[Inactive] XP pro restart problem..

Started By Falconx67, Oct 20 2011 05:22 PM

Rootkits

This topic is locked
Go to first unread post

24 replies to this topic

#1 Falconx67

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 20 October 2011 - 05:22 PM

Hi Broni..

Below is my scanning results ...I ve succeeded to run GMER also..thanks..

Attached Files

checkup.txt 756bytes 11 downloads
Gmer.log 10.2K 37 downloads
log.txt 16.3K 10 downloads
mbam-log-2011-10-19 (07-27-39).txt 1.48K 14 downloads
Result.txt 25.91K 120 downloads

#2 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 20 October 2011 - 05:47 PM

You posted in incorrect forum.
I'll move your topic.

I also asked you to PASTE all logs, not to attach them.

#3 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 20 October 2011 - 06:01 PM

I think it s ok now..

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader 9.4.6 - Turkish
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-20 20:00:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 SAMSUNG_HD160JJ rev.ZM100-47
Running: o3two9nu.exe; Driver: D:\DOCUME~1\Mithat\LOCALS~1\Temp\fxtdypod.sys

---- System - GMER 1.0.15 ----

SSDT 8A4EA848 ZwAlertResumeThread
SSDT 8A4EA528 ZwAlertThread
SSDT 89AEC138 ZwAllocateVirtualMemory
SSDT 8A5AE0D8 ZwConnectPort
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateFile [0xB3FE8F9E]
SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4289130]
SSDT 8A36B490 ZwCreateMutant
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateSymbolicLinkObject [0xB3FE945A]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateThread [0xB3FE87A4]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteKey [0xB3FE8D8C]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteValueKey [0xB3FE8C5E]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeviceIoControlFile [0xB3FE94F8]
SSDT 8A39F220 ZwFreeVirtualMemory
SSDT 8A4ECD90 ZwImpersonateAnonymousToken
SSDT 8A4EC0F0 ZwImpersonateThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwLoadDriver [0xB3FE85DA]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwMapViewOfSection [0xB3FE837C]
SSDT 8A40A600 ZwOpenEvent
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenFile [0xB3FE9284]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenKey [0xB3FE8F58]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenProcess [0xB3FE88C6]
SSDT 8A39E5D0 ZwOpenProcessToken
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenSection [0xB3FE8A2C]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenThread [0xB3FE8976]
SSDT 8A3DBC38 ZwOpenThreadToken
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwProtectVirtualMemory [0xB3FE941A]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwQueueApcThread [0xB3FE8854]
SSDT 8A3DBD58 ZwResumeThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSecureConnectPort [0xB3FE93B2]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetContextThread [0xB3FE830E]
SSDT 8A5039F8 ZwSetInformationProcess
SSDT 89AC8168 ZwSetInformationThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetSystemInformation [0xB3FE8736]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetValueKey [0xB3FE8E58]
SSDT 8A3E1FD0 ZwSuspendProcess
SSDT 8A4C0F08 ZwSuspendThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwTerminateProcess [0xB3FE8B44]
SSDT 8A5D5ED0 ZwTerminateThread
SSDT 8A39E038 ZwUnmapViewOfSection
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwWriteVirtualMemory [0xB3FE8240]

---- Kernel code sections - GMER 1.0.15 ----

.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73C43A0, 0x8A1A15, 0xE8000020]
init D:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB495AA80]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

---- EOF - GMER 1.0.15 ----

ComboFix 11-10-19.04 - Mithat 10/19/2011 19:28:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1272 [GMT 3:00]
Running from: d:\documents and settings\Mithat\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 15:42 . 2011-10-19 15:42 -------- d-----w- d:\documents and settings\Mithat\Local Settings\Application Data\SolarWinds
2011-10-19 15:42 . 2011-10-19 15:42 -------- d-----w- d:\program files\SolarWinds
2011-10-19 04:23 . 2011-10-19 04:23 -------- d-----w- d:\documents and settings\Mithat\Application Data\Malwarebytes
2011-10-19 04:22 . 2011-10-19 04:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 22:10 . 2011-10-18 22:20 -------- d-----w- D:\Fdawn
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\Mithat\Local Settings\Application Data\ESET
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\Mithat\Application Data\ESET
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-10-18 21:04 . 2011-06-22 16:05 167936 ----a-w- d:\windows\system32\drivers\wpshelper.sys
2011-10-18 21:02 . 2009-10-06 10:32 92488 ----a-w- d:\windows\system32\drivers\SysPlant.sys
2011-10-18 21:02 . 2011-10-18 21:02 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2011-10-18 21:02 . 2011-10-18 21:02 124976 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 20:06 . 2011-10-18 21:33 -------- d-----w- d:\program files\ESET
2011-10-18 19:48 . 2008-05-02 10:49 62976 -c----w- d:\windows\system32\dllcache\cdrom.sys
2011-10-18 19:48 . 2008-05-02 13:26 465920 -c----w- d:\windows\system32\dllcache\imapi2fs.dll
2011-10-18 19:48 . 2008-05-02 13:26 465920 ------w- d:\windows\system32\imapi2fs.dll
2011-10-18 19:48 . 2008-05-02 13:26 317440 -c----w- d:\windows\system32\dllcache\imapi2.dll
2011-10-18 19:48 . 2008-05-02 13:26 317440 ------w- d:\windows\system32\imapi2.dll
2011-10-18 17:34 . 2011-10-18 17:35 -------- d-----w- D:\cc0e18cec9414563afdd6aeb06
2011-10-18 17:34 . 2011-10-18 17:34 -------- d-----w- d:\windows\system32\CatRoot_bak
2011-10-18 17:33 . 2011-10-18 17:34 -------- d-----w- D:\fe814a6a3bdafe5c8a38b8f8124851
2011-10-18 14:07 . 2011-10-18 15:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Panda Security
2011-10-18 14:07 . 2011-10-18 15:11 -------- d-----w- d:\program files\Panda Security
2011-10-17 21:54 . 2011-10-18 12:33 -------- d-----w- d:\program files\AVAST Software
2011-10-17 21:54 . 2011-10-17 22:21 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- D:\5e6283f078e8d8df3342ad1c471e5a
2011-10-17 16:57 . 2011-10-17 20:42 -------- d-----w- d:\documents and settings\Mithat\Application Data\IObit
2011-10-17 16:30 . 2011-10-17 16:30 -------- d--h--w- d:\windows\system32\GroupPolicy
2011-10-17 14:53 . 2011-08-19 13:33 25944 ----a-w- d:\windows\system32\SmartDefragBootTime.exe
2011-10-17 14:53 . 2010-11-26 15:02 14776 ----a-w- d:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-16 18:45 . 2005-01-28 13:44 24576 ----a-r- d:\windows\system32\AsIO.dll
2011-10-16 18:45 . 2004-10-14 14:52 4962 ----a-r- d:\windows\system32\drivers\AsIO.sys
2011-10-16 18:44 . 2011-10-19 04:39 -------- d-----w- d:\program files\ASUS
2011-10-16 18:26 . 2005-05-04 06:20 53248 ------w- d:\windows\system32\wdmioctl.dll
2011-10-16 18:26 . 2001-09-11 12:20 1285632 ------w- d:\windows\system32\SMMedia.dll
2011-10-16 18:26 . 2004-12-08 14:16 49152 ----a-w- d:\windows\system32\DSndUp.exe
2011-10-16 18:26 . 2004-04-18 20:40 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-10-16 18:26 . 2004-04-18 20:39 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-10-16 18:26 . 2004-04-18 20:39 172032 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-10-16 18:26 . 2004-04-18 20:39 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-10-16 18:26 . 2011-10-16 18:26 180356 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-10-16 18:26 . 2004-04-18 20:42 733184 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-10-16 18:26 . 2011-10-16 18:26 303236 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-10-16 16:22 . 2011-10-16 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-10-16 16:22 . 2011-10-18 14:31 -------- d-----w- d:\documents and settings\UpdatusUser
2011-10-16 16:22 . 2011-08-03 11:49 146024 ----a-w- d:\windows\system32\nvsvc32.exe
2011-10-16 16:22 . 2011-08-03 11:49 145000 ----a-w- d:\windows\system32\nvcolor.exe
2011-10-16 16:22 . 2011-08-03 11:49 13892200 ----a-w- d:\windows\system32\nvcpl.dll
2011-10-16 16:22 . 2011-08-03 11:49 111208 ----a-w- d:\windows\system32\nvmctray.dll
2011-10-16 16:22 . 2011-08-03 11:49 600680 ----a-w- d:\windows\system32\easyupdatusapiu.dll
2011-10-16 16:22 . 2011-08-03 11:49 54272 ----a-w- d:\windows\system32\nvwddi.dll
2011-10-16 16:21 . 2011-10-16 16:27 280276 ----a-w- d:\windows\system32\nvdrsdb0.bin
2011-10-16 16:21 . 2011-10-16 16:27 1 ----a-w- d:\windows\system32\nvdrssel.bin
2011-10-16 16:21 . 2011-10-16 16:27 280276 ----a-w- d:\windows\system32\nvdrsdb1.bin
2011-10-16 16:12 . 2005-06-20 13:00 23552 ----a-w- d:\windows\system32\PostProc.dll
2011-10-16 16:12 . 2005-06-07 13:00 393088 ----a-w- d:\windows\system32\drivers\senfilt.sys
2011-10-16 16:12 . 2006-07-04 21:01 151552 ----a-w- d:\windows\system32\drivers\ADIHdAud.sys
2011-10-16 16:12 . 2005-12-19 13:00 92800 ----a-w- d:\windows\system32\drivers\aeaudio.sys
2011-10-16 16:12 . 2001-09-17 13:00 765952 ----a-w- d:\windows\system\crlds3d.dll
2011-10-16 14:09 . 2011-08-03 11:49 875112 ----a-w- d:\windows\system32\nvgenco32.dll
2011-10-16 14:09 . 2011-08-03 11:49 914024 ----a-w- d:\windows\system32\nvdispco32.dll
2011-10-16 13:46 . 2011-10-16 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA
2011-10-15 09:55 . 2004-08-13 15:56 5810 ----a-w- d:\windows\system32\drivers\ASACPI.sys
2011-10-15 09:40 . 2011-10-15 09:40 -------- d-----w- d:\windows\system32\drivers\system32
2011-10-14 12:31 . 2011-10-14 12:38 -------- d-----w- d:\documents and settings\Guest\Application Data\Winamp
2011-09-26 19:12 . 2011-09-26 19:12 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{37D03AD2-1C4A-4C63-AAEE-7DDE8535DD3C}
2011-09-26 11:48 . 2011-09-26 11:48 -------- d-sh--w- d:\documents and settings\Guest\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 22:24 . 2011-06-07 14:03 23624 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2011-10-12 12:21 . 2011-05-14 15:56 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 08:41 . 2008-07-29 17:59 612352 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2001-11-22 12:00 20992 ----a-w- d:\windows\system32\oleaccrc.dll
2011-09-26 08:41 . 2001-11-22 12:00 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-09 09:11 . 2008-04-14 06:00 600064 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 14:09 . 2008-04-14 05:36 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-08-24 17:39 . 2011-01-12 15:16 323816 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2011-08-22 23:40 . 2008-04-14 06:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-08-22 23:40 . 2008-04-14 06:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-08-22 23:40 . 2008-04-14 06:00 43520 ------w- d:\windows\system32\licmgr10.dll
2011-08-22 11:58 . 2008-04-14 05:37 385024 ------w- d:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 09:19 138496 ----a-w- d:\windows\system32\drivers\afd.sys
2011-08-03 11:49 . 2011-07-13 22:51 61440 ----a-w- d:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-07-13 22:50 5427200 ----a-w- d:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-07-13 22:50 2387560 ----a-w- d:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-07-13 22:50 2090088 ----a-w- d:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-07-13 22:50 17186816 ----a-w- d:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-07-13 22:50 16191488 ----a-w- d:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-07-13 22:50 2404864 ----a-w- d:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-01-12 15:39 4210816 ----a-w- d:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2011-01-12 15:39 12542592 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2011-07-25 11:44 . 2011-07-25 11:44 15872 ----a-w- d:\windows\system32\drivers\HpqKbFiltr.sys
2011-07-25 11:44 . 2011-07-25 11:44 1419232 ----a-w- d:\windows\system32\drivers\wdfcoinstaller01005.dll
2011-10-06 19:59 . 2011-07-18 13:53 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AntiLogger"="d:\program files\AntiLogger\AntiLogger.exe" [2011-09-26 2976200]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"Smart Start UP"="d:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2007-04-27 104528]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-06 115560]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- d:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-07-05 07:08 1632360 ----a-w- d:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 14:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Oyunlar\\microsoft games\\rise.exe"=
"c:\\Oyunlar\\microsoft games\\nations.exe"=
"c:\\Program Files\\valve\\hl.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"d:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;d:\windows\system32\drivers\SmartDefragDriver.sys [10/17/2011 17:53 14776]
R1 AntiLog32;AntiLog32;d:\program files\AntiLogger\AntiLog32.sys [9/26/2011 13:41 122072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/19/2011 00:14 105592]
R3 vmfilter303;vmfilter303;d:\windows\system32\drivers\vmfilter303.sys [1/14/2011 16:39 428160]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 20:32 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/16/2011 19:22 2255464]
S3 A38CCID;CCID USB Smart Card Reader;d:\windows\system32\drivers\a38ccid.sys [2/1/2011 00:58 38016]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 20:32 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;d:\windows\system32\drivers\hitmanpro35.sys [6/7/2011 17:03 23624]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 d:\windows\Tasks\Advanced Registry Optimizer.job
- d:\program files\Advanced Registry Optimizer\ARO.exe [2011-01-12 08:07]
.
2011-07-13 d:\windows\Tasks\DriverScanner.job
- d:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-13 08:22]
.
2011-10-18 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 17:32]
.
2011-10-19 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 17:32]
.
2011-10-17 d:\windows\Tasks\SmartDefrag_Startup.job
- d:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-27 07:35]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Microsoft Excel'e &Ver - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\documents and settings\Mithat\Application Data\Mozilla\Firefox\Profiles\t30isd63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&ilc=12&vl=lang_tr&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(20176)
d:\windows\system32\WININET.dll
d:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
d:\windows\system32\webcheck.dll
.
Completion time: 2011-10-19 19:45:36
ComboFix-quarantined-files.txt 2011-10-19 16:45
ComboFix2.txt 2011-10-19 14:23
.
Pre-Run: 33,479,307,264 bayt boş
Post-Run: 33,463,279,616 bayt boş
.
- - End Of File - - CA4AACB85D2BB17AD1349D7C7AAF846C

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Veritabanı sürümü: 7977

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/19/2011 07:27:39
mbam-log-2011-10-19 (07-27-39).txt

Tarama kipi: Hızlı tarama
Taranmış öğeler: 207082
Geçen süre: 3 dakika, 1 saniye

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 1
Etkilenmiş Veri Öğeleri: 3
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Değerleri:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Delete on reboot.

Etkilenmiş Veri Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
(Zararlı öğe tespit edilmedi)

MiniToolBox by Farbar
Ran by Mithat (administrator) on 19-10-2011 at 08:20:47
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Arabirim IP Yapılandırması
# ----------------------------------
pushd interface ip

# "Yerel Ağ Bağlantısı" için Arabirim IP Yapılandırması

set address name="Yerel Ağ Bağlantısı" source=dhcp
set dns name="Yerel Ağ Bağlantısı" source=dhcp register=PRIMARY
set wins name="Yerel Ağ Bağlantısı" source=dhcp

popd
# Arabirim IP yapılandırmasının sonu

Windows IP Yapılandırması Ana Bilgisayar Adı . . . . . . . : Fatih Birincil DNS Soneki . . . . . . . : Düğüm Türü . . . . .. . . : Bilinmiyor IP Yönlendirme Etkin . . . . . : Hayır WINS Proxy Etkin . . . . . . . : Hayır Ethernet bağdaştırıcı Yerel Ağ Bağlantısı: Bağlantıya özgü DNS Soneki . . . : Açıklama . . . . . . . . . . . . : Realtek PCIe GBE Family Controller Fiziksel Adres. . . . . . . . . . : 00-1A-92-09-B1-3B Dhcp Etkin. . . . . . . . . . . : Evet Otomatik Yapılandırma Etkin. . . : Evet IP Adres. . . . . . . . . . . . . : 192.168.1.252 Alt Ağ Maskesi. . . . . . . . . . : 255.255.255.0 Varsayılan Ağ Geçidi. . . . . . . : 192.168.1.1 DHCP Sunucusu . . . . . . . . . . : 192.168.1.1 DNS Sunucusu. . . . . . . . . . . : 192.168.1.1 Kira Sağlanan. . . . . . . . . . : Çarşamba, Ekim 19, 2011 8:13:51 Kira Bitişi . . . . . . . . . . . : Cumartesi, Ekim 29, 2011 8:13:51 Sunucu: UnKnown
Address: 192.168.1.1

Ad: google.com
Addresses: 74.125.39.99, 74.125.39.103, 74.125.39.104, 74.125.39.105
74.125.39.106, 74.125.39.147

32 bayt veri ile google.com [74.125.39.99] 'ping' ediliyor: 74.125.39.99 cevab: bayt=32 sre=57ms TTL=50 74.125.39.99 cevab: bayt=32 sre=57ms TTL=50 74.125.39.99 i‡in Ping istatisti§i: Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (0% kayp), Mili saniye trnden yaklaŸk tur sreleri: En Az = 57ms, En €ok = 57ms, Ortalama = 57ms Sunucu: UnKnown
Address: 192.168.1.1

Ad: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43

32 bayt veri ile yahoo.com [98.137.149.56] 'ping' ediliyor: 98.137.149.56 cevab: bayt=32 sre=207ms TTL=49 98.137.149.56 cevab: bayt=32 sre=253ms TTL=49 98.137.149.56 i‡in Ping istatisti§i: Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (0% kayp), Mili saniye trnden yaklaŸk tur sreleri: En Az = 207ms, En €ok = 253ms, Ortalama = 230ms 32 bayt veri ile 127.0.0.1 'ping' ediliyor: 127.0.0.1 cevab: bayt=32 sre<1ms TTL=128 127.0.0.1 cevab: bayt=32 sre<1ms TTL=128 127.0.0.1 i‡in Ping istatisti§i: Paket: Giden = 2, Gelen = 2, Kaybolan = 0 (0% kayp), Mili saniye trnden yaklaŸk tur sreleri: En Az = 0ms, En €ok = 0ms, Ortalama = 0ms ===========================================================================
Arabirim Listesi
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 92 09 b1 3b ...... Realtek PCIe GBE Family Controller - Teefer2 Miniport
===========================================================================
===========================================================================
Etkin Yollar:
A§ Hedefi A§ Maskesi A§ Ge‡idi Arabirim ™l‡t
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.252 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.252 192.168.1.252 20
192.168.1.252 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.252 192.168.1.252 20
224.0.0.0 240.0.0.0 192.168.1.252 192.168.1.252 20
255.255.255.255 255.255.255.255 192.168.1.252 192.168.1.252 1
Varsaylan
A§ Ge‡idi: 192.168.1.1
===========================================================================
Srekli Yollar:
Yok
========================= Winsock entries =====================================

Catalog5 01 D:\Windows\System32\mswsock.dll [245760] (Microsoft Corporation)
Catalog5 02 D:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 D:\Windows\System32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 01 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 02 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 03 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 04 D:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 D:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 07 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 08 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 09 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 10 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 11 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 12 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)
Catalog9 13 D:\Windows\system32\mswsock.dll [245760] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/19/2011 08:14:14 AM) (Source: PerfNet) (User: )
Description: Sunucu hizmeti açılamıyor. Suınucu performans
verileri döndürülemeyecek. Döndürülen hata kodu,
DWORD 0 verisinde.

Error: (10/19/2011 07:47:12 AM) (Source: PerfNet) (User: )
Description: Sunucu hizmeti açılamıyor. Suınucu performans
verileri döndürülemeyecek. Döndürülen hata kodu,
DWORD 0 verisinde.

Error: (10/19/2011 07:42:12 AM) (Source: PerfNet) (User: )
Description: Sunucu hizmeti açılamıyor. Suınucu performans
verileri döndürülemeyecek. Döndürülen hata kodu,
DWORD 0 verisinde.

Error: (10/19/2011 07:35:23 AM) (Source: PerfNet) (User: )
Description: Sunucu hizmetinden Sunucu Kuyruğu performans verileri okunamıyor.
Bu örneklemde hiçbir Sunucu Kuyruğu performans verisi döndürülmeyecek.
Döndürülen hata kodu, DWORD 0 verisinde, IOSB.Status değeri, DWORD 1
ve IOSB.Information değeri DWORD 2.

Error: (10/19/2011 07:35:23 AM) (Source: PerfNet) (User: )
Description: Sunucu hizmetinden performans verileri okunamıyor.
Bu örneklemde hiçbir Sunucu performans verisi döndürülmeyecek.
Döndürülen hata kodu, DWORD 0 verisinde, IOSB.Status değeri, DWORD 1
ve IOSB.Information değeri DWORD 2.

Error: (10/19/2011 07:02:44 AM) (Source: MsiInstaller) (User: Mithat)Mithat
Description: Ürün: ESET Smart Security -- Error 1705. Bu ürünün önceki bir yükleme işlemi sürüyor. Devam etmek için bu yüklemenin yaptığı değişiklikleri geri almanız gerekir. Bu değişiklikleri geri almak istiyor musunuz?

Error: (10/15/2011 02:06:02 PM) (Source: Application Error) (User: )
Description: Başarısızlık demeti -1658930544.
Wep anahtar değişimi, 802.1x kimlik doğrulamasından sonra güvenli bir bağlantı kurulmasıyla sonuçlanmadı. Geçerli ayar başarısız olarak işaretlenip Kablosuz bağlantı kesilecek.

Error: (10/15/2011 02:05:21 PM) (Source: Application Error) (User: )
Description: Hata uygulaması chrome.exe, sürüm 14.0.835.202, hata modülü chrome.dll, sürümü 14.0.835.202, hata adresi 0x0022e40d.
Ortama özel olay [chrome.exe!ws!] için işleniyor

Error: (10/12/2011 03:36:49 PM) (Source: Application Error) (User: )
Description: Hata uygulaması chrome.exe, sürüm 14.0.835.202, hata modülü chrome.dll, sürümü 14.0.835.202, hata adresi 0x0022e40d.
Ortama özel olay [chrome.exe!ws!] için işleniyor

Error: (10/12/2011 03:36:18 PM) (Source: Application Error) (User: )
Description: Hata uygulaması chrome.exe, sürüm 14.0.835.202, hata modülü chrome.dll, sürümü 14.0.835.202, hata adresi 0x0022e40d.
Ortama özel olay [chrome.exe!ws!] için işleniyor

System errors:
=============
Error: (10/19/2011 08:14:26 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:47:27 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:42:59 AM) (Source: System Error) (User: )
Description: Hata kodu 1000008e, parameter1 c0000005, parameter2 bf812673, parameter3 b32dc280, parameter4 00000000.

Error: (10/19/2011 07:42:54 AM) (Source: System Error) (User: )
Description: Hata kodu 1000008e, parameter1 c0000005, parameter2 bf812673, parameter3 b27c7990, parameter4 00000000.

Error: (10/19/2011 07:42:33 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:38:52 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:36:13 AM) (Source: System Error) (User: )
Description: Hata kodu 1000008e, parameter1 c0000005, parameter2 bf812673, parameter3 b33d7010, parameter4 00000000.

Error: (10/19/2011 07:35:33 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:12:39 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error: (10/19/2011 07:12:30 AM) (Source: 0) (User: )
Description: 0xC0000243SrtETmpHarddiskVolume2

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

A4 TECH PC Camera H (Version: 2007.11.12)
ACR38/100/122 PC/SC Driver 1.1.2.0 (Version: 1.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9.4.6 - Turkish (Version: 9.4.6)
Advanced Registry Optimizer (Version: 6.0)
AntiLogger
AntiLogger (Version: 1.9.2.525)
Canon MP Navigator EX 1.0
Canon MP610 series
Canon Utilities Solution Menu
CCleaner (Version: 3.11)
Colin McRae Rally 2
Counter-Strike 1.6 (Version: 1.6)
Counter-Strike 1.6 Bot Paketi 1.0 (Version: 1.0)
Empire XP 5 (Version: 5.2)
ESET Online Scanner v3
GOM Player (Version: 2.1.28.5039)
Google Chrome (Version: 14.0.835.202)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.69)
Hitman Pro 3.5 (Version: 3.5.9.130)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Learning Essentials for Microsoft Office (Version: 1.1)
Malwarebytes' Anti-Malware 1.51.2.1300 sürümü (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Math (Version: 2007)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.6425.1000)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2007 (Version: 2007)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows (KB2564958) için Güvenlik Güncelleştirmesi
Mozilla Firefox 7.0.1 (x86 tr) (Version: 7.0.1)
MPEG2 Codec(libmpeg2/mad)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
MSXML4 Parser (Version: 1.0.0)
Nero 8 Micro 8.1.1.0 (Version: 8.1.1.0)
NVIDIA Denetim Masası 280.26 (Version: 280.26)
NVIDIA Güncelleştirmeleri 1.4.28 (Version: 1.4.28)
NVIDIA Grafik Sürücüsü 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA NView 135.94 (Version: 135.94)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA Update Components (Version: 1.4.28)
Presto! Mr. Photo 4 (Version: 4.00.09)
QuickTime (Version: 7.69.80.9)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.00.0000)
Safari (Version: 5.33.21.1)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Segoe UI (Version: 14.0.4327.805)
Smart Defrag 2 (Version: 2.2)
Smart Start UP (Version: 1.00.000)
SoundMAX (Version: 5.10.01.4160)
Symantec Endpoint Protection (Version: 11.0.5002.333)
System Requirements Lab
Uniblue DriverScanner (Version: 4.0.1.6)
Uniblue SystemTweaker
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.621 )
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Internet Explorer 8 için Güncelleştirme (KB2447568) (Version: 1)
Windows Internet Explorer 8 için Güncelleştirme (KB976662) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2482017) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2497640) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2510531) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2530548) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2544521) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2559049) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2586448) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB971961) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB981332) (Version: 1)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB982381) (Version: 1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Karşıya Yükleme Aracı (Version: 14.0.8014.1029)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Temel Parçalar (Version: 14.0.8117.0416)
Windows Live Temel Parçalar (Version: 14.0.8117.416)
Windows Media Format Runtime
Windows Media Player (KB2378111) için Güvenlik Güncelleştirmesi
Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi
Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi
Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi
Windows Media Player (KB975558) için Güvenlik Güncelleştirmesi
Windows Media Player (KB978695) için Güvenlik Güncelleştirmesi
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5) (Version: 12/16/2009 1.1.6.5)
Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3) (Version: 12/16/2009 1.1.6.3)
Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2) (Version: 12/15/2009 1.1.6.2)
Windows XP (KB941569) için Güvenlik Güncelleştirmesi
Windows XP için Düzeltme (KB2443685) (Version: 1)
Windows XP için Düzeltme (KB2570791) (Version: 1)
Windows XP için Düzeltme (KB932716-v2) (Version: 2)
Windows XP için Düzeltme (KB952287) (Version: 1)
Windows XP için Düzeltme (KB961118) (Version: 1)
Windows XP için Güncelleştirme (KB2141007) (Version: 1)
Windows XP için Güncelleştirme (KB2345886) (Version: 1)
Windows XP için Güncelleştirme (KB2467659) (Version: 1)
Windows XP için Güncelleştirme (KB2541763) (Version: 1)
Windows XP için Güncelleştirme (KB2607712) (Version: 1)
Windows XP için Güncelleştirme (KB2616676) (Version: 1)
Windows XP için Güncelleştirme (KB951978) (Version: 1)
Windows XP için Güncelleştirme (KB955759) (Version: 1)
Windows XP için Güncelleştirme (KB961503) (Version: 1)
Windows XP için Güncelleştirme (KB967715) (Version: 1)
Windows XP için Güncelleştirme (KB968389) (Version: 1)
Windows XP için Güncelleştirme (KB971029) (Version: 1)
Windows XP için Güncelleştirme (KB971737) (Version: 1)
Windows XP için Güncelleştirme (KB973687) (Version: 1)
Windows XP için Güncelleştirme (KB973815) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2079403) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2115168) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2121546) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2229593) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2259922) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2286198) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2296011) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2296199) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2347290) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2360937) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2387149) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2393802) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2412687) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2419632) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2423089) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2436673) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2440591) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2443105) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2476490) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2476687) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2478960) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2478971) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2479628) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2479943) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2481109) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2483185) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2485376) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2485663) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2503658) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2503665) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2506212) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2506223) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2507618) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2507938) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2508272) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2508429) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2509553) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2511455) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2524375) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2535512) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2536276-v2) (Version: 2)
Windows XP için Güvenlik Güncelleştirmesi (KB2536276) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2544893) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2555917) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2562937) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2566454) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2567053) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2567680) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2570222) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2570947) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB2592799) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB923561) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB923789)
Windows XP için Güvenlik Güncelleştirmesi (KB946648) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB950762) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB950974) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2) (Version: 2)
Windows XP için Güvenlik Güncelleştirmesi (KB951748) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB952004) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB952954) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB954459) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB956572) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB956744) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB956802) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB956803) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB956844) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB958644) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB958869) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB959426) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB960803) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB960859) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB961501) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB969059) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB970430) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB971657) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB972270) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB973507) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB973869) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB973904) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB974112) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB974318) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB974392) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB974571) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB975025) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB975467) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB975560) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB975562) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB975713) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB977816) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB977914) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB978037) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB978338) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB978542) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB978601) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB978706) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB979309) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB979482) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB979687) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB980195) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB980232) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB980436) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB981322) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB981852) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB981997) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB982132) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB982214) (Version: 1)
Windows XP için Güvenlik Güncelleştirmesi (KB982665) (Version: 1)
WinRAR archiver
Your Uninstaller! 7 (Version: 7.3.2011.2)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2047.11 MB
Available physical RAM: 1348.85 MB
Total Pagefile: 3433.21 MB
Available Pagefile: 2872.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.4 MB

========================= Partitions: =====================================

2 Drive c: (Yeni Birim) (Fixed) (Total:98.27 GB) (Free:20.7 GB) NTFS
3 Drive d: () (Fixed) (Total:50.77 GB) (Free:26.22 GB) NTFS

========================= Users: ========================================

\\FATIH Kullanc Hesaplar

Administrator Guest HelpAssistant
Mithat SUPPORT_388945a0 UpdatusUser
Komut baŸaryla tamamland.

**** End of log ****

#4 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 20 October 2011 - 06:08 PM

You're not following my instructions.

Do NOT create new topic. Always continue in your original topic.
This time I merged your both topics.

Then I asked you to follow steps from here: http://www.smartestc...ease-read-this/
You posted different logs.

=========================================================

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

#5 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 21 October 2011 - 04:46 AM

I think I did right this time ...thanks..

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Veritabanı sürümü: 7988

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2011 23:26:18
mbam-log-2011-10-20 (23-26-18).txt

Tarama kipi: Hızlı tarama
Taranmış öğeler: 203324
Geçen süre: 3 dakika, 2 saniye

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 1
Etkilenmiş Veri Öğeleri: 3
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Hafıza Modülleri:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Anahtarları:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Kayıt Değerleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.

Etkilenmiş Veri Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Etkilenmiş Klasörler:
(Zararlı öğe tespit edilmedi)

Etkilenmiş Dosyalar:
(Zararlı öğe tespit edilmedi)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-20 20:00:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 SAMSUNG_HD160JJ rev.ZM100-47
Running: o3two9nu.exe; Driver: D:\DOCUME~1\Mithat\LOCALS~1\Temp\fxtdypod.sys

---- System - GMER 1.0.15 ----

SSDT 8A4EA848 ZwAlertResumeThread
SSDT 8A4EA528 ZwAlertThread
SSDT 89AEC138 ZwAllocateVirtualMemory
SSDT 8A5AE0D8 ZwConnectPort
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateFile [0xB3FE8F9E]
SSDT \??\D:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4289130]
SSDT 8A36B490 ZwCreateMutant
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateSymbolicLinkObject [0xB3FE945A]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateThread [0xB3FE87A4]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteKey [0xB3FE8D8C]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteValueKey [0xB3FE8C5E]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeviceIoControlFile [0xB3FE94F8]
SSDT 8A39F220 ZwFreeVirtualMemory
SSDT 8A4ECD90 ZwImpersonateAnonymousToken
SSDT 8A4EC0F0 ZwImpersonateThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwLoadDriver [0xB3FE85DA]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwMapViewOfSection [0xB3FE837C]
SSDT 8A40A600 ZwOpenEvent
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenFile [0xB3FE9284]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenKey [0xB3FE8F58]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenProcess [0xB3FE88C6]
SSDT 8A39E5D0 ZwOpenProcessToken
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenSection [0xB3FE8A2C]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenThread [0xB3FE8976]
SSDT 8A3DBC38 ZwOpenThreadToken
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwProtectVirtualMemory [0xB3FE941A]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwQueueApcThread [0xB3FE8854]
SSDT 8A3DBD58 ZwResumeThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSecureConnectPort [0xB3FE93B2]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetContextThread [0xB3FE830E]
SSDT 8A5039F8 ZwSetInformationProcess
SSDT 89AC8168 ZwSetInformationThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetSystemInformation [0xB3FE8736]
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetValueKey [0xB3FE8E58]
SSDT 8A3E1FD0 ZwSuspendProcess
SSDT 8A4C0F08 ZwSuspendThread
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwTerminateProcess [0xB3FE8B44]
SSDT 8A5D5ED0 ZwTerminateThread
SSDT 8A39E038 ZwUnmapViewOfSection
SSDT \??\D:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwWriteVirtualMemory [0xB3FE8240]

---- Kernel code sections - GMER 1.0.15 ----

.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73C43A0, 0x8A1A15, 0xE8000020]
init D:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB495AA80]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-21 07:29:37
-----------------------------
07:29:37.203 OS Version: Windows 5.1.2600 Service Pack 3
07:29:37.203 Number of processors: 2 586 0x605
07:29:37.203 ComputerName: FATIH UserName:
07:29:37.796 Initialize success
07:29:57.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
07:29:57.265 Disk 0 Vendor: SAMSUNG_HD160JJ ZM100-47 Size: 152627MB BusType: 3
07:29:59.281 Disk 0 MBR read successfully
07:29:59.281 Disk 0 MBR scan
07:29:59.281 Disk 0 Windows XP default MBR code
07:29:59.281 Disk 0 scanning sectors +312578048
07:29:59.343 Disk 0 scanning D:\WINDOWS\system32\drivers
07:30:04.375 Service scanning
07:30:04.859 Service SysPlant D:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
07:30:04.859 Service Teefer2 D:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
07:30:04.875 Service WPS D:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
07:30:04.875 Service WpsHelper D:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
07:30:05.375 Modules scanning
07:30:09.703 Disk 0 trace - called modules:
07:30:09.718 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
07:30:09.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5edab8]
07:30:09.718 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a5e5b00]
07:30:09.718 Scan finished successfully
07:30:26.828 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Mithat\Desktop\Results\MBR.dat"
07:30:26.843 The log file has been saved successfully to "D:\Documents and Settings\Mithat\Desktop\Results\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Mithat at 7:30:57 on 2011-10-21
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1442 [GMT 3:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\AntiLogger\AntiLogger.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Oturum Açma Yardım Aracı: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - d:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - d:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AntiLogger] "d:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "d:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "d:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [CanonSolutionMenu] d:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Smart Start UP] d:\program files\newsoft\smart start up\PnPDetect.exe /Automation
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [VMSnap3] d:\windows\VMSnap3.EXE
mRun: [SoundMax] "d:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [DivX Download Manager] "d:\program files\divx\divx plus web player\DDmService.exe" start
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Microsoft Excel'e &Ver - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - d:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{05D9A9C3-6211-41C6-9E4A-3C3BA57FD11C} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: TPSvc - TPSvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\mithat\application data\mozilla\firefox\profiles\t30isd63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&ilc=12&vl=lang_tr&type=642886&p=
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;d:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-17 14776]
R1 AntiLog32;AntiLog32;d:\program files\antilogger\AntiLog32.sys [2011-9-26 122072]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-6 108392]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\ccSvcHst.exe [2009-10-6 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;d:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-6 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-19 105592]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20111019.033\NAVENG.SYS [2011-10-20 86136]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20111019.033\NAVEX15.SYS [2011-10-20 1576312]
R3 vmfilter303;vmfilter303;d:\windows\system32\drivers\vmfilter303.sys [2011-1-14 428160]
S0 is3srv;is3srv;d:\windows\system32\drivers\is3srv.sys --> d:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;d:\windows\system32\drivers\szkg.sys --> d:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;d:\windows\system32\drivers\szkgfs.sys --> d:\windows\system32\drivers\szkgfs.sys [?]
S1 MpKsl19a41094;MpKsl19a41094;\??\d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{602d7e2e-bec3-4126-88e2-7ba82b68ea67}\mpksl19a41094.sys --> d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{602d7e2e-bec3-4126-88e2-7ba82b68ea67}\MpKsl19a41094.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-1-13 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-16 2255464]
S3 A38CCID;CCID USB Smart Card Reader;d:\windows\system32\drivers\a38ccid.sys [2011-2-1 38016]
S3 COH_Mon;COH_Mon;d:\windows\system32\drivers\COH_Mon.sys [2009-10-6 23888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\d:\program files\lavalys\everest ultimate edition\kerneld.wnt --> d:\program files\lavalys\everest ultimate edition\kerneld.wnt [?]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-1-13 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;d:\windows\system32\drivers\hitmanpro35.sys [2011-6-7 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-20 17:01:54 512960 ----a-w- d:\windows\system32\PerfStringBackup.TMP
2011-10-20 11:52:51 -------- d-----w- d:\documents and settings\mithat\application data\TrojanHunter
2011-10-19 21:31:06 -------- d-----w- d:\program files\TrojanHunter 5.5
2011-10-19 17:39:31 222080 ------w- d:\windows\system32\MpSigStub.exe
2011-10-19 17:33:39 -------- d-----w- d:\program files\Microsoft Security Client
2011-10-19 17:19:04 -------- d-----w- d:\documents and settings\all users\application data\Microsoft Forefront
2011-10-19 17:18:08 -------- d-----w- d:\program files\System Center Management Packs
2011-10-19 15:42:58 -------- d-----w- d:\documents and settings\mithat\local settings\application data\SolarWinds
2011-10-19 15:42:10 -------- d-----w- d:\program files\SolarWinds
2011-10-19 04:23:03 -------- d-----w- d:\documents and settings\mithat\application data\Malwarebytes
2011-10-19 04:22:58 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2011-10-18 22:10:52 -------- d-----w- D:\Fdawn
2011-10-18 21:34:14 -------- d-----w- d:\documents and settings\mithat\local settings\application data\ESET
2011-10-18 21:34:14 -------- d-----w- d:\documents and settings\mithat\application data\ESET
2011-10-18 21:04:13 167936 ----a-w- d:\windows\system32\drivers\wpshelper.sys
2011-10-18 21:02:53 92488 ----a-w- d:\windows\system32\drivers\SysPlant.sys
2011-10-18 21:02:19 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2011-10-18 21:02:19 124976 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 20:06:57 -------- d-----w- d:\program files\ESET
2011-10-18 19:48:07 62976 -c----w- d:\windows\system32\dllcache\cdrom.sys
2011-10-18 19:48:06 465920 -c----w- d:\windows\system32\dllcache\imapi2fs.dll
2011-10-18 19:48:06 465920 ------w- d:\windows\system32\imapi2fs.dll
2011-10-18 19:48:06 317440 -c----w- d:\windows\system32\dllcache\imapi2.dll
2011-10-18 19:48:06 317440 ------w- d:\windows\system32\imapi2.dll
2011-10-18 17:34:42 -------- d-----w- D:\cc0e18cec9414563afdd6aeb06
2011-10-18 17:34:02 -------- d-----w- d:\windows\system32\CatRoot_bak
2011-10-18 17:33:33 -------- d-----w- D:\fe814a6a3bdafe5c8a38b8f8124851
2011-10-18 14:07:58 -------- d-----w- d:\documents and settings\all users\application data\Panda Security
2011-10-18 14:07:57 -------- d-----w- d:\program files\Panda Security
2011-10-17 21:54:56 -------- d-----w- d:\program files\AVAST Software
2011-10-17 21:54:56 -------- d-----w- d:\documents and settings\all users\application data\AVAST Software
2011-10-17 21:32:24 -------- d-----w- D:\5e6283f078e8d8df3342ad1c471e5a
2011-10-17 16:57:02 -------- d-----w- d:\documents and settings\mithat\application data\IObit
2011-10-17 16:30:50 -------- d--h--w- d:\windows\system32\GroupPolicy
2011-10-17 14:53:04 25944 ----a-w- d:\windows\system32\SmartDefragBootTime.exe
2011-10-17 14:53:04 14776 ----a-w- d:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-16 18:45:16 4962 ----a-r- d:\windows\system32\drivers\AsIO.sys
2011-10-16 18:45:16 24576 ----a-r- d:\windows\system32\AsIO.dll
2011-10-16 18:44:59 -------- d-----w- d:\program files\ASUS
2011-10-16 18:26:47 53248 ------w- d:\windows\system32\wdmioctl.dll
2011-10-16 18:26:47 1285632 ------w- d:\windows\system32\SMMedia.dll
2011-10-16 18:26:45 49152 ----a-w- d:\windows\system32\DSndUp.exe
2011-10-16 18:26:17 69715 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-10-16 18:26:17 5632 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-10-16 18:26:17 266240 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-10-16 18:26:17 172032 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-10-16 18:26:16 733184 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-10-16 18:26:16 180356 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-10-16 18:26:15 303236 ----a-w- d:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-10-16 16:22:57 -------- d-----w- d:\documents and settings\all users\application data\NVIDIA Corporation
2011-10-16 16:22:32 146024 ----a-w- d:\windows\system32\nvsvc32.exe
2011-10-16 16:22:32 145000 ----a-w- d:\windows\system32\nvcolor.exe
2011-10-16 16:22:31 13892200 ----a-w- d:\windows\system32\nvcpl.dll
2011-10-16 16:22:31 111208 ----a-w- d:\windows\system32\nvmctray.dll
2011-10-16 16:22:19 600680 ----a-w- d:\windows\system32\easyupdatusapiu.dll
2011-10-16 16:22:19 54272 ----a-w- d:\windows\system32\nvwddi.dll
2011-10-16 16:21:07 280276 ----a-w- d:\windows\system32\nvdrsdb1.bin
2011-10-16 16:21:07 280276 ----a-w- d:\windows\system32\nvdrsdb0.bin
2011-10-16 16:21:07 1 ----a-w- d:\windows\system32\nvdrssel.bin
2011-10-16 16:12:34 393088 ----a-w- d:\windows\system32\drivers\senfilt.sys
2011-10-16 16:12:34 23552 ----a-w- d:\windows\system32\PostProc.dll
2011-10-16 16:12:33 92800 ----a-w- d:\windows\system32\drivers\aeaudio.sys
2011-10-16 16:12:33 765952 ----a-w- d:\windows\system\crlds3d.dll
2011-10-16 16:12:33 151552 ----a-w- d:\windows\system32\drivers\ADIHdAud.sys
2011-10-16 14:09:03 875112 ----a-w- d:\windows\system32\nvgenco32.dll
2011-10-16 14:09:02 914024 ----a-w- d:\windows\system32\nvdispco32.dll
2011-10-15 09:55:35 5810 ----a-w- d:\windows\system32\drivers\ASACPI.sys
2011-10-15 09:40:02 96512 ----a-w- d:\windows\system32\drivers\system32\drivers\atapi.sys
2011-10-15 09:40:02 74240 ----a-w- d:\windows\system32\drivers\system32\usbui.dll
2011-10-15 09:40:02 68480 ----a-w- d:\windows\system32\drivers\system32\drivers\pci.sys
2011-10-15 09:40:02 59520 ----a-w- d:\windows\system32\drivers\system32\drivers\usbhub.sys
2011-10-15 09:40:02 37376 ----a-w- d:\windows\system32\drivers\system32\drivers\isapnp.sys
2011-10-15 09:40:02 3328 ----a-w- d:\windows\system32\drivers\system32\drivers\pciide.sys
2011-10-15 09:40:02 24960 ----a-w- d:\windows\system32\drivers\system32\drivers\pciidex.sys
2011-10-15 09:40:02 20608 ----a-w- d:\windows\system32\drivers\system32\drivers\usbuhci.sys
2011-10-15 09:40:02 143872 ----a-w- d:\windows\system32\drivers\system32\drivers\usbport.sys
2011-10-15 09:40:02 -------- d-----w- d:\windows\system32\drivers\system32\DRIVERS
2011-10-15 09:40:02 -------- d-----w- d:\windows\system32\drivers\system32
2011-09-26 19:12:00 -------- dc-h--w- d:\documents and settings\all users\application data\{37D03AD2-1C4A-4C63-AAEE-7DDE8535DD3C}
.
==================== Find3M ====================
.
2011-10-17 22:24:11 23624 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2011-10-12 12:21:28 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 08:41:38 612352 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 08:41:38 20992 ----a-w- d:\windows\system32\oleaccrc.dll
2011-09-26 08:41:20 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-09 09:11:58 600064 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 14:09:54 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-08-24 17:39:38 323816 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2011-08-22 23:40:31 916480 ----a-w- d:\windows\system32\wininet.dll
2011-08-22 23:40:29 43520 ------w- d:\windows\system32\licmgr10.dll
2011-08-22 23:40:29 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-08-22 11:58:29 385024 ------w- d:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- d:\windows\system32\drivers\afd.sys
2011-08-03 11:49:00 61440 ----a-w- d:\windows\system32\OpenCL.dll
2011-08-03 11:49:00 5427200 ----a-w- d:\windows\system32\nvcuda.dll
2011-08-03 11:49:00 4210816 ----a-w- d:\windows\system32\nv4_disp.dll
2011-08-03 11:49:00 2404864 ----a-w- d:\windows\system32\nvapi.dll
2011-08-03 11:49:00 2387560 ----a-w- d:\windows\system32\nvcuvid.dll
2011-08-03 11:49:00 2090088 ----a-w- d:\windows\system32\nvcuvenc.dll
2011-08-03 11:49:00 17186816 ----a-w- d:\windows\system32\nvcompiler.dll
2011-08-03 11:49:00 16191488 ----a-w- d:\windows\system32\nvoglnt.dll
2011-08-03 11:49:00 12542592 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2011-07-25 11:44:24 15872 ----a-w- d:\windows\system32\drivers\HpqKbFiltr.sys
2011-07-25 11:44:24 1419232 ----a-w- d:\windows\system32\drivers\wdfcoinstaller01005.dll
.
============= FINISH: 7:31:38.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2011 15:54:37
System Uptime: 10/21/2011 07:25:56 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5LD2-SE
Processor: Intel® Pentium® D CPU 3.20GHz | LGA 775 | 3211/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 19.272 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 31.181 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 10/20/2011 15:34:23 - Sistem Denetleme Noktası
RP5: 10/20/2011 19:21:37 - Advanced Registry Optimizer 2010 Thu, Oct 20, 11 19:21
RP6: 10/20/2011 20:01:02 - Software Distribution Service 3.0
RP7: 10/20/2011 20:02:49 - Installed Java™ 6 Update 29
RP8: 10/20/2011 20:25:29 - Removed Apple Application Support
.
==== Installed Programs ======================
.
A4 TECH PC Camera H
ACR38/100/122 PC/SC Driver 1.1.2.0
Adobe Reader 9.4.4 - Turkish
Advanced Registry Optimizer
AntiLogger
Canon MP Navigator EX 1.0
Canon MP610 series
Canon Utilities Solution Menu
CCleaner
Colin McRae Rally 2
Counter-Strike 1.6
Counter-Strike 1.6 Bot Paketi 1.0
Counter Strike 1.8
Empire XP 5
ESET Online Scanner v3
FEP2010 Security MP
GOM Player
Google Chrome
Google Earth
Google Update Helper
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Java Auto Updater
Java™ 6 Update 24
Learning Essentials for Microsoft Office
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Math
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Turkish) 2007
Microsoft Office InfoPath MUI (Turkish) 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft Software Update for Web Folders (Turkish) 12
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows (KB2564958) için Güvenlik Güncelleştirmesi
Mozilla Firefox (3.6.16)
Mozilla Firefox 7.0.1 (x86 tr)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MSXML4 Parser
Nero 8 Micro 8.1.1.0
NVIDIA Denetim Masası 260.99
NVIDIA Güncelleştirmeleri 1.4.28
NVIDIA Grafik Sürücüsü 260.99
NVIDIA Install Application
NVIDIA NView 135.36
NVIDIA nView Desktop Manager
NVIDIA Update Components
Playchess
Presto! Mr. Photo 4
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Safari
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Smart Defrag 2
Smart Start UP
SolarWinds VM Console
SoundMAX
STOPzilla
Symantec Endpoint Protection
System Requirements Lab
Uniblue DriverScanner
Uniblue SystemTweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Winamp
Winamp Algılayıcı
Windows 7 Yükseltme Danışmanı
Windows Internet Explorer 8
Windows Internet Explorer 8 için Güncelleştirme (KB2447568)
Windows Internet Explorer 8 için Güncelleştirme (KB976662)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2482017)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2497640)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2510531)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2530548)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2544521)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2559049)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2586448)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB971961)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB981332)
Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB982381)
Windows Live Call
Windows Live Communications Platform
Windows Live Karşıya Yükleme Aracı
Windows Live Messenger
Windows Live Oturum Açma Yardımcısı
Windows Live Temel Parçalar
Windows Media Format Runtime
Windows Media Player (KB2378111) için Güvenlik Güncelleştirmesi
Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi
Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi
Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi
Windows Media Player (KB975558) için Güvenlik Güncelleştirmesi
Windows Media Player (KB978695) için Güvenlik Güncelleştirmesi
Windows Media Player Firefox Plugin
Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
Windows XP (KB941569) için Güvenlik Güncelleştirmesi
Windows XP için Düzeltme (KB2443685)
Windows XP için Düzeltme (KB2570791)
Windows XP için Düzeltme (KB932716-v2)
Windows XP için Düzeltme (KB952287)
Windows XP için Düzeltme (KB961118)
Windows XP için Güncelleştirme (KB2141007)
Windows XP için Güncelleştirme (KB2345886)
Windows XP için Güncelleştirme (KB2467659)
Windows XP için Güncelleştirme (KB2541763)
Windows XP için Güncelleştirme (KB2607712)
Windows XP için Güncelleştirme (KB2616676)
Windows XP için Güncelleştirme (KB951978)
Windows XP için Güncelleştirme (KB955759)
Windows XP için Güncelleştirme (KB961503)
Windows XP için Güncelleştirme (KB967715)
Windows XP için Güncelleştirme (KB968389)
Windows XP için Güncelleştirme (KB971029)
Windows XP için Güncelleştirme (KB971737)
Windows XP için Güncelleştirme (KB973687)
Windows XP için Güncelleştirme (KB973815)
Windows XP için Güvenlik Güncelleştirmesi (KB2079403)
Windows XP için Güvenlik Güncelleştirmesi (KB2115168)
Windows XP için Güvenlik Güncelleştirmesi (KB2121546)
Windows XP için Güvenlik Güncelleştirmesi (KB2229593)
Windows XP için Güvenlik Güncelleştirmesi (KB2259922)
Windows XP için Güvenlik Güncelleştirmesi (KB2286198)
Windows XP için Güvenlik Güncelleştirmesi (KB2296011)
Windows XP için Güvenlik Güncelleştirmesi (KB2296199)
Windows XP için Güvenlik Güncelleştirmesi (KB2347290)
Windows XP için Güvenlik Güncelleştirmesi (KB2360937)
Windows XP için Güvenlik Güncelleştirmesi (KB2387149)
Windows XP için Güvenlik Güncelleştirmesi (KB2393802)
Windows XP için Güvenlik Güncelleştirmesi (KB2412687)
Windows XP için Güvenlik Güncelleştirmesi (KB2419632)
Windows XP için Güvenlik Güncelleştirmesi (KB2423089)
Windows XP için Güvenlik Güncelleştirmesi (KB2436673)
Windows XP için Güvenlik Güncelleştirmesi (KB2440591)
Windows XP için Güvenlik Güncelleştirmesi (KB2443105)
Windows XP için Güvenlik Güncelleştirmesi (KB2476490)
Windows XP için Güvenlik Güncelleştirmesi (KB2476687)
Windows XP için Güvenlik Güncelleştirmesi (KB2478960)
Windows XP için Güvenlik Güncelleştirmesi (KB2478971)
Windows XP için Güvenlik Güncelleştirmesi (KB2479628)
Windows XP için Güvenlik Güncelleştirmesi (KB2479943)
Windows XP için Güvenlik Güncelleştirmesi (KB2481109)
Windows XP için Güvenlik Güncelleştirmesi (KB2483185)
Windows XP için Güvenlik Güncelleştirmesi (KB2485376)
Windows XP için Güvenlik Güncelleştirmesi (KB2485663)
Windows XP için Güvenlik Güncelleştirmesi (KB2503658)
Windows XP için Güvenlik Güncelleştirmesi (KB2503665)
Windows XP için Güvenlik Güncelleştirmesi (KB2506212)
Windows XP için Güvenlik Güncelleştirmesi (KB2506223)
Windows XP için Güvenlik Güncelleştirmesi (KB2507618)
Windows XP için Güvenlik Güncelleştirmesi (KB2507938)
Windows XP için Güvenlik Güncelleştirmesi (KB2508272)
Windows XP için Güvenlik Güncelleştirmesi (KB2508429)
Windows XP için Güvenlik Güncelleştirmesi (KB2509553)
Windows XP için Güvenlik Güncelleştirmesi (KB2511455)
Windows XP için Güvenlik Güncelleştirmesi (KB2524375)
Windows XP için Güvenlik Güncelleştirmesi (KB2535512)
Windows XP için Güvenlik Güncelleştirmesi (KB2536276-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB2536276)
Windows XP için Güvenlik Güncelleştirmesi (KB2544893)
Windows XP için Güvenlik Güncelleştirmesi (KB2555917)
Windows XP için Güvenlik Güncelleştirmesi (KB2562937)
Windows XP için Güvenlik Güncelleştirmesi (KB2566454)
Windows XP için Güvenlik Güncelleştirmesi (KB2567053)
Windows XP için Güvenlik Güncelleştirmesi (KB2567680)
Windows XP için Güvenlik Güncelleştirmesi (KB2570222)
Windows XP için Güvenlik Güncelleştirmesi (KB2570947)
Windows XP için Güvenlik Güncelleştirmesi (KB2592799)
Windows XP için Güvenlik Güncelleştirmesi (KB923561)
Windows XP için Güvenlik Güncelleştirmesi (KB923789)
Windows XP için Güvenlik Güncelleştirmesi (KB946648)
Windows XP için Güvenlik Güncelleştirmesi (KB950762)
Windows XP için Güvenlik Güncelleştirmesi (KB950974)
Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)
Windows XP için Güvenlik Güncelleştirmesi (KB951748)
Windows XP için Güvenlik Güncelleştirmesi (KB952004)
Windows XP için Güvenlik Güncelleştirmesi (KB952954)
Windows XP için Güvenlik Güncelleştirmesi (KB954459)
Windows XP için Güvenlik Güncelleştirmesi (KB956572)
Windows XP için Güvenlik Güncelleştirmesi (KB956744)
Windows XP için Güvenlik Güncelleştirmesi (KB956802)
Windows XP için Güvenlik Güncelleştirmesi (KB956803)
Windows XP için Güvenlik Güncelleştirmesi (KB956844)
Windows XP için Güvenlik Güncelleştirmesi (KB958644)
Windows XP için Güvenlik Güncelleştirmesi (KB958869)
Windows XP için Güvenlik Güncelleştirmesi (KB959426)
Windows XP için Güvenlik Güncelleştirmesi (KB960803)
Windows XP için Güvenlik Güncelleştirmesi (KB960859)
Windows XP için Güvenlik Güncelleştirmesi (KB961501)
Windows XP için Güvenlik Güncelleştirmesi (KB969059)
Windows XP için Güvenlik Güncelleştirmesi (KB970430)
Windows XP için Güvenlik Güncelleştirmesi (KB971657)
Windows XP için Güvenlik Güncelleştirmesi (KB972270)
Windows XP için Güvenlik Güncelleştirmesi (KB973507)
Windows XP için Güvenlik Güncelleştirmesi (KB973869)
Windows XP için Güvenlik Güncelleştirmesi (KB973904)
Windows XP için Güvenlik Güncelleştirmesi (KB974112)
Windows XP için Güvenlik Güncelleştirmesi (KB974318)
Windows XP için Güvenlik Güncelleştirmesi (KB974392)
Windows XP için Güvenlik Güncelleştirmesi (KB974571)
Windows XP için Güvenlik Güncelleştirmesi (KB975025)
Windows XP için Güvenlik Güncelleştirmesi (KB975467)
Windows XP için Güvenlik Güncelleştirmesi (KB975560)
Windows XP için Güvenlik Güncelleştirmesi (KB975562)
Windows XP için Güvenlik Güncelleştirmesi (KB975713)
Windows XP için Güvenlik Güncelleştirmesi (KB977816)
Windows XP için Güvenlik Güncelleştirmesi (KB977914)
Windows XP için Güvenlik Güncelleştirmesi (KB978037)
Windows XP için Güvenlik Güncelleştirmesi (KB978338)
Windows XP için Güvenlik Güncelleştirmesi (KB978542)
Windows XP için Güvenlik Güncelleştirmesi (KB978601)
Windows XP için Güvenlik Güncelleştirmesi (KB978706)
Windows XP için Güvenlik Güncelleştirmesi (KB979309)
Windows XP için Güvenlik Güncelleştirmesi (KB979482)
Windows XP için Güvenlik Güncelleştirmesi (KB979687)
Windows XP için Güvenlik Güncelleştirmesi (KB980195)
Windows XP için Güvenlik Güncelleştirmesi (KB980232)
Windows XP için Güvenlik Güncelleştirmesi (KB980436)
Windows XP için Güvenlik Güncelleştirmesi (KB981322)
Windows XP için Güvenlik Güncelleştirmesi (KB981852)
Windows XP için Güvenlik Güncelleştirmesi (KB981997)
Windows XP için Güvenlik Güncelleştirmesi (KB982132)
Windows XP için Güvenlik Güncelleştirmesi (KB982214)
Windows XP için Güvenlik Güncelleştirmesi (KB982665)
WinRAR archiver
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 18:49:22, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/18/2011 16:56:38, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/18/2011 16:23:23, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/18/2011 15:57:09, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/16/2011 22:18:27, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/16/2011 22:10:39, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
10/16/2011 16:40:59, Bilgi: Windows File Protection [64002] - d:\windows\system32\1055\dwintl.dll korumalı sistem dosyasında dosya değişimi denendi. Sistem kararlılığını korumak için bu dosyanın özgün sürümü geri yüklendi. Sistem dosyasının sürümü: 10.0.2627.0.
.
==== End Of File ===========================

#6 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 21 October 2011 - 04:52 AM

One more time....
Please always continue in the very same topic you already created.
Do NOT create new topics!
I merged both topics again.

====================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#7 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 21 October 2011 - 04:11 PM

Hi Broni..I used the Combofix and below is the log file..How can I unistall the Combofix or should I do that?

ComboFix 11-10-21.01 - Mithat 10/21/2011 17:56:46.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1469 [GMT 3:00]
Running from: d:\documents and settings\Mithat\Desktop\ComboFix.exe
Command switches used :: \uninstall
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 14:32 . 2011-10-21 14:32 -------- dc----w- d:\documents and settings\All Users\Application Data\{74C839EA-2796-4223-8C11-81A29F465536}
2011-10-20 17:01 . 2011-10-20 17:01 512960 ----a-w- d:\windows\system32\PerfStringBackup.TMP
2011-10-20 11:52 . 2011-10-20 11:52 -------- d-----w- d:\documents and settings\Mithat\Application Data\TrojanHunter
2011-10-19 21:31 . 2011-10-20 19:31 -------- d-----w- d:\program files\TrojanHunter 5.5
2011-10-19 17:49 . 2011-10-19 17:49 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-10-19 17:39 . 2011-05-24 16:14 222080 ------w- d:\windows\system32\MpSigStub.exe
2011-10-19 17:33 . 2011-10-19 21:17 -------- d-----w- d:\program files\Microsoft Security Client
2011-10-19 17:19 . 2011-10-19 17:19 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Forefront
2011-10-19 17:18 . 2011-10-19 17:18 -------- d-----w- d:\program files\System Center Management Packs
2011-10-19 15:42 . 2011-10-19 15:42 -------- d-----w- d:\documents and settings\Mithat\Local Settings\Application Data\SolarWinds
2011-10-19 15:42 . 2011-10-19 15:42 -------- d-----w- d:\program files\SolarWinds
2011-10-19 04:23 . 2011-10-19 04:23 -------- d-----w- d:\documents and settings\Mithat\Application Data\Malwarebytes
2011-10-19 04:22 . 2011-10-19 04:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-18 22:10 . 2011-10-18 22:20 -------- d-----w- D:\Fdawn
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\Mithat\Local Settings\Application Data\ESET
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\Mithat\Application Data\ESET
2011-10-18 21:34 . 2011-10-18 21:34 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-10-18 21:04 . 2010-09-10 19:32 167936 ----a-w- d:\windows\system32\drivers\wpshelper.sys
2011-10-18 21:02 . 2009-10-06 10:32 92488 ----a-w- d:\windows\system32\drivers\SysPlant.sys
2011-10-18 21:02 . 2011-10-18 21:02 60808 ----a-w- d:\windows\system32\S32EVNT1.DLL
2011-10-18 21:02 . 2011-10-18 21:02 124976 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2011-10-18 20:06 . 2011-10-18 21:33 -------- d-----w- d:\program files\ESET
2011-10-18 19:48 . 2008-05-02 10:49 62976 -c----w- d:\windows\system32\dllcache\cdrom.sys
2011-10-18 19:48 . 2008-05-02 13:26 465920 -c----w- d:\windows\system32\dllcache\imapi2fs.dll
2011-10-18 19:48 . 2008-05-02 13:26 465920 ------w- d:\windows\system32\imapi2fs.dll
2011-10-18 19:48 . 2008-05-02 13:26 317440 -c----w- d:\windows\system32\dllcache\imapi2.dll
2011-10-18 19:48 . 2008-05-02 13:26 317440 ------w- d:\windows\system32\imapi2.dll
2011-10-18 17:34 . 2011-10-18 17:35 -------- d-----w- D:\cc0e18cec9414563afdd6aeb06
2011-10-18 17:34 . 2011-10-18 17:34 -------- d-----w- d:\windows\system32\CatRoot_bak
2011-10-18 17:33 . 2011-10-18 17:34 -------- d-----w- D:\fe814a6a3bdafe5c8a38b8f8124851
2011-10-18 14:07 . 2011-10-18 15:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Panda Security
2011-10-18 14:07 . 2011-10-18 15:11 -------- d-----w- d:\program files\Panda Security
2011-10-17 21:54 . 2011-10-18 12:33 -------- d-----w- d:\program files\AVAST Software
2011-10-17 21:54 . 2011-10-17 22:21 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- D:\5e6283f078e8d8df3342ad1c471e5a
2011-10-17 16:57 . 2011-10-17 20:42 -------- d-----w- d:\documents and settings\Mithat\Application Data\IObit
2011-10-17 16:30 . 2011-10-17 16:30 -------- d--h--w- d:\windows\system32\GroupPolicy
2011-10-17 14:53 . 2011-08-19 13:33 25944 ----a-w- d:\windows\system32\SmartDefragBootTime.exe
2011-10-17 14:53 . 2010-11-26 15:02 14776 ----a-w- d:\windows\system32\drivers\SmartDefragDriver.sys
2011-10-16 18:45 . 2005-01-28 13:44 24576 ----a-r- d:\windows\system32\AsIO.dll
2011-10-16 18:45 . 2004-10-14 14:52 4962 ----a-r- d:\windows\system32\drivers\AsIO.sys
2011-10-16 18:44 . 2011-10-19 04:39 -------- d-----w- d:\program files\ASUS
2011-10-16 18:26 . 2005-05-04 06:20 53248 ------w- d:\windows\system32\wdmioctl.dll
2011-10-16 18:26 . 2001-09-11 12:20 1285632 ------w- d:\windows\system32\SMMedia.dll
2011-10-16 18:26 . 2004-12-08 14:16 49152 ----a-w- d:\windows\system32\DSndUp.exe
2011-10-16 18:26 . 2004-04-18 20:40 69715 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-10-16 18:26 . 2004-04-18 20:39 266240 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-10-16 18:26 . 2004-04-18 20:39 172032 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-10-16 18:26 . 2004-04-18 20:39 5632 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-10-16 18:26 . 2011-10-16 18:26 180356 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-10-16 18:26 . 2004-04-18 20:42 733184 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-10-16 18:26 . 2011-10-16 18:26 303236 ----a-w- d:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-10-16 16:22 . 2011-10-16 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-10-16 16:22 . 2011-10-18 14:31 -------- d-----w- d:\documents and settings\UpdatusUser
2011-10-16 16:22 . 2011-08-03 11:49 146024 ----a-w- d:\windows\system32\nvsvc32.exe
2011-10-16 16:22 . 2011-08-03 11:49 145000 ----a-w- d:\windows\system32\nvcolor.exe
2011-10-16 16:22 . 2011-08-03 11:49 13892200 ----a-w- d:\windows\system32\nvcpl.dll
2011-10-16 16:22 . 2011-08-03 11:49 111208 ----a-w- d:\windows\system32\nvmctray.dll
2011-10-16 16:22 . 2011-08-03 11:49 600680 ----a-w- d:\windows\system32\easyupdatusapiu.dll
2011-10-16 16:22 . 2011-08-03 11:49 54272 ----a-w- d:\windows\system32\nvwddi.dll
2011-10-16 16:21 . 2011-10-16 16:27 280276 ----a-w- d:\windows\system32\nvdrsdb0.bin
2011-10-16 16:21 . 2011-10-16 16:27 1 ----a-w- d:\windows\system32\nvdrssel.bin
2011-10-16 16:21 . 2011-10-16 16:27 280276 ----a-w- d:\windows\system32\nvdrsdb1.bin
2011-10-16 16:12 . 2005-06-20 13:00 23552 ----a-w- d:\windows\system32\PostProc.dll
2011-10-16 16:12 . 2005-06-07 13:00 393088 ----a-w- d:\windows\system32\drivers\senfilt.sys
2011-10-16 16:12 . 2006-07-04 21:01 151552 ----a-w- d:\windows\system32\drivers\ADIHdAud.sys
2011-10-16 16:12 . 2005-12-19 13:00 92800 ----a-w- d:\windows\system32\drivers\aeaudio.sys
2011-10-16 16:12 . 2001-09-17 13:00 765952 ----a-w- d:\windows\system\crlds3d.dll
2011-10-16 14:09 . 2011-08-03 11:49 875112 ----a-w- d:\windows\system32\nvgenco32.dll
2011-10-16 14:09 . 2011-08-03 11:49 914024 ----a-w- d:\windows\system32\nvdispco32.dll
2011-10-16 13:46 . 2011-10-16 16:22 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA
2011-10-15 09:55 . 2004-08-13 15:56 5810 ----a-w- d:\windows\system32\drivers\ASACPI.sys
2011-10-15 09:40 . 2011-10-15 09:40 -------- d-----w- d:\windows\system32\drivers\system32
2011-10-14 12:31 . 2011-10-14 12:38 -------- d-----w- d:\documents and settings\Guest\Application Data\Winamp
2011-09-26 19:12 . 2011-09-26 19:12 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{37D03AD2-1C4A-4C63-AAEE-7DDE8535DD3C}
2011-09-26 11:48 . 2011-09-26 11:48 -------- d-sh--w- d:\documents and settings\Guest\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 22:24 . 2011-06-07 14:03 23624 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2011-10-12 12:21 . 2011-05-14 15:56 414368 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 08:41 . 2008-07-29 17:59 612352 ----a-w- d:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2001-11-22 12:00 20992 ----a-w- d:\windows\system32\oleaccrc.dll
2011-09-26 08:41 . 2001-11-22 12:00 220160 ----a-w- d:\windows\system32\oleacc.dll
2011-09-09 09:11 . 2008-04-14 06:00 600064 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 14:09 . 2008-04-14 05:36 1858944 ----a-w- d:\windows\system32\win32k.sys
2011-08-24 17:39 . 2011-01-12 15:16 323816 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2011-08-22 23:40 . 2008-04-14 06:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-08-22 23:40 . 2008-04-14 06:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-08-22 23:40 . 2008-04-14 06:00 43520 ------w- d:\windows\system32\licmgr10.dll
2011-08-22 11:58 . 2008-04-14 05:37 385024 ------w- d:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-13 09:19 138496 ----a-w- d:\windows\system32\drivers\afd.sys
2011-08-03 11:49 . 2011-07-13 22:51 61440 ----a-w- d:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-07-13 22:50 5427200 ----a-w- d:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2011-07-13 22:50 2387560 ----a-w- d:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-07-13 22:50 2090088 ----a-w- d:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-07-13 22:50 17186816 ----a-w- d:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2011-07-13 22:50 16191488 ----a-w- d:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2011-07-13 22:50 2404864 ----a-w- d:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2011-01-12 15:39 4210816 ----a-w- d:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2011-01-12 15:39 12542592 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2011-07-25 11:44 . 2011-07-25 11:44 15872 ----a-w- d:\windows\system32\drivers\HpqKbFiltr.sys
2011-07-25 11:44 . 2011-07-25 11:44 1419232 ----a-w- d:\windows\system32\drivers\wdfcoinstaller01005.dll
2011-10-06 19:59 . 2011-07-18 13:53 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AntiLogger"="d:\program files\AntiLogger\AntiLogger.exe" [2011-09-26 2976200]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="d:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"Smart Start UP"="d:\program files\NewSoft\Smart Start UP\PnPDetect.exe" [2007-04-27 104528]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-06 115560]
"DivX Download Manager"="d:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- d:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-07-05 07:08 1632360 ----a-w- d:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 14:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Winamp\\winamp.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Oyunlar\\microsoft games\\rise.exe"=
"c:\\Oyunlar\\microsoft games\\nations.exe"=
"c:\\Program Files\\valve\\hl.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"d:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;d:\windows\system32\drivers\SmartDefragDriver.sys [10/17/2011 17:53 14776]
R1 AntiLog32;AntiLog32;d:\program files\AntiLogger\AntiLog32.sys [9/26/2011 13:41 122072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/19/2011 00:14 105592]
R3 vmfilter303;vmfilter303;d:\windows\system32\drivers\vmfilter303.sys [1/14/2011 16:39 428160]
S0 is3srv;is3srv;d:\windows\system32\drivers\is3srv.sys --> d:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;d:\windows\system32\DRIVERS\szkg.sys --> d:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;d:\windows\system32\drivers\szkgfs.sys --> d:\windows\system32\drivers\szkgfs.sys [?]
S1 MpKsl19a41094;MpKsl19a41094;\??\d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{602D7E2E-BEC3-4126-88E2-7BA82B68EA67}\MpKsl19a41094.sys --> d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{602D7E2E-BEC3-4126-88E2-7BA82B68EA67}\MpKsl19a41094.sys [?]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 20:32 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/16/2011 19:22 2255464]
S3 A38CCID;CCID USB Smart Card Reader;d:\windows\system32\drivers\a38ccid.sys [2/1/2011 00:58 38016]
S3 COH_Mon;COH_Mon;d:\windows\system32\drivers\COH_Mon.sys [10/6/2009 13:32 23888]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 gupdatem;Google Güncelleme Hizmeti (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/13/2011 20:32 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;d:\windows\system32\drivers\hitmanpro35.sys [6/7/2011 17:03 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\d:\windows\system32\drivers\mbamswissarmy.sys --> d:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 d:\windows\Tasks\Advanced Registry Optimizer.job
- d:\program files\Advanced Registry Optimizer\ARO.exe [2011-01-12 08:07]
.
2011-07-13 d:\windows\Tasks\DriverScanner.job
- d:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-13 08:22]
.
2011-10-20 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 17:32]
.
2011-10-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 17:32]
.
2011-10-17 d:\windows\Tasks\SmartDefrag_Startup.job
- d:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-27 07:35]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Microsoft Excel'e &Ver - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\documents and settings\Mithat\Application Data\Mozilla\Firefox\Profiles\t30isd63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&ilc=12&vl=lang_tr&type=642886&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(35856)
d:\windows\system32\WININET.dll
d:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
d:\windows\system32\webcheck.dll
.
Completion time: 2011-10-21 18:33:47
ComboFix-quarantined-files.txt 2011-10-21 15:33
ComboFix2.txt 2011-10-21 14:54
ComboFix3.txt 2011-10-20 12:12
.
Pre-Run: 33,448,173,568 bayt boş
Post-Run: 33,425,174,528 bayt boş
.
- - End Of File - - D07D18F861D5F6332DEB4BBF3ED61DE7

#8 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 21 October 2011 - 07:08 PM

Looks clean as well....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#9 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 21 October 2011 - 08:11 PM

I shuld state that XP restarted while first run and I ve dowloaded OTL again..in the second run I ve forgotten to click "scan all users" but it completed the scan and created the log files but while trying to paste log files here restarted again..i ve downloaded OTL again and squick scanned..i dont know the log files belongs the final run or not because i didnt erase the previous ones..

OTL logfile created on: 10/21/2011 22:58:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Mithat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.69% Memory free
3.35 Gb Paging File | 2.97 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 98.27 Gb Total Space | 19.27 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive D: | 50.77 Gb Total Space | 31.35 Gb Free Space | 61.74% Space Free | Partition Type: NTFS

Computer Name: FATIH | User Name: Mithat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 22:58:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Mithat\Desktop\OTL.exe
PRC - [2011/10/06 22:59:08 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/26 13:41:35 | 002,976,200 | ---- | M] (Zemana Ltd.) -- D:\Program Files\AntiLogger\AntiLogger.exe
PRC - [2010/12/09 00:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- D:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2009/10/06 13:32:14 | 001,455,432 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/06 13:32:14 | 000,115,560 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/06 13:32:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/06 13:32:12 | 002,477,304 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/06 13:32:12 | 001,864,888 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/14 09:00:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/02/04 13:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- D:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/06 22:59:07 | 001,833,944 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - [2011/08/03 14:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/10/06 13:32:14 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/06 13:32:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/06 13:32:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/06 13:32:12 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/06 13:32:12 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- D:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - [2011/10/19 00:02:35 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/26 13:41:38 | 000,122,072 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- D:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011/09/15 11:21:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\VirusDefs\20111021.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/15 11:21:24 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/15 11:21:24 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/15 11:21:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\VirusDefs\20111021.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/24 20:39:38 | 000,323,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/07/25 14:44:24 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011/07/14 02:22:20 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2009/12/16 00:37:14 | 000,038,016 | ---- | M] (Advanced Card Systems Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\a38ccid.sys -- (A38CCID)
DRV - [2009/10/06 13:32:16 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/10/06 13:32:14 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/06 13:32:14 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/06 13:32:14 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- D:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/10/06 13:32:14 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/10/06 13:32:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/06 13:32:10 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/06 13:32:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/06 13:32:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/06 13:32:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006/12/01 15:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 11:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2005/06/07 16:00:00 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/10/14 17:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 18:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC A5 EC 78 7B B2 CB 01 [binary data]
IE - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.tr/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&ilc=12&vl=lang_tr&type=642886&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/14 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/14 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/10/06 22:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/10/21 17:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/10/06 22:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/10/21 17:16:23 | 000,000,000 | ---D | M]

[2011/01/12 21:13:40 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Mithat\Application Data\Mozilla\Extensions
[2011/09/24 23:11:02 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Mithat\Application Data\Mozilla\Firefox\Profiles\t30isd63.default\extensions
[2011/09/24 23:11:02 | 000,000,000 | ---D | M] (Flagfox) -- D:\Documents and Settings\Mithat\Application Data\Mozilla\Firefox\Profiles\t30isd63.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/03/12 23:14:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Mithat\Application Data\Mozilla\Firefox\Profiles\t30isd63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 19:23:10 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/07/18 16:39:58 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/18 16:39:59 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/18 16:40:00 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/06 22:59:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/12 00:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/06 22:59:05 | 000,001,182 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-tr.xml
[2011/10/06 22:59:05 | 000,000,956 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-tr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = d:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = D:\Documents and Settings\Mithat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = D:\Documents and Settings\Mithat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

O1 HOSTS File: ([2011/10/20 15:03:03 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Oturum Açma Yardım Aracı) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O4 - HKLM..\Run: [AntiLogger] D:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenu] D:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] D:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Smart Start UP] D:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe (NewSoft Technology Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1708537768-854245398-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05D9A9C3-6211-41C6-9E4A-3C3BA57FD11C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) -D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\Mithat\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Mithat\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/12 16:52:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.divxa32 - D:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 22:55:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Mithat\Desktop\OTL.exe
[2011/10/21 19:32:33 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/10/21 18:39:47 | 008,922,408 | ---- | C] (OPSWAT, Inc.) -- D:\Documents and Settings\Mithat\Desktop\AppRemover.exe
[2011/10/21 18:34:11 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp
[2011/10/21 17:32:21 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\{74C839EA-2796-4223-8C11-81A29F465536}
[2011/10/20 23:14:43 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Mithat\Recent
[2011/10/20 22:38:29 | 000,607,260 | R--- | C] (Swearware) -- D:\Documents and Settings\Mithat\Desktop\dds.scr
[2011/10/20 22:38:04 | 001,916,416 | ---- | C] (AVAST Software) -- D:\Documents and Settings\Mithat\Desktop\aswMBR.exe
[2011/10/20 22:33:36 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Mithat\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 14:52:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Application Data\TrojanHunter
[2011/10/20 00:31:06 | 000,000,000 | ---D | C] -- D:\Program Files\TrojanHunter 5.5
[2011/10/19 20:49:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/10/19 20:33:39 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Security Client
[2011/10/19 20:19:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft Forefront
[2011/10/19 20:18:08 | 000,000,000 | ---D | C] -- D:\Program Files\System Center Management Packs
[2011/10/19 18:42:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Local Settings\Application Data\SolarWinds
[2011/10/19 18:42:10 | 000,000,000 | ---D | C] -- D:\Program Files\SolarWinds
[2011/10/19 07:23:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Application Data\Malwarebytes
[2011/10/19 07:22:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/19 07:18:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Desktop\Results
[2011/10/19 01:10:52 | 000,000,000 | ---D | C] -- D:\Fdawn
[2011/10/19 00:34:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Local Settings\Application Data\ESET
[2011/10/19 00:34:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Application Data\ESET
[2011/10/19 00:34:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/10/19 00:04:13 | 000,167,936 | ---- | C] (Symantec Corporation) -- D:\WINDOWS\System32\drivers\wpshelper.sys
[2011/10/19 00:02:53 | 000,092,488 | ---- | C] (Symantec Corporation) -- D:\WINDOWS\System32\drivers\SysPlant.sys
[2011/10/19 00:02:19 | 000,124,976 | ---- | C] (Symantec Corporation) -- D:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/19 00:02:19 | 000,060,808 | ---- | C] (Symantec Corporation) -- D:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/19 00:01:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programlar\Symantec Endpoint Protection
[2011/10/18 23:06:57 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2011/10/18 22:44:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/10/18 20:34:42 | 000,000,000 | ---D | C] -- D:\cc0e18cec9414563afdd6aeb06
[2011/10/18 20:34:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot_bak
[2011/10/18 20:33:33 | 000,000,000 | ---D | C] -- D:\fe814a6a3bdafe5c8a38b8f8124851
[2011/10/18 17:07:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/18 17:07:57 | 000,000,000 | ---D | C] -- D:\Program Files\Panda Security
[2011/10/18 16:41:43 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2011/10/18 00:54:56 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[2011/10/18 00:54:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/18 00:32:24 | 000,000,000 | ---D | C] -- D:\5e6283f078e8d8df3342ad1c471e5a
[2011/10/17 20:42:26 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Mithat\Start Menu\Programlar\Yönetimsel Araçlar
[2011/10/17 19:57:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Application Data\IObit
[2011/10/17 19:30:50 | 000,000,000 | -H-D | C] -- D:\WINDOWS\System32\GroupPolicy
[2011/10/16 21:44:59 | 000,000,000 | ---D | C] -- D:\Program Files\ASUS
[2011/10/16 21:26:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programlar\SoundMAX
[2011/10/16 19:22:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/10/16 17:17:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Mithat\Start Menu\Programlar\Winamp Algılayıcı
[2011/10/16 16:46:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/10/15 12:40:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\system32
[2011/10/15 12:40:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\system32\DRIVERS
[2011/09/26 22:12:00 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\{37D03AD2-1C4A-4C63-AAEE-7DDE8535DD3C}
[2011/07/13 13:59:50 | 000,013,880 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\kbfiltr.sys
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 22:58:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Mithat\Desktop\OTL.exe
[2011/10/21 22:58:00 | 000,001,008 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/21 22:56:54 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/10/21 21:24:04 | 000,302,824 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 21:02:21 | 000,000,268 | ---- | M] () -- D:\WINDOWS\tasks\Advanced Registry Optimizer.job
[2011/10/21 19:58:00 | 000,001,004 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 19:28:20 | 000,023,624 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/21 18:40:05 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- D:\Documents and Settings\Mithat\Desktop\AppRemover.exe
[2011/10/21 17:16:23 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/20 22:38:29 | 000,607,260 | R--- | M] (Swearware) -- D:\Documents and Settings\Mithat\Desktop\dds.scr
[2011/10/20 22:38:05 | 001,916,416 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Mithat\Desktop\aswMBR.exe
[2011/10/20 22:37:08 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\Mithat\Desktop\6uiy2xcy.exe
[2011/10/20 22:33:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Mithat\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/20 20:01:54 | 000,421,936 | ---- | M] () -- D:\WINDOWS\System32\perfh041.dat
[2011/10/20 20:01:54 | 000,077,490 | ---- | M] () -- D:\WINDOWS\System32\perfc041.dat
[2011/10/20 20:01:53 | 000,434,952 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/10/20 20:01:53 | 000,068,040 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/10/20 19:28:14 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/10/20 15:03:03 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/10/20 00:31:26 | 000,059,392 | R--- | M] () -- D:\WINDOWS\System32\streamhlp.dll
[2011/10/20 00:18:03 | 000,001,912 | ---- | M] () -- D:\WINDOWS\epplauncher.mif
[2011/10/20 00:17:26 | 000,000,402 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/10/19 23:12:45 | 000,014,355 | ---- | M] () -- D:\Documents and Settings\Mithat\Belgelerim\Trojan.rtf
[2011/10/19 22:15:57 | 000,000,069 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2011/10/19 08:24:50 | 000,006,622 | ---- | M] () -- D:\Documents and Settings\Mithat\Desktop\Results.rar
[2011/10/19 00:02:35 | 000,124,976 | ---- | M] (Symantec Corporation) -- D:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/10/19 00:02:35 | 000,060,808 | ---- | M] (Symantec Corporation) -- D:\WINDOWS\System32\S32EVNT1.DLL
[2011/10/19 00:02:35 | 000,007,456 | ---- | M] () -- D:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/19 00:02:35 | 000,000,806 | ---- | M] () -- D:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/18 18:57:44 | 000,017,408 | ---- | M] () -- D:\Documents and Settings\Mithat\Local Settings\Application Data\WebpageIcons.db
[2011/10/18 18:49:17 | 000,023,672 | ---- | M] () -- D:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/10/18 18:33:13 | 000,004,088 | ---- | M] () -- D:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/10/18 17:14:22 | 000,008,627 | ---- | M] () -- D:\WINDOWS\System32\PAV_FOG.OPC
[2011/10/18 01:21:44 | 000,002,577 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2011/10/17 17:53:03 | 000,000,841 | ---- | M] () -- D:\Documents and Settings\Mithat\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2011/10/17 17:51:01 | 000,000,282 | ---- | M] () -- D:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/10/16 22:15:05 | 000,000,049 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2011/10/16 19:27:58 | 000,280,276 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/16 19:27:58 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011/10/16 19:27:18 | 000,280,276 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/16 19:21:07 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\nvdrswr.lk
[2011/10/16 17:17:44 | 000,000,672 | ---- | M] () -- D:\Documents and Settings\Mithat\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/10/16 17:17:44 | 000,000,654 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/10/13 19:42:42 | 000,423,064 | ---- | M] () -- D:\WINDOWS\System32\perfh01F.dat
[2011/10/13 19:42:42 | 000,078,224 | ---- | M] () -- D:\WINDOWS\System32\perfc01F.dat
[2011/10/10 01:02:35 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/30 07:17:14 | 000,422,664 | ---- | M] () -- D:\Documents and Settings\Mithat\Desktop\kpdssonbaharkilavuz.pdf
[2011/09/26 22:12:02 | 000,034,704 | ---- | M] () -- D:\WINDOWS\syscall.dat
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 17:16:23 | 000,001,729 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/20 22:37:07 | 000,302,592 | ---- | C] () -- D:\Documents and Settings\Mithat\Desktop\6uiy2xcy.exe
[2011/10/20 19:23:34 | 000,421,936 | ---- | C] () -- D:\WINDOWS\System32\perfh041.dat
[2011/10/20 19:23:34 | 000,077,490 | ---- | C] () -- D:\WINDOWS\System32\perfc041.dat
[2011/10/20 00:31:07 | 000,059,392 | R--- | C] () -- D:\WINDOWS\System32\streamhlp.dll
[2011/10/19 23:12:45 | 000,014,355 | ---- | C] () -- D:\Documents and Settings\Mithat\Belgelerim\Trojan.rtf
[2011/10/19 20:35:53 | 000,001,912 | ---- | C] () -- D:\WINDOWS\epplauncher.mif
[2011/10/19 08:24:50 | 000,006,622 | ---- | C] () -- D:\Documents and Settings\Mithat\Desktop\Results.rar
[2011/10/19 00:02:19 | 000,007,456 | ---- | C] () -- D:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/10/19 00:02:19 | 000,000,806 | ---- | C] () -- D:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/10/18 18:57:42 | 000,017,408 | ---- | C] () -- D:\Documents and Settings\Mithat\Local Settings\Application Data\WebpageIcons.db
[2011/10/18 18:48:14 | 000,023,672 | ---- | C] () -- D:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/10/18 18:32:37 | 000,004,088 | ---- | C] () -- D:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/10/18 17:12:52 | 000,008,627 | ---- | C] () -- D:\WINDOWS\System32\PAV_FOG.OPC
[2011/10/17 19:31:58 | 000,000,402 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/10/17 17:53:04 | 000,025,944 | ---- | C] () -- D:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/17 17:53:04 | 000,014,776 | ---- | C] () -- D:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/10/17 17:51:01 | 000,000,282 | ---- | C] () -- D:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/10/16 21:45:16 | 000,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2011/10/16 21:45:16 | 000,004,962 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2011/10/16 19:21:07 | 000,280,276 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011/10/16 19:21:07 | 000,280,276 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011/10/16 19:21:07 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011/10/16 19:21:07 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\nvdrswr.lk
[2011/10/16 17:17:44 | 000,000,672 | ---- | C] () -- D:\Documents and Settings\Mithat\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/10/16 17:17:44 | 000,000,654 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2011/10/15 12:55:35 | 000,005,810 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2011/09/30 07:17:14 | 000,422,664 | ---- | C] () -- D:\Documents and Settings\Mithat\Desktop\kpdssonbaharkilavuz.pdf
[2011/07/14 01:50:56 | 002,128,778 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011/07/14 01:25:53 | 000,000,552 | ---- | C] () -- D:\WINDOWS\System32\d3d8caps.dat
[2011/07/13 14:49:29 | 000,081,936 | ---- | C] () -- D:\WINDOWS\System32\RtNicProp32.dll
[2011/07/06 00:53:35 | 000,063,724 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2011/06/07 17:03:20 | 000,023,624 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/30 02:00:51 | 000,005,745 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/04/29 23:43:36 | 000,000,049 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2011/04/22 19:11:04 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2011/01/19 16:18:10 | 000,000,412 | ---- | C] () -- D:\WINDOWS\MAXLINK.INI
[2011/01/14 16:39:44 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\setupfilter.exe
[2011/01/13 18:05:18 | 000,000,204 | ---- | C] () -- D:\WINDOWS\ChssBase.ini
[2011/01/13 00:57:04 | 000,034,704 | ---- | C] () -- D:\WINDOWS\syscall.dat
[2011/01/12 22:03:58 | 000,033,280 | ---- | C] () -- D:\Documents and Settings\Mithat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 21:13:36 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2011/01/12 18:44:08 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011/01/12 18:42:37 | 000,302,824 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 16:54:42 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011/01/12 16:49:16 | 000,021,736 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 09:15:26 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2001/11/22 15:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/11/22 15:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001/11/22 15:00:00 | 000,434,952 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001/11/22 15:00:00 | 000,423,064 | ---- | C] () -- D:\WINDOWS\System32\perfh01F.dat
[2001/11/22 15:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001/11/22 15:00:00 | 000,261,146 | ---- | C] () -- D:\WINDOWS\System32\perfi01F.dat
[2001/11/22 15:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001/11/22 15:00:00 | 000,078,224 | ---- | C] () -- D:\WINDOWS\System32\perfc01F.dat
[2001/11/22 15:00:00 | 000,068,040 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001/11/22 15:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001/11/22 15:00:00 | 000,032,156 | ---- | C] () -- D:\WINDOWS\System32\perfd01F.dat
[2001/11/22 15:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001/11/22 15:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001/11/22 15:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/18 00:44:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/18 01:21:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/19 17:39:13 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/07 17:05:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/19 18:59:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Newsoft
[2011/10/18 18:01:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2011/01/19 16:18:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/10/18 18:49:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/10/21 19:31:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/26 22:12:00 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{37D03AD2-1C4A-4C63-AAEE-7DDE8535DD3C}
[2011/07/06 00:25:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/21 17:32:21 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{74C839EA-2796-4223-8C11-81A29F465536}
[2011/02/04 00:46:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Canon
[2011/07/20 18:09:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\ChessBase
[2011/03/07 21:27:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Empire XP
[2011/10/19 00:34:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\ESET
[2011/10/17 23:42:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\IObit
[2011/04/17 14:01:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Mount&Blade Warband
[2011/07/13 13:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\OpenCandy
[2011/01/12 22:57:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Sammsoft
[2011/01/19 16:18:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\ScanSoft
[2011/07/14 01:25:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\SystemRequirementsLab
[2011/03/09 12:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Thinstall
[2011/10/20 14:52:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\TrojanHunter
[2011/07/13 13:11:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Uniblue
[2011/01/12 23:02:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\URSoft
[2011/10/21 21:02:21 | 000,000,268 | ---- | M] () -- D:\WINDOWS\Tasks\Advanced Registry Optimizer.job
[2011/07/13 13:21:36 | 000,000,262 | ---- | M] () -- D:\WINDOWS\Tasks\DriverScanner.job
[2011/10/17 17:51:01 | 000,000,282 | ---- | M] () -- D:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/10/21 18:33:58 | 000,018,815 | ---- | M] () -- D:\ComboFix.txt
[2011/10/21 22:56:46 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys
[2011/10/21 20:47:30 | 000,000,457 | ---- | M] () -- D:\rkill.log
[2011/10/16 21:23:54 | 000,002,864 | ---- | M] () -- D:\SMax.log
[2011/10/16 19:20:25 | 000,002,813 | ---- | M] () -- D:\SMax.log.bak
[2011/10/19 17:36:08 | 000,052,220 | ---- | M] () -- D:\TDSSKiller.2.6.11.0_19.10.2011_17.35.37_log.txt
[2011/10/20 00:29:43 | 000,055,176 | ---- | M] () -- D:\TDSSKiller.2.6.11.0_20.10.2011_00.28.26_log.txt
[2011/10/20 20:11:29 | 000,106,036 | ---- | M] () -- D:\TDSSKiller.2.6.11.0_20.10.2011_20.10.01_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/01/12 16:52:12 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/16 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD93.DLL
[2007/04/16 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP93.DLL
[2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 13:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/01/12 18:42:05 | 000,094,208 | ---- | M] () -- D:\WINDOWS\System32\config\default.sav
[2011/01/12 18:42:05 | 001,089,536 | ---- | M] () -- D:\WINDOWS\System32\config\software.sav
[2011/01/12 18:42:05 | 000,450,560 | ---- | M] () -- D:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/01/18 01:26:03 | 000,000,286 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/12 17:01:07 | 000,000,130 | -HS- | M] () -- D:\Documents and Settings\Mithat\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/01/12 17:01:06 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Mithat\Application Data\Microsoft\Internet Explorer\Quick Launch\Masaüstünü Göster.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/20 22:37:08 | 000,302,592 | ---- | M] () -- D:\Documents and Settings\Mithat\Desktop\6uiy2xcy.exe
[2011/10/21 18:40:05 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- D:\Documents and Settings\Mithat\Desktop\AppRemover.exe
[2011/10/20 22:38:05 | 001,916,416 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Mithat\Desktop\aswMBR.exe
[2011/10/20 22:33:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Mithat\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/21 22:58:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Mithat\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/20 00:17:26 | 000,000,402 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/21 22:57:51 | 000,049,152 | ---- | M] () -- D:\Documents and Settings\Mithat\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 09:00:56 | 000,204,800 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\inf\unregmp2.exe
[2006/06/23 14:48:54 | 000,032,768 | ---- | M] (AsusTek Inc.) -- D:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 09:00:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\custsat.dll
[2007/04/02 11:07:24 | 000,004,821 | R--- | M] () -- D:\Program Files\Messenger\logowin.gif
[2007/04/02 12:07:24 | 000,007,047 | ---- | M] () -- D:\Program Files\Messenger\lvback.gif
[2008/05/02 17:01:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgslang.dll
[2008/04/14 10:00:48 | 001,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2007/04/02 12:07:24 | 000,002,882 | ---- | M] () -- D:\Program Files\Messenger\newalert.wav
[2007/04/02 12:07:24 | 000,006,156 | ---- | M] () -- D:\Program Files\Messenger\newemail.wav
[2007/04/02 12:07:26 | 000,006,160 | ---- | M] () -- D:\Program Files\Messenger\online.wav
[2007/04/02 12:07:28 | 000,004,454 | ---- | M] () -- D:\Program Files\Messenger\type.wav
[2007/09/19 01:54:22 | 000,123,104 | ---- | M] () -- D:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-20 17:01:23

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51

< End of report >

OTL Extras logfile created on: 10/21/2011 22:47:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Documents and Settings\Mithat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041f | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.77% Memory free
3.35 Gb Paging File | 3.05 Gb Available in Paging File | 90.98% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 98.27 Gb Total Space | 19.27 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
Drive D: | 50.77 Gb Total Space | 31.38 Gb Free Space | 61.80% Space Free | Partition Type: NTFS

Computer Name: FATIH | User Name: Mithat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Winamp\winamp.exe" = D:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"D:\Program Files\Google\Google Earth\client\googleearth.exe" = D:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Oyunlar\microsoft games\rise.exe" = C:\Oyunlar\microsoft games\rise.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Oyunlar\microsoft games\nations.exe" = C:\Oyunlar\microsoft games\nations.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\valve\hl.exe" = C:\Program Files\valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"D:\Program Files\Common Files\Symantec Shared\ccApp.exe" = D:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38/100/122 PC/SC Driver 1.1.2.0
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Karşıya Yükleme Aracı
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{2C0072BF-44E5-42cc-98A5-D317948220B7}" = Windows 7 Yükseltme Danışmanı
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C941f-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41D88151-B141-4751-989A-0423ACA8F4AD}" = FEP2010 Security MP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F25BBF0-8CBA-47CB-8E7B-EEE29C434FD3}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{862ACB14-04CE-46BC-8652-9EA203178DD7}" = STOPzilla
"{881CEFE8-F03B-49CE-BB6D-AE4A7E107424}" = Empire XP 5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-041F-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Turkish) 12
"{90120000-0015-041F-0000-0000000FF1CE}" = Microsoft Office Access MUI (Turkish) 2007
"{90120000-0015-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-041F-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Turkish) 2007
"{90120000-0016-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-041F-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Turkish) 2007
"{90120000-0018-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-041F-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Turkish) 2007
"{90120000-0019-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Turkish) 2007
"{90120000-001A-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-041F-0000-0000000FF1CE}" = Microsoft Office Word MUI (Turkish) 2007
"{90120000-001B-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
"{90120000-001F-041F-0000-0000000FF1CE}_ENTERPRISE_{CB71F1CB-4CC3-47DE-B003-40413E64FE10}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-041F-0000-0000000FF1CE}" = Microsoft Office Proofing (Turkish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-041F-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Turkish) 2007
"{90120000-0044-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-041F-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Turkish) 2007
"{90120000-006E-041F-0000-0000000FF1CE}_ENTERPRISE_{5BAE8A52-83CD-4A7B-90B0-5EFB57FD78C8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-041F-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Turkish) 2007
"{90120000-00A1-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-041F-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Turkish) 2007
"{90120000-00BA-041F-0000-0000000FF1CE}_ENTERPRISE_{1FD10452-5023-4673-A939-7A2D1B4DCCB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1055-7B44-A94000000001}" = Adobe Reader 9.4.6 - Turkish
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Denetim Masası 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafik Sürücüsü 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA NView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Güncelleştirmeleri 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B690521E-51E2-4AA2-B7BA-BEBE18602ED4}" = Playchess
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}" = Presto! Mr. Photo 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D926BF53-9A73-4B58-90E0-A1B48FFC3913}" = Windows Live Messenger
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8BFDEB8-9D2A-40CF-9E2C-FCA68FFAD959}" = Windows Live Oturum Açma Yardımcısı
"{FEED61F5-C811-42D2-B924-E8AE01B335E1}" = Windows Live Temel Parçalar
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"0942775975678D6CC510D2C2F022CD956CCF177E" = Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
"A9B944A9EADA685F103858C6923BF5DD8E127C2C" = Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Counter-Strike 1.6 Bot Paketi 1.0" = Counter-Strike 1.6 Bot Paketi 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"F02CC611741E33C64CDEAEEE2C7A46E41719B2CC" = Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
"GOM Player" = GOM Player
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Firefox 7.0.1 (x86 tr)" = Mozilla Firefox 7.0.1 (x86 tr)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero8Lite_is1" = Nero 8 Micro 8.1.1.0
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"Smart Defrag 2_is1" = Smart Defrag 2
"SystemRequirementsLab" = System Requirements Lab
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Temel Parçalar
"WinRAR archiver" = WinRAR archiver
"YU2010_is1" = Your Uninstaller! 7
"ZemanaAntiMalware" = Hitman Pro 3.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Algılayıcı

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2011 01:14:00 | Computer Name = FATIH | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Infostealer.Gampass in File: D:\Documents and
Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ6.tmp by: Auto-Protect
scan. Action: Delete failed : Leave Alone failed. Action Description:

Error - 10/21/2011 01:14:01 | Computer Name = FATIH | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Infostealer.Gampass in File: D:\Documents and
Settings\Mithat\Local Settings\temp\av4B64.tmp by: Auto-Protect scan. Action: Delete
failed : Leave Alone failed. Action Description:

Error - 10/21/2011 10:11:59 | Computer Name = FATIH | Source = Userenv | ID = 1508
Description = Windows kayıt defterini yükleyemedi. Bu, genellikle yetersiz bellek
veya yetersiz güvenlik hakları nedeniyle oluşur. AYRINTI - Dosya başka bir işlem
tarafından kullanıldığından bu işlem dosyaya erişemiyor. - D:\Documents and Settings\Mithat\ntuser.dat

Error - 10/21/2011 10:12:31 | Computer Name = FATIH | Source = Userenv | ID = 1502
Description = Windows, yerel saklanan profili yükleyemiyor. Hasar görmüş profil
veya yetersi güvenlik hakları buna sebep olabilir. Bu sorun devam ederse, ağ yöneticinizle
bağlantıya geçin. AYRINTI - Dosya başka bir işlem tarafından kullanıldığından bu
işlem dosyaya erişemiyor.

Error - 10/21/2011 10:12:31 | Computer Name = FATIH | Source = Userenv | ID = 1515
Description = Windows, bu kullanıcının profilini yedeklemişti. Bu kullanıcı ileride
yeniden oturum açtığında, Windows otomatik olarak yedeklenmiş profili kullanmaya
çalışır.

Error - 10/21/2011 10:13:02 | Computer Name = FATIH | Source = Userenv | ID = 1511
Description = Windows, yerel profili bulamıyor ve geçici bir profil kullanarak oturum
açmanızı sağlıyor. Bu profilde yaptığınız değişiklikler, oturumu kapattığınızda
kaybolacak.

Error - 10/21/2011 12:41:44 | Computer Name = FATIH | Source = Userenv | ID = 1508
Description = Windows kayıt defterini yükleyemedi. Bu, genellikle yetersiz bellek
veya yetersiz güvenlik hakları nedeniyle oluşur. AYRINTI - Dosya başka bir işlem
tarafından kullanıldığından bu işlem dosyaya erişemiyor. - D:\Documents and Settings\Mithat\ntuser.dat

Error - 10/21/2011 12:42:15 | Computer Name = FATIH | Source = Userenv | ID = 1502
Description = Windows, yerel saklanan profili yükleyemiyor. Hasar görmüş profil
veya yetersi güvenlik hakları buna sebep olabilir. Bu sorun devam ederse, ağ yöneticinizle
bağlantıya geçin. AYRINTI - Dosya başka bir işlem tarafından kullanıldığından bu
işlem dosyaya erişemiyor.

Error - 10/21/2011 12:42:15 | Computer Name = FATIH | Source = Userenv | ID = 1515
Description = Windows, bu kullanıcının profilini yedeklemişti. Bu kullanıcı ileride
yeniden oturum açtığında, Windows otomatik olarak yedeklenmiş profili kullanmaya
çalışır.

Error - 10/21/2011 12:42:46 | Computer Name = FATIH | Source = Userenv | ID = 1511
Description = Windows, yerel profili bulamıyor ve geçici bir profil kullanarak oturum
açmanızı sağlıyor. Bu profilde yaptığınız değişiklikler, oturumu kapattığınızda
kaybolacak.

[ System Events ]
Error - 10/20/2011 08:18:57 | Computer Name = FATIH | Source = Service Control Manager | ID = 7023
Description = Automatic Updates hizmet aşağıdaki hata ile sona erdi: %%126

Error - 10/20/2011 08:33:05 | Computer Name = FATIH | Source = sr | ID = 1
Description = Sistem Geri Yükleme süzgeci beklenmeyen '0xC0000043' hatası ile 'HarddiskVolume2'
bölümünde 'SrtETmp' dosyasını işlerken karşılaştı . Bölümü izlemeyi durdurdu.

Error - 10/20/2011 08:33:09 | Computer Name = FATIH | Source = Service Control Manager | ID = 7000
Description = NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error - 10/20/2011 08:33:09 | Computer Name = FATIH | Source = Service Control Manager | ID = 7023
Description = Automatic Updates hizmet aşağıdaki hata ile sona erdi: %%126

Error - 10/20/2011 08:40:17 | Computer Name = FATIH | Source = Service Control Manager | ID = 7000
Description = NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error - 10/20/2011 08:40:17 | Computer Name = FATIH | Source = Service Control Manager | ID = 7023
Description = Automatic Updates hizmet aşağıdaki hata ile sona erdi: %%126

Error - 10/20/2011 08:48:19 | Computer Name = FATIH | Source = Service Control Manager | ID = 7000
Description = NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error - 10/20/2011 08:48:19 | Computer Name = FATIH | Source = Service Control Manager | ID = 7023
Description = Automatic Updates hizmet aşağıdaki hata ile sona erdi: %%126

Error - 10/20/2011 12:18:26 | Computer Name = FATIH | Source = Service Control Manager | ID = 7000
Description = NVIDIA Update Service Daemon hizmeti aşağıdaki hata nedeniyle başlatılamadı:
%%5

Error - 10/20/2011 12:18:26 | Computer Name = FATIH | Source = Service Control Manager | ID = 7023
Description = Automatic Updates hizmet aşağıdaki hata ile sona erdi: %%126

< End of report >

#10 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 21 October 2011 - 08:19 PM

Uninstall Advanced Registry Optimizer.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

========================================================================

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

========================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Stopped] -- -- (szserver)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Oturum A&#231;ma Yard&#305;m Arac&#305;) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
[2011/10/18 17:07:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/18 17:07:57 | 000,000,000 | ---D | C] -- D:\Program Files\Panda Security
[2011/10/18 00:54:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[2011/10/18 00:44:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/18 01:21:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/07 17:05:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/18 18:01:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/18 18:49:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/13 13:11:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Mithat\Application Data\Uniblue
@Alternate Data Stream - 190 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#11 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 21 October 2011 - 09:49 PM

I ve uninstalled ARO although it has registry backup option..Removed old version of Java by RavaRa and installed the java by using the link you ve given..Applied the OTL , Seccheck and TFC as u instructed..the log files are below..while applying ESET online scan unfortunately it restarted again..while I m retrying I wanted to post the log files so u may detect what was wrong..

All processes killed
========== OTL ==========
Service szserver stopped successfully!
Service szserver deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ not found.
D:\Documents and Settings\All Users\Application Data\Panda Security folder moved successfully.
D:\Program Files\Panda Security\Panda Secure Vault folder moved successfully.
D:\Program Files\Panda Security folder moved successfully.
D:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
D:\WINDOWS\000001_.tmp deleted successfully.
D:\WINDOWS\SET3.tmp deleted successfully.
D:\WINDOWS\SET4.tmp deleted successfully.
D:\WINDOWS\SET8.tmp deleted successfully.
D:\WINDOWS\System32\CONFIG.TMP deleted successfully.
D:\WINDOWS\System32\PerfStringBackup.TMP deleted successfully.
D:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
Folder D:\Documents and Settings\All Users\Application Data\AVAST Software\ not found.
D:\Documents and Settings\All Users\Application Data\Hitman Pro\Quarantine folder moved successfully.
D:\Documents and Settings\All Users\Application Data\Hitman Pro folder moved successfully.
Folder D:\Documents and Settings\All Users\Application Data\Panda Security\ not found.
D:\Documents and Settings\All Users\Application Data\STOPzilla!\vdbupdate folder moved successfully.
D:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb folder moved successfully.
D:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
D:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue\SystemTweaker\_temp folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue\SystemTweaker folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue\DriverScanner\_temp folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue\DriverScanner\drivers folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue\DriverScanner folder moved successfully.
D:\Documents and Settings\Mithat\Application Data\Uniblue folder moved successfully.
ADS D:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2636146 bytes
->Temporary Internet Files folder emptied: 1304310 bytes
->FireFox cache emptied: 57206089 bytes
->Flash cache emptied: 727 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mithat
->Temp folder emptied: 130994725 bytes
->Temporary Internet Files folder emptied: 6334504 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 39540009 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1165 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 15562401 bytes

Total Files Cleaned = 242.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Mithat
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10212011_235515

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java™ 6 Update 29
Out of date Java installed!
Adobe Reader 9.4.6 - Turkish
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

#12 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 21 October 2011 - 09:57 PM

I doubt we're dealing with any infection here, but I want you to finish the process.

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

#13 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 22 October 2011 - 07:53 AM

Hi...I removed the Adobe and installed the Foxit ...ESET has finished the complete scan in the 3rd trial and said no threats..in quarantine there was 3 exe (setup) files which I ve downloaded longtime ago (youruninstaller.exe, registrybooster.exe and winampsetup.exe) and I ve deleted them..

#14 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 22 October 2011 - 08:10 AM

I ve tried a full scan by Symantec and unfortunately it couldnt finish and restarted again..

#15 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 22 October 2011 - 03:12 PM

OK, let's try to see what's going on with those restarts...

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

=============================================================

Download and install SIW Multilanguage With Installer (SIW free version) (bottom of the screen)

Run the tool.
After it scans your computer, navigate to Hardware>Sensors and post all info from there.

Posted Image

#16 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 22 October 2011 - 04:24 PM

I had to leave for a few hours and while leaving I started a full scan by Symantec and when I came back found it restarted again and in quarantine there was Trojan.ADH.2 in System Volume directory..here is the results of last runs u asked..

==================================================
Dump File : Mini102211-07.dmp
Crash Time : 10/22/2011 1:40:17
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf08a6bf4
Parameter 2 : 0x00000000
Parameter 3 : 0x8a6aa94f
Parameter 4 : 0x00000002
Caused By Driver : nv4_disp.dll
Caused By Address : nv4_disp.dll+105d7
File Description : NVIDIA Windows XP Display driver, Version 280.26
Product Name : NVIDIA Windows XP Display driver, Version 280.26
Company : NVIDIA Corporation
File Version : 6.14.12.8026
Processor : 32-bit
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-06.dmp
Crash Time : 10/22/2011 12:40:06
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb27bf280
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-05.dmp
Crash Time : 10/22/2011 11:28:35
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2f04280
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-04.dmp
Crash Time : 10/22/2011 11:07:44
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2375280
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-03.dmp
Crash Time : 10/22/2011 1:39:53
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb23a8330
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-02.dmp
Crash Time : 10/22/2011 1:34:16
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2420a90
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102211-01.dmp
Crash Time : 10/22/2011 12:37:14
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2de9a90
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102211-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-12.dmp
Crash Time : 10/21/2011 10:56:46
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2bf61a0
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-12.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-11.dmp
Crash Time : 10/21/2011 10:44:36
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb21d0470
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-11.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-10.dmp
Crash Time : 10/21/2011 9:24:00
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb7e9d760
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-10.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-09.dmp
Crash Time : 10/21/2011 8:55:34
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2a551b0
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-09.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-08.dmp
Crash Time : 10/21/2011 8:43:53
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb269186c
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+1cbae
Stack Address 3 : win32k.sys+99ba9
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-08.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-07.dmp
Crash Time : 10/21/2011 8:39:33
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2993de0
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-07.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-06.dmp
Crash Time : 10/21/2011 7:41:24
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2940760
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-06.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-05.dmp
Crash Time : 10/21/2011 5:25:55
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2fb9dd0
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-04.dmp
Crash Time : 10/21/2011 5:11:38
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb3357280
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-04.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-03.dmp
Crash Time : 10/21/2011 7:53:06
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2a18dd0
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-02.dmp
Crash Time : 10/21/2011 7:26:26
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb335a280
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102111-01.dmp
Crash Time : 10/21/2011 7:23:29
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2744010
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102011-03.dmp
Crash Time : 10/20/2011 11:38:21
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb27fc010
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102011-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102011-02.dmp
Crash Time : 10/20/2011 11:31:40
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb285d010
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102011-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102011-01.dmp
Crash Time : 10/20/2011 11:16:10
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf812673
Parameter 3 : 0xb2244330
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+12673
File Description : Çok Kullanıcılı Win32 Sürücüsü
Product Name : Microsoft® Windows® İşletim Sistemi
Company : Microsoft Corporation
File Version : 5.1.2600.6149 (xpsp_sp3_gdr.110906-1620)
Processor : 32-bit
Crash Address : win32k.sys+12673
Stack Address 1 : win32k.sys+1193f
Stack Address 2 : win32k.sys+13096
Stack Address 3 : win32k.sys+c72c
Computer Name :
Full Path : D:\WINDOWS\Minidump\Mini102011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

Sensor Value Min Max
FATIH
ASUSTeK Computer INC. P5LD2-SE
Voltages
CPU VCORE 1.32 V 1.26 V 1.35 V
VIN0 1.86 V 1.86 V 1.88 V
AVCC 3.33 V 3.31 V 3.34 V
+3.3V 3.33 V 3.33 V 3.34 V
VIN1 1.69 V 1.68 V 1.70 V
VIN2 1.62 V 1.59 V 1.64 V
VIN3 1.62 V 1.61 V 1.64 V
VIN4 1.66 V 1.66 V 1.67 V
Temperatures
SYSTIN 34 °C (93 °F) 33 °C (91 °F) 35 °C (94 °F)
CPUTIN 45 °C (112 °F) 41 °C (104 °F) 46 °C (114 °F)
AUXTIN 45 °C (112 °F) 44 °C (110 °F) 45 °C (112 °F)
Fans
CPUFANIN0 1163 RPM 1155 RPM 1188 RPM
SAMSUNG HD160JJ
Temperatures
Assembly 40 °C (103 °F) 38 °C (100 °F) 40 °C (103 °F)
Air Flow 40 °C (103 °F) 38 °C (100 °F) 40 °C (103 °F)
NVIDIA GeForce 7300 LE
Temperatures
TMPIN0 59 °C (138 °F) 57 °C (134 °F) 59 °C (138 °F)

#17 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 22 October 2011 - 04:33 PM

Quote

there was Trojan.ADH.2 in System Volume directory.

Let's run final cleaning steps, which include resetting restore points (that's where the trojan has been found).

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

I'll comment on your previous post in my next reply.

#18 Broni Re: [Inactive] XP pro restart problem..

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:19 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 10h 30m 28s

Posted 22 October 2011 - 04:36 PM

Judging form BlueScreenView results you may have some issue with your video card.

Is this dedicated video card, or on-board video chip?

When was the last time you cleaned inside the case using a can of compressed air?

#19 Falconx67 Re: [Inactive] XP pro restart problem..

Member

16 posts
Joined: October 19, 2011
4 topics
Age: 44
Local time: 10:19 AM

Zodiac:Aquarius
Gender:Male
Interests:Computers, Fishing..:)
OS:Windows XP
Country:

Offline

Time Online: 12h 17m 17s

Posted 22 October 2011 - 05:31 PM

It was cleaned 2 weeks ago by technicians from which I ve bought the PC in 2007..I dont know if it is onboard or not ...my cpu fan was working very loudly as I started for the first time..they adjusted the fan RPM in boot setup ....I had to get it formatted two times (as they decided due to infection..) in last 4 years..but in about past one year while using my PC the CPU was fan very loudly especially while my sun playing games..I thought that it was due to games or other softwares and last 2 months it begun to restart randomly...then I got it to be repaired to same office and they recognized that the CPU temp was very high and fan fails to cool it..they said this was the reason..they cleaned the PC and repaired the fan and now it makes no noise but restart problem still exist.

So do u think the problem is a hardware problem ..? I posted the final log..All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mithat
->Temp folder emptied: 309026914 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39046562 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5077265 bytes

Total Files Cleaned = 337.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: Mithat
->Flash cache emptied: 0 bytes

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 10222011_195713

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...