\Program Files\WinRAR
[14/09/2005|23:25] C:\Program Files\xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/10/2008|10:30] C:\Program Files\Common Files\Adobe
[10/10/2008|00:12] C:\Program Files\Common Files\Autodesk Shared
[09/10/2008|08:14] C:\Program Files\Common Files\Designer
[03/03/2006|04:17] C:\Program Files\Common Files\FotoWire
[15/09/2005|01:00] C:\Program Files\Common Files\InstallShield
[14/09/2005|23:45] C:\Program Files\Common Files\Java
[17/07/2006|07:32] C:\Program Files\Common Files\Logitech
[09/10/2008|10:17] C:\Program Files\Common Files\Macrovision Shared
[28/04/2008|07:26] C:\Program Files\Common Files\Microsoft Shared
[14/09/2005|23:22] C:\Program Files\Common Files\MSSoap
[19/04/2006|11:56] C:\Program Files\Common Files\muvee Technologies
[06/09/2008|07:48] C:\Program Files\Common Files\Nikon
[15/09/2005|00:16] C:\Program Files\Common Files\ODBC
[26/04/2008|22:56] C:\Program Files\Common Files\Real
[14/09/2005|23:22] C:\Program Files\Common Files\Services
[15/09/2005|00:16] C:\Program Files\Common Files\SpeechEngines
[12/11/2008|08:11] C:\Program Files\Common Files\Symantec Shared
[13/06/2007|04:09] C:\Program Files\Common Files\System
[15/10/2008|01:49] C:\Program Files\Common Files\Visage Software
[15/10/2008|01:49] C:\Program Files\Common Files\Wise Installation Wizard
[26/04/2008|22:56] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 70 Processes )

iexplore.exe ~ [PID:4012]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 08:29:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack\ConverterCore.dll
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack\SCPDFCreator.dll


[F:4][D:1]-> C:\DOCUME~1\OKUCU\LOCALS~1\Temp
[F:26][D:0]-> C:\DOCUME~1\OKUCU\Cookies
[F:118][D:4]-> C:\DOCUME~1\OKUCU\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 12/11/2008| 8:30 - Option : [1]

--------------------\\ Scan completed at 8:30:41
  • 0

#38
Egwene
Posted 12 November 2008 - 10:56 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello again,

Some thougths here :

1)

C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack\ConverterCore.dll
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack\SCPDFCreator.dll


Are you still using cracks ? If you are currently using cracks, don't be suprised that the infection comes back again.

2) Looks like an other helper is currently helping you... Do you receive an other help ? If you receive an other help, it's the best way to wreak havoc your computer :)

c:\avenger\upnpsrv.dll
2007-04-16 07:52 20480 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110631.dll
2007-04-16 07:52 20480 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP826\A0116086.dll

c:\documents and settings\OKUCU\Desktop\OTScanIt2\catchme.exe
2007-11-27 14:14 140288 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110557.exe

c:\documents and settings\OKUCU\Desktop\OTScanIt2\OTScanIt2.exe
2008-10-24 20:11 417792 {FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP818\A0110558.exe


Please give me the link of your other thread where you get an other help.

Answer my two points please before going on. The infection come back again and again and again, but either SDfix either combofix shows something strange.

But, maybe you have a very nasty and new kind of infection... I'm waiting for your answer first, and after i will give you the next step, to make a deeper scan.

I need to work now, i will come back online in 2 or 3 hours.

Regards,
Egwene.

Edited by Egwene, 12 November 2008 - 10:59 AM.

  • 0

#39
okucu
Posted 12 November 2008 - 11:16 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hi Ewgene ,

I unfortunately had someone load 3-4 pirate programs in my computer and he did use cracks . The programs were AutoCad,Photoshop, and some 3D graphic program .

No one else is helping me other than you . However , whenever my computer blocked,I had to use MoveIt - maybe 2-4 times everyday to get it back going again . Otherwise I can't even open GeekstoGo . I also had some help in August 2008 - again because of spyware problem .
  • 0

#40
Egwene
Posted 12 November 2008 - 12:55 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Ok, let's go on :)

Sounds like the infection come back again. Therefore, we need to find why. You can run combofix without Cfscript instead of MoveIT when your computer is too slow.

You have a backdoor trojan installed on your computer.
Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

***



Please do this :

1) Run OTmoveIT3 :

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack

:commands
[purity]
[emptytemp]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

3) Run IceWord :

Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.

Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.

Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.

Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.

Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.

Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

We will fix it ! :)

Regards,
Egwene.

Edited by Egwene, 12 November 2008 - 12:57 PM.

  • 0

Advertisements

#41
okucu
Posted 12 November 2008 - 08:05 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I'm sorry but the Kaspersky does not seem to be loading . After I click Accept , it waits a while and says Java applet has failed and I have to download it online . I try that and click for download but it does not proceed - I tried 4 times ...See below :


Please wait until the program's applet has been loaded, and a Java plug-in security warning message has appeared. If you click Cancel, you'll need to close the Kaspersky Online Scanner 7.0 window and open it again to continue installation.

Starting Java applet has failed! Please go online to use this program.Scan Scan statistics

Nothing is clickable in that screen .


Any suggestions ?
  • 0

#42
okucu
Posted 12 November 2008 - 09:14 PM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
As explained above,couldn't download and run Kaspersky ...Out of curiosity, I did run IceSword , and to my surprise , there are NO RED entries ! ! Strange when considering my CPU is %100 gone again !!
  • 0

#43
Egwene
Posted 13 November 2008 - 02:46 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Please post me the repports i've asked you about step 1 and step 3 :)

I've asked some advices about your issue, and we may have found where the problem is... But i need your logs to go on.

Regards,
Egwene.
  • 0

#44
okucu
Posted 13 November 2008 - 09:10 AM

okucu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Here's the OTMoveIt from last night and the 2 logs you wanted . As I said , nothing in RED :-)

========== FILES ==========
C:\DOCUME~1\OKUCU\My Documents\Downloaded programs\pdf converter\Crack moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OKUCU\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OKUCU\LOCALS~1\Temp\wmsetup.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OKUCU\LOCALS~1\Temp\~DF6C9F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OKUCU\LOCALS~1\Temp\~DF6CAA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\wmsetup.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 11122008_170331

Files moved on Reboot...
C:\DOCUME~1\OKUCU\LOCALS~1\Temp\WCESLog.log moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\OKUCU\LOCALS~1\Temp\wmsetup.dll
C:\DOCUME~1\OKUCU\LOCALS~1\Temp\wmsetup.dll NOT unregistered.
C:\DOCUME~1\OKUCU\LOCALS~1\Temp\wmsetup.dll moved successfully.
File C:\DOCUME~1\OKUCU\LOCALS~1\Temp\~DF6C9F.tmp not found!
File C:\DOCUME~1\OKUCU\LOCALS~1\Temp\~DF6CAA.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\wmsetup.dll
C:\WINDOWS\temp\wmsetup.dll NOT unregistered.
C:\WINDOWS\temp\wmsetup.dll moved successfully.

-------------------------------------------------------

Process:

System Idle Process
System
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\OKUCU\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Toshiba\E-KEY\CeEKey.exe
C:\Program Files\Toshiba\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe

----------------------------------

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SVPWUTIL
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TFncKy
TFncKy.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tvs
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CFSServ.exe
CFSServ.exe -NoClient

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Logitech Hardware Abstraction Layer
KHALMNPR.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CeEKEY
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TPNF
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TCtryIOHook
TCtrlIOHook.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Apoint
C:\Program Files\Apoint2K\Apoint.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NDSTray.exe
NDSTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMSX
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dla
C:\WINDOWS\system32\dla\tfswctrl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG
AGRSMMSG.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HWSetup
C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
URLLSTCK.exe
C:\Program Files\Norton Internet Security\UrlLstCk.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BluetoothAuthenticationAgent
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MPKrnl
rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HBService32
System.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
H/PC Connection Agent
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk
C:\Program Files\Microsoft Office\Office10\OSA.EXE (Remark£ºMicrosoft Office StartUp)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk
C:\WINDOWS\system32\RAMASST.exe (Remark£º)

C:\Documents and Settings\OKUCU\Start Menu\Programs\Startup
desktop.ini
  • 0

#45
Egwene
Posted 13 November 2008 - 12:48 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello,

Go Start > Run - type ComboFix /Snapshot and hit enter.

Let combofix works and post me the new repport.

As i have already told you, we may have found why the infection come back... :)

Regards,
Egwene.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP