PDA

View Full Version : help please with spyware !!



ozgur1318
2013-01-07, 01:57
hi i am ozgur ,
and i think my pc is infected.. since it is acting weird, slows down occasioanlly ,sometimes erorrs occurs before i do restart etc.( btw i have spybot -search and destroy 1.6.2. but it couldnt find them, nevermind. )
here are the DDS and aswMBR logs :

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16915 BrowserJavaVersion: 1.6.0_37
Run by mask at 22:32:21 on 2013-01-06
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1272 [GMT 2:00]
.
AV: avast! antivirus 4.8.1335 [VPS 100305-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\PROGRA~1\KURYAZ~1\SAYISA~1\Saat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.as-ya.com/arabul.html
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeCatch2 Class: {A5366673-E8CA-11D3-9CD9-0090271D075B} - c:\program files\flashget\Jccatch.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FlashGet Bar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - c:\program files\flashget\fgiebar.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [Facebook Update] "c:\documents and settings\mask\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Alarmli Sayisal Saat 2.11] c:\progra~1\kuryaz~1\sayisa~1\Saat.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\mask\startm~1\progra~1\balang~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download All by FlashGet - c:\progra~1\flashget\jc_all.htm
IE: Download using FlashGet - c:\progra~1\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxps://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5BD6F888-C2DD-4C6E-AEB1-35239B12252E} : NameServer = 4.2.2.1,4.2.2.2,4.2.2.2,4.4.2.2
TCP: Interfaces\{5BD6F888-C2DD-4C6E-AEB1-35239B12252E} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9FB36C43-0510-4F28-93F7-CD4919229FF2} : NameServer = 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.4
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs= , c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 209.85.229.99 www.youtube.com
Hosts: 209.85.229.99 youtube.com
Hosts: 74.125.43.103 docs.google.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mask\application data\mozilla\firefox\profiles\qstv0i50.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-30 01:37; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-09-02 09:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-11 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-18 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-18 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-11 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-11 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-18 723632]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-11-8 12184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-11 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-11 352920]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-28 9216]
S3 PAC207;PC CHIPS USB Camera;c:\windows\system32\drivers\pfc027.sys [2005-5-27 162304]
.
=============== Created Last 30 ================
.
2012-12-25 15:28:28 -------- d-----w- c:\program files\Superstar
2012-12-13 11:53:22 -------- d-----w- c:\program files\Isotx
.
==================== Find3M ====================
.
2012-12-30 22:32:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-30 22:32:11 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-12 14:25:02 286720 ----a-w- c:\windows\iun507.exe
2012-11-04 20:56:27 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 22:37:00,27 ===============
------------------------------------------------------------------

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 22:43:56
-----------------------------
22:43:56.150 OS Version: Windows 5.1.2600 Service Pack 3
22:43:56.150 Number of processors: 1 586 0xD08
22:43:56.150 ComputerName: MATRIX UserName: mask
22:44:04.302 Initialize success
22:48:24.516 AVAST engine defs: 13010601
22:52:53.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:52:53.172 Disk 0 Vendor: SAMSUNG_HM080JI YC100-04 Size: 76319MB BusType: 3
22:52:53.273 Disk 0 MBR read successfully
22:52:53.273 Disk 0 MBR scan
22:52:53.353 Disk 0 Windows XP default MBR code
22:52:53.383 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 46304 MB offset 63
22:52:53.393 Disk 0 Partition - 00 0F Extended LBA 30004 MB offset 94831695
22:52:53.423 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 30004 MB offset 94831758
22:52:53.473 Disk 0 scanning sectors +156280320
22:52:53.573 Disk 0 scanning C:\WINDOWS\system32\drivers
22:53:19.891 Service scanning
22:53:40.380 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:53:47.400 Modules scanning
22:53:56.193 Disk 0 trace - called modules:
22:53:56.213 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys sptd.sys >>UNKNOWN [0x8a6fd8ac]<<
22:53:56.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6abab8]
22:53:56.223 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a62e9e8]
22:53:56.223 5 ACPI.sys[ba67d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a62ed98]
22:53:56.223 \Driver\atapi[0x8a6b2738] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xbab38d60]
22:53:56.704 AVAST engine scan C:\WINDOWS
22:54:08.601 AVAST engine scan C:\WINDOWS\system32
22:58:42.895 AVAST engine scan C:\WINDOWS\system32\drivers
22:59:15.702 AVAST engine scan C:\Documents and Settings\mask
23:33:24.158 AVAST engine scan C:\Documents and Settings\All Users
23:34:47.137 Scan finished successfully
01:38:24.884 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mask\Desktop\MBR.dat"
01:38:24.904 The log file has been saved successfully to "C:\Documents and Settings\mask\Desktop\aswMBR1.txt"

------------------
thanks

torreattack
2013-01-15, 15:18
Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi ozgur1318 and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)


It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

===============================================

Sorry for being late.

1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Double click on TDSSKiller.exe to run it.
When the TDSSKiller finish loading, click on Start Scan.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

3. Please give me an update of your problems.

Thank you for your patience.
torreattack

ozgur1318
2013-01-16, 23:39
i am glad that u came. i was starting thinking that spybot'ters forgot me :s .
ok here are my logs:

22:59:48.0921 3060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:59:50.0924 3060 ============================================================
22:59:50.0924 3060 Current date / time: 2013/01/16 22:59:50.0924
22:59:50.0924 3060 SystemInfo:
22:59:50.0924 3060
22:59:50.0944 3060 OS Version: 5.1.2600 ServicePack: 3.0
22:59:50.0944 3060 Product type: Workstation
22:59:50.0944 3060 ComputerName: MATRIX
22:59:50.0944 3060 UserName: mask
22:59:50.0944 3060 Windows directory: C:\WINDOWS
22:59:50.0944 3060 System windows directory: C:\WINDOWS
22:59:50.0944 3060 Processor architecture: Intel x86
22:59:50.0944 3060 Number of processors: 1
22:59:50.0944 3060 Page size: 0x1000
22:59:50.0944 3060 Boot type: Normal boot
22:59:50.0944 3060 ============================================================
22:59:53.0798 3060 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:59:53.0798 3060 ============================================================
22:59:53.0798 3060 \Device\Harddisk0\DR0:
22:59:53.0798 3060 MBR partitions:
22:59:53.0798 3060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5A70410
22:59:53.0828 3060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5A7048E, BlocksNum 0x3A9A172
22:59:53.0828 3060 ============================================================
22:59:53.0878 3060 D: <-> \Device\Harddisk0\DR0\Partition2
22:59:53.0928 3060 C: <-> \Device\Harddisk0\DR0\Partition1
22:59:53.0928 3060 ============================================================
22:59:53.0928 3060 Initialize success
22:59:53.0928 3060 ============================================================
23:00:38.0873 0716 ============================================================
23:00:38.0873 0716 Scan started
23:00:38.0873 0716 Mode: Manual;
23:00:38.0873 0716 ============================================================
23:00:39.0443 0716 ================ Scan system memory ========================
23:00:39.0453 0716 System memory - ok
23:00:39.0453 0716 ================ Scan services =============================
23:00:39.0654 0716 [ 7E9AC7C353E49EA7E8B53C64C9814C27 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:00:39.0654 0716 Aavmker4 - ok
23:00:39.0664 0716 Abiosdsk - ok
23:00:39.0674 0716 abp480n5 - ok
23:00:39.0734 0716 [ BB0CF9772AAE5C5F9C8EFA6ABCB46CE7 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:00:39.0744 0716 ACPI - ok
23:00:39.0774 0716 [ 5D82ECC8B8F9F230DC88F7A68781B306 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:00:39.0784 0716 ACPIEC - ok
23:00:39.0794 0716 adpu160m - ok
23:00:39.0824 0716 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:00:39.0834 0716 aec - ok
23:00:39.0894 0716 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:00:39.0904 0716 AFD - ok
23:00:40.0014 0716 [ BA1EF9282AB269A984A150D6EBCE2E4D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:00:40.0044 0716 AgereSoftModem - ok
23:00:40.0054 0716 Aha154x - ok
23:00:40.0074 0716 aic78u2 - ok
23:00:40.0084 0716 aic78xx - ok
23:00:40.0155 0716 [ D0E6300E552368337AE47A78283EFA17 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:00:40.0155 0716 Alerter - ok
23:00:40.0185 0716 [ D5E9ED7E9023E83058FD01945C289269 ] ALG C:\WINDOWS\System32\alg.exe
23:00:40.0185 0716 ALG - ok
23:00:40.0195 0716 AliIde - ok
23:00:40.0205 0716 amsint - ok
23:00:40.0265 0716 [ 58AE1B7DCA03435A3AE2A40DE7F21D87 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:00:40.0275 0716 AppMgmt - ok
23:00:40.0325 0716 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:00:40.0335 0716 Arp1394 - ok
23:00:40.0345 0716 asc - ok
23:00:40.0355 0716 asc3350p - ok
23:00:40.0365 0716 asc3550 - ok
23:00:40.0525 0716 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:00:40.0535 0716 aspnet_state - ok
23:00:40.0555 0716 [ B4D09E666CB1D72F2CFAB3F8FB395518 ] aswFsBlk C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23:00:40.0555 0716 aswFsBlk - ok
23:00:40.0595 0716 [ 9C9A6C6E8805C43C372AD9AABEA39FD9 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:00:40.0595 0716 aswMon2 - ok
23:00:40.0625 0716 [ 4F25BB4A1299006AC04FA02D25A0E62D ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:00:40.0625 0716 aswRdr - ok
23:00:40.0655 0716 [ F8ABCEC435CB0F918C12FD84B6EAEE11 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:00:40.0665 0716 aswSP - ok
23:00:40.0685 0716 [ 95C9CCF994E7C39322AA2CA44A6F8382 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:00:40.0685 0716 aswTdi - ok
23:00:40.0795 0716 [ B4253776EE034F6770FCEE32C28490B0 ] aswUpdSv C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
23:00:40.0795 0716 aswUpdSv - ok
23:00:40.0825 0716 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:00:40.0835 0716 AsyncMac - ok
23:00:40.0846 0716 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:00:40.0846 0716 atapi - ok
23:00:40.0856 0716 Atdisk - ok
23:00:40.0936 0716 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:00:40.0946 0716 Ati HotKey Poller - ok
23:00:41.0076 0716 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:00:41.0096 0716 ati2mtag - ok
23:00:41.0136 0716 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:00:41.0136 0716 Atmarpc - ok
23:00:41.0186 0716 [ 95E8ECDE1014E41C2962C9311A53B433 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:00:41.0186 0716 AudioSrv - ok
23:00:41.0236 0716 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:00:41.0246 0716 audstub - ok
23:00:41.0276 0716 [ 62889D40A3FB1A9012428E16FE0DC67A ] avast! Antivirus C:\Program Files\Alwil Software\Avast4\ashServ.exe
23:00:41.0276 0716 avast! Antivirus - ok
23:00:41.0316 0716 [ F09461C8ECCACE33C271CC229F11E281 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
23:00:41.0316 0716 avast! Mail Scanner - ok
23:00:41.0366 0716 [ 23CA3E54474AE5FFDBC0F97B9E1815DB ] avast! Web Scanner C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
23:00:41.0376 0716 avast! Web Scanner - ok
23:00:41.0416 0716 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:00:41.0416 0716 Beep - ok
23:00:41.0496 0716 [ 175E298E7A00CEA36B24357CE5CAC97A ] BITS C:\WINDOWS\system32\qmgr.dll
23:00:41.0667 0716 BITS - ok
23:00:41.0727 0716 [ 3ECDADE496908B77AD077B3D9E4C30D9 ] Browser C:\WINDOWS\System32\browser.dll
23:00:41.0727 0716 Browser - ok
23:00:41.0747 0716 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:00:41.0747 0716 cbidf2k - ok
23:00:41.0817 0716 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:00:41.0817 0716 CCDECODE - ok
23:00:41.0827 0716 cd20xrnt - ok
23:00:41.0877 0716 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:00:41.0887 0716 Cdaudio - ok
23:00:41.0947 0716 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:00:41.0947 0716 Cdfs - ok
23:00:42.0027 0716 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:00:42.0037 0716 Cdrom - ok
23:00:42.0047 0716 Changer - ok
23:00:42.0097 0716 [ 3A0CEF7EF1F760D9B14DDC64F3ADC674 ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:00:42.0097 0716 CiSvc - ok
23:00:42.0147 0716 [ 32E967728A2FBB1CA8F8B81C8E14AE02 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:00:42.0167 0716 ClipSrv - ok
23:00:42.0217 0716 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:42.0268 0716 clr_optimization_v2.0.50727_32 - ok
23:00:42.0358 0716 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:00:42.0368 0716 CmBatt - ok
23:00:42.0488 0716 [ 43F95B863DF18D1DC7A52946159D4B5B ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:00:42.0498 0716 cmdAgent - ok
23:00:42.0518 0716 [ 985CDF0517E4E7648866C88720AF4C2C ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:00:42.0518 0716 cmdGuard - ok
23:00:42.0588 0716 [ 04420541157953921F10FB91A147A5F4 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:00:42.0588 0716 cmdHlp - ok
23:00:42.0598 0716 CmdIde - ok
23:00:42.0618 0716 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:00:42.0618 0716 Compbatt - ok
23:00:42.0618 0716 COMSysApp - ok
23:00:42.0638 0716 Cpqarray - ok
23:00:42.0698 0716 [ F23F008A3FC0231F238F932E96781860 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:00:42.0698 0716 CryptSvc - ok
23:00:42.0708 0716 dac2w2k - ok
23:00:42.0718 0716 dac960nt - ok
23:00:42.0798 0716 [ 49CA71B047C7E3D84D7004B96A93AB28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:00:42.0798 0716 DcomLaunch - ok
23:00:42.0818 0716 [ E2232C5F049655931B9291BF2D9ED934 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:00:42.0828 0716 Dhcp - ok
23:00:42.0858 0716 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:00:42.0858 0716 Disk - ok
23:00:42.0858 0716 dmadmin - ok
23:00:42.0918 0716 [ 75C73E044AC4B29B943153AADB0D7401 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:00:42.0939 0716 dmboot - ok
23:00:42.0989 0716 [ 66BF7BA8C0734C0DAB744833EC40F34D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:00:42.0999 0716 dmio - ok
23:00:43.0049 0716 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:00:43.0059 0716 dmload - ok
23:00:43.0089 0716 [ 7785D95AE8ACA7619B838AC296D94FEA ] dmserver C:\WINDOWS\System32\dmserver.dll
23:00:43.0089 0716 dmserver - ok
23:00:43.0149 0716 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:00:43.0149 0716 DMusic - ok
23:00:43.0209 0716 [ 9449181982E4E84ADB3A6BF9AC35A157 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:00:43.0209 0716 Dnscache - ok
23:00:43.0459 0716 [ 1D71549003DDC7E2088184013052718E ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:00:43.0469 0716 Dot3svc - ok
23:00:43.0469 0716 dpti2o - ok
23:00:43.0509 0716 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:00:43.0519 0716 drmkaud - ok
23:00:43.0549 0716 [ B94E2A6BD22C5531675D3420F3554FD2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:00:43.0559 0716 EapHost - ok
23:00:43.0599 0716 [ F793F397C6214A74BA5EEF98F5E9510C ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:00:43.0609 0716 ERSvc - ok
23:00:43.0650 0716 [ 782EE83D0F77F497ECF0A07DA1C3589F ] Eventlog C:\WINDOWS\system32\services.exe
23:00:43.0660 0716 Eventlog - ok
23:00:43.0720 0716 [ 49EC8FCE84F0D35D99F405FDD7A69CEF ] EventSystem C:\WINDOWS\system32\es.dll
23:00:43.0730 0716 EventSystem - ok
23:00:43.0770 0716 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:00:43.0780 0716 Fastfat - ok
23:00:43.0830 0716 [ 952BA92FBDDFCDF3EB714EC67F9315A2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:00:43.0830 0716 FastUserSwitchingCompatibility - ok
23:00:43.0850 0716 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:00:43.0850 0716 Fdc - ok
23:00:43.0890 0716 [ F0003EC4C35590AB6B6EAF8DC10A93BA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:00:43.0900 0716 Fips - ok
23:00:43.0950 0716 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:00:43.0950 0716 Flpydisk - ok
23:00:43.0980 0716 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:00:43.0990 0716 FltMgr - ok
23:00:44.0080 0716 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:00:44.0090 0716 FontCache3.0.0.0 - ok
23:00:44.0140 0716 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:00:44.0140 0716 Fs_Rec - ok
23:00:44.0160 0716 [ 97A671403A4554556859812B4D7CCAC4 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:00:44.0160 0716 Ftdisk - ok
23:00:44.0220 0716 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:00:44.0230 0716 Gpc - ok
23:00:44.0280 0716 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
23:00:44.0280 0716 hamachi - ok
23:00:44.0320 0716 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
23:00:44.0341 0716 HdAudAddService - ok
23:00:44.0371 0716 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:00:44.0381 0716 HDAudBus - ok
23:00:44.0461 0716 [ 38583F49862C1CD95F5F0430898744B2 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:00:44.0471 0716 helpsvc - ok
23:00:44.0521 0716 [ 76E19DC866F2AFF41812CF3DB1C5E4B4 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:00:44.0531 0716 HidServ - ok
23:00:44.0581 0716 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:00:44.0581 0716 hidusb - ok
23:00:44.0641 0716 [ B214E053798BD806B6FE8C513BE85A94 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:00:44.0651 0716 hkmsvc - ok
23:00:44.0651 0716 hpn - ok
23:00:44.0711 0716 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:00:44.0721 0716 HTTP - ok
23:00:44.0771 0716 [ 6CF2DFEB51DA479CEBBDA1A42DE328E9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:00:44.0771 0716 HTTPFilter - ok
23:00:44.0841 0716 [ 20330198554B7DDB44403AF21D6AE179 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:00:44.0841 0716 hwdatacard - ok
23:00:44.0861 0716 i2omgmt - ok
23:00:44.0871 0716 i2omp - ok
23:00:44.0901 0716 [ 8D505BBFB10089D7C60346A6E179547C ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:00:44.0911 0716 i8042prt - ok
23:00:45.0032 0716 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:00:45.0062 0716 idsvc - ok
23:00:45.0102 0716 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:00:45.0112 0716 Imapi - ok
23:00:45.0192 0716 [ 81D474A8AAA850C7A6E6D1630DD489AE ] ImapiService C:\WINDOWS\system32\imapi.exe
23:00:45.0192 0716 ImapiService - ok
23:00:45.0212 0716 ini910u - ok
23:00:45.0292 0716 [ 4D7465745DBB8742C7EE55C007DDDB7C ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
23:00:45.0312 0716 Inspect - ok
23:00:45.0562 0716 [ 8E7D41D71D4E174F96D0BE45F6B9E2CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:00:45.0652 0716 IntcAzAudAddService - ok
23:00:45.0662 0716 [ 1C7D3EEA86F33795CBBFDCE55CC08CA4 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:00:45.0672 0716 IntelIde - ok
23:00:45.0702 0716 [ 25A30E8D0EE51307E4E135B20F2CEAC7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:00:45.0702 0716 intelppm - ok
23:00:45.0733 0716 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:00:45.0743 0716 Ip6Fw - ok
23:00:45.0773 0716 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:00:45.0773 0716 IpFilterDriver - ok
23:00:45.0813 0716 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:00:45.0823 0716 IpInIp - ok
23:00:45.0853 0716 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:00:45.0853 0716 IpNat - ok
23:00:45.0883 0716 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:00:45.0883 0716 IPSec - ok
23:00:45.0903 0716 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:00:45.0913 0716 IRENUM - ok
23:00:45.0943 0716 [ 8331402D6FDC8716FC04881FB35DD3E3 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:00:45.0943 0716 isapnp - ok
23:00:46.0073 0716 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:00:46.0073 0716 JavaQuickStarterService - ok
23:00:46.0123 0716 [ 7C9A827DDEC6CFC7FCC7D3C6333DB8C3 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:00:46.0123 0716 Kbdclass - ok
23:00:46.0143 0716 [ 80D2928120936E07976A189048D1B6D5 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:00:46.0143 0716 kbdhid - ok
23:00:46.0163 0716 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:00:46.0163 0716 kmixer - ok
23:00:46.0233 0716 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:00:46.0233 0716 KSecDD - ok
23:00:46.0263 0716 [ D862B3D455C3DD469687978E91247840 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:00:46.0273 0716 lanmanserver - ok
23:00:46.0333 0716 [ 8F74F0F60F032E86A2A1ED8EF26A663B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:00:46.0333 0716 lanmanworkstation - ok
23:00:46.0393 0716 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
23:00:46.0393 0716 LBeepKE - ok
23:00:46.0393 0716 lbrtfdc - ok
23:00:46.0564 0716 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:00:46.0584 0716 LBTServ - ok
23:00:46.0624 0716 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:00:46.0624 0716 LHidFilt - ok
23:00:46.0644 0716 [ E9106CF1DA89F961E8C174030F7EA286 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:00:46.0644 0716 LmHosts - ok
23:00:46.0654 0716 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
23:00:46.0664 0716 LUsbFilt - ok
23:00:46.0714 0716 [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
23:00:46.0714 0716 massfilter - ok
23:00:46.0764 0716 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:00:46.0774 0716 MDM - ok
23:00:46.0794 0716 [ D7AF53A57778CB5307564414B19DD402 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:00:46.0804 0716 Messenger - ok
23:00:46.0854 0716 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:00:46.0854 0716 mnmdd - ok
23:00:46.0894 0716 [ 70CDAA28F6173BEE4929203EEB7ED58D ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:00:46.0894 0716 mnmsrvc - ok
23:00:46.0964 0716 [ E0BA1566270BC5AFA0D00027B66C46FF ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:00:46.0964 0716 Modem - ok
23:00:46.0974 0716 [ 053BA6F6C1EE4CDBF3B2AD55EA96CA3F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:00:46.0984 0716 Mouclass - ok
23:00:46.0994 0716 [ D1B11868BCEB4D822222CF2C86C09196 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:00:46.0994 0716 mouhid - ok
23:00:47.0004 0716 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:00:47.0014 0716 MountMgr - ok
23:00:47.0135 0716 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:00:47.0145 0716 MozillaMaintenance - ok
23:00:47.0145 0716 mraid35x - ok
23:00:47.0155 0716 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:00:47.0155 0716 MRxDAV - ok
23:00:47.0245 0716 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:00:47.0275 0716 MRxSmb - ok
23:00:47.0305 0716 [ 205655108B84B4890A909F4FD47A0706 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:00:47.0475 0716 MSDTC - ok
23:00:47.0565 0716 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:00:47.0575 0716 Msfs - ok
23:00:47.0595 0716 MSIServer - ok
23:00:47.0665 0716 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:00:47.0675 0716 MSKSSRV - ok
23:00:47.0705 0716 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:00:47.0715 0716 MSPCLOCK - ok
23:00:47.0725 0716 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:00:47.0735 0716 MSPQM - ok
23:00:47.0765 0716 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:00:47.0765 0716 mssmbios - ok
23:00:47.0806 0716 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:00:47.0826 0716 MSTEE - ok
23:00:47.0836 0716 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:00:47.0836 0716 Mup - ok
23:00:47.0916 0716 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:00:47.0926 0716 NABTSFEC - ok
23:00:47.0976 0716 [ ABED7EA0733C5956A992C11351320455 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:00:47.0976 0716 napagent - ok
23:00:48.0016 0716 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:00:48.0016 0716 NDIS - ok
23:00:48.0066 0716 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:00:48.0076 0716 NdisIP - ok
23:00:48.0116 0716 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:00:48.0116 0716 NdisTapi - ok
23:00:48.0136 0716 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:00:48.0146 0716 Ndisuio - ok
23:00:48.0166 0716 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:00:48.0176 0716 NdisWan - ok
23:00:48.0196 0716 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:00:48.0196 0716 NDProxy - ok
23:00:48.0216 0716 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:00:48.0216 0716 NetBIOS - ok
23:00:48.0256 0716 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:00:48.0266 0716 NetBT - ok
23:00:48.0316 0716 [ 240E632ED874A8F40D3099723D37C477 ] NetDDE C:\WINDOWS\system32\netdde.exe
23:00:48.0326 0716 NetDDE - ok
23:00:48.0326 0716 [ 240E632ED874A8F40D3099723D37C477 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:00:48.0336 0716 NetDDEdsdm - ok
23:00:48.0356 0716 [ F37B5C30EA09062DA4DFC2288560C485 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:00:48.0366 0716 Netlogon - ok
23:00:48.0416 0716 [ C1356692171443241694E1987DC19C2B ] Netman C:\WINDOWS\System32\netman.dll
23:00:48.0416 0716 Netman - ok
23:00:48.0466 0716 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:00:48.0476 0716 NetTcpPortSharing - ok
23:00:48.0507 0716 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:00:48.0507 0716 NIC1394 - ok
23:00:48.0587 0716 [ B0BEFD78B3816E6A49636A8B67C4F28F ] Nla C:\WINDOWS\System32\mswsock.dll
23:00:48.0587 0716 Nla - ok
23:00:48.0637 0716 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:00:48.0637 0716 Npfs - ok
23:00:48.0677 0716 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:00:48.0697 0716 Ntfs - ok
23:00:48.0707 0716 [ F37B5C30EA09062DA4DFC2288560C485 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:00:48.0707 0716 NtLmSsp - ok
23:00:48.0767 0716 [ 9869F673909A3004A3A8732B51303296 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:00:48.0777 0716 NtmsSvc - ok
23:00:48.0807 0716 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:00:48.0807 0716 Null - ok
23:00:48.0847 0716 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:00:48.0857 0716 NwlnkFlt - ok
23:00:48.0867 0716 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:00:48.0867 0716 NwlnkFwd - ok
23:00:48.0907 0716 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
23:00:48.0907 0716 NwlnkIpx - ok
23:00:48.0927 0716 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
23:00:48.0937 0716 NwlnkNb - ok
23:00:48.0977 0716 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
23:00:48.0987 0716 NwlnkSpx - ok
23:00:49.0027 0716 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:00:49.0037 0716 ohci1394 - ok
23:00:49.0107 0716 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:00:49.0107 0716 ose - ok
23:00:49.0157 0716 [ 6598F08A1C4DE6492B7511A51ECDAF2E ] PAC207 C:\WINDOWS\system32\DRIVERS\pfc027.sys
23:00:49.0167 0716 PAC207 - ok
23:00:49.0218 0716 [ 99B680F4847B085D9B9ACD000B38B965 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:00:49.0218 0716 Parport - ok
23:00:49.0238 0716 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:00:49.0238 0716 PartMgr - ok
23:00:49.0288 0716 [ 4C8654DA30AD5904FA3357D4D9AE2B48 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:00:49.0288 0716 ParVdm - ok
23:00:49.0318 0716 [ DCB0E536286B17EE4E3072EB7B81F3B3 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:00:49.0328 0716 PCI - ok
23:00:49.0338 0716 PCIDump - ok
23:00:49.0388 0716 [ A381ED297F58BA5BFE1D0B89384561FE ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
23:00:49.0388 0716 PCIIde - ok
23:00:49.0458 0716 [ 9350AF4ED9EA927179AE068C2D3980C4 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:00:49.0468 0716 Pcmcia - ok
23:00:49.0478 0716 PDCOMP - ok
23:00:49.0488 0716 PDFRAME - ok
23:00:49.0498 0716 PDRELI - ok
23:00:49.0508 0716 PDRFRAME - ok
23:00:49.0518 0716 perc2 - ok
23:00:49.0528 0716 perc2hib - ok
23:00:49.0578 0716 [ 782EE83D0F77F497ECF0A07DA1C3589F ] PlugPlay C:\WINDOWS\system32\services.exe
23:00:49.0578 0716 PlugPlay - ok
23:00:49.0598 0716 [ F37B5C30EA09062DA4DFC2288560C485 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:00:49.0598 0716 PolicyAgent - ok
23:00:49.0668 0716 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:00:49.0668 0716 PptpMiniport - ok
23:00:49.0678 0716 [ F37B5C30EA09062DA4DFC2288560C485 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:00:49.0688 0716 ProtectedStorage - ok
23:00:49.0708 0716 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:00:49.0718 0716 PSched - ok
23:00:49.0778 0716 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:00:49.0778 0716 Ptilink - ok
23:00:49.0818 0716 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:00:49.0818 0716 PxHelp20 - ok
23:00:49.0828 0716 ql1080 - ok
23:00:49.0838 0716 Ql10wnt - ok
23:00:49.0848 0716 ql12160 - ok
23:00:49.0858 0716 ql1240 - ok
23:00:49.0868 0716 ql1280 - ok
23:00:49.0909 0716 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:00:49.0909 0716 RasAcd - ok
23:00:49.0939 0716 [ BD44BEAB602CB156F3C8C990FE931B0C ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:00:49.0949 0716 RasAuto - ok
23:00:50.0009 0716 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:00:50.0009 0716 Rasl2tp - ok
23:00:50.0079 0716 [ 981CB057E6AFF8F8B4A599FB5AB69557 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:00:50.0089 0716 RasMan - ok
23:00:50.0129 0716 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:00:50.0139 0716 RasPppoe - ok
23:00:50.0149 0716 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:00:50.0149 0716 Raspti - ok
23:00:50.0159 0716 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:00:50.0169 0716 Rdbss - ok
23:00:50.0209 0716 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:00:50.0209 0716 RDPCDD - ok
23:00:50.0269 0716 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:00:50.0269 0716 rdpdr - ok
23:00:50.0329 0716 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:00:50.0339 0716 RDPWD - ok
23:00:50.0369 0716 [ 9DD93FFBCEA84CFAF4019C95BCFCC277 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:00:50.0379 0716 RDSessMgr - ok
23:00:50.0409 0716 [ C17A980E3F07E8EA6F61142511AB8196 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:00:50.0419 0716 redbook - ok
23:00:50.0459 0716 [ 6C3F43697E4E0D7325C681579001720A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:00:50.0469 0716 RemoteAccess - ok
23:00:50.0509 0716 [ A9BDABCC4C23F887153EC08122C86799 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:00:50.0519 0716 RemoteRegistry - ok
23:00:50.0559 0716 [ D978B60227D9F6FC5C6E3FB5097E85E1 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:00:50.0569 0716 RpcLocator - ok
23:00:50.0620 0716 [ 49CA71B047C7E3D84D7004B96A93AB28 ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:00:50.0630 0716 RpcSs - ok
23:00:50.0690 0716 [ B4AF6CBD893A01F1A49D70F101E70E88 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:00:50.0690 0716 RSVP - ok
23:00:50.0750 0716 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:00:50.0760 0716 RTL8023xp - ok
23:00:50.0800 0716 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:00:50.0800 0716 rtl8139 - ok
23:00:50.0830 0716 [ F37B5C30EA09062DA4DFC2288560C485 ] SamSs C:\WINDOWS\system32\lsass.exe
23:00:50.0840 0716 SamSs - ok
23:00:50.0870 0716 [ 4C6453708926E45DC84A3B5E7CE4D22B ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:00:50.0880 0716 SCardSvr - ok
23:00:50.0930 0716 [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
23:00:50.0930 0716 SCDEmu - ok
23:00:51.0010 0716 [ B83BF888D7E5C5F7EC89523EC8B726E6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:00:51.0020 0716 Schedule - ok
23:00:51.0080 0716 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:00:51.0090 0716 sdbus - ok
23:00:51.0150 0716 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:00:51.0160 0716 Secdrv - ok
23:00:51.0200 0716 [ A6100B21AE48E6E776620FD59936C3C1 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:00:51.0230 0716 seclogon - ok
23:00:51.0291 0716 [ F27276FEB25502AD6BF6E2D74E157181 ] SENS C:\WINDOWS\system32\sens.dll
23:00:51.0301 0716 SENS - ok
23:00:51.0371 0716 [ 44874DF5C7F1A379A82FDAF8F0F4CC57 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:00:51.0381 0716 Serial - ok
23:00:51.0451 0716 [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
23:00:51.0451 0716 sfdrv01 - ok
23:00:51.0461 0716 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
23:00:51.0471 0716 sfhlp02 - ok
23:00:51.0501 0716 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:00:51.0511 0716 Sfloppy - ok
23:00:51.0511 0716 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
23:00:51.0511 0716 sfsync02 - ok
23:00:51.0571 0716 [ 4A26A3FACA4B3B019A2BE42F4D4D8B2B ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:00:51.0571 0716 SharedAccess - ok
23:00:51.0611 0716 [ 952BA92FBDDFCDF3EB714EC67F9315A2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:00:51.0611 0716 ShellHWDetection - ok
23:00:51.0621 0716 Simbad - ok
23:00:51.0671 0716 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:00:51.0671 0716 SkypeUpdate - ok
23:00:51.0731 0716 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:00:51.0731 0716 SLIP - ok
23:00:51.0741 0716 Sparrow - ok
23:00:51.0781 0716 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:00:51.0781 0716 splitter - ok
23:00:51.0841 0716 [ 2BF7B80924AA48505ECC08D8F5E07866 ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:00:51.0841 0716 Spooler - ok
23:00:51.0911 0716 [ D390675B8CE45E5FB359338E5E649329 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
23:00:51.0911 0716 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
23:00:51.0911 0716 sptd ( LockedFile.Multi.Generic ) - warning
23:00:51.0911 0716 sptd - detected LockedFile.Multi.Generic (1)
23:00:51.0931 0716 [ 766CE6120A9D27D3ABABB138C4138AF9 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:00:51.0941 0716 sr - ok
23:00:52.0012 0716 [ 725293069C64665967F18A9458957250 ] srservice C:\WINDOWS\system32\srsvc.dll
23:00:52.0012 0716 srservice - ok
23:00:52.0072 0716 [ 3BB03F2BA89D2BE417206C373D2AF17C ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:00:52.0082 0716 Srv - ok
23:00:52.0142 0716 [ 60EC79D77FD6620FE2EA103764256EC4 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:00:52.0152 0716 SSDPSRV - ok
23:00:52.0202 0716 [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator C:\WINDOWS\System32\PAStiSvc.exe
23:00:52.0212 0716 STI Simulator - ok
23:00:52.0302 0716 [ CFFA355B7951A3806BB363C67D5510CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:00:52.0312 0716 stisvc - ok
23:00:52.0372 0716 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:00:52.0372 0716 streamip - ok
23:00:52.0422 0716 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:00:52.0432 0716 swenum - ok
23:00:52.0442 0716 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:00:52.0442 0716 swmidi - ok
23:00:52.0462 0716 SwPrv - ok
23:00:52.0472 0716 symc810 - ok
23:00:52.0482 0716 symc8xx - ok
23:00:52.0502 0716 sym_hi - ok
23:00:52.0512 0716 sym_u3 - ok
23:00:52.0592 0716 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:00:52.0602 0716 SynTP - ok
23:00:52.0612 0716 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:00:52.0612 0716 sysaudio - ok
23:00:52.0642 0716 [ 040620073707C2F77F230B1B537EEF97 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:00:52.0662 0716 SysmonLog - ok
23:00:52.0703 0716 [ DAD0B2F0AFA9C03F043848DB16696224 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:00:52.0713 0716 TapiSrv - ok
23:00:52.0783 0716 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:00:52.0793 0716 Tcpip - ok
23:00:52.0843 0716 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:00:52.0843 0716 TDPIPE - ok
23:00:52.0863 0716 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:00:52.0873 0716 TDTCP - ok
23:00:52.0913 0716 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:00:52.0913 0716 TermDD - ok
23:00:52.0963 0716 [ 95610769D9B59DCDAE9BC463C1C0962C ] TermService C:\WINDOWS\System32\termsrv.dll
23:00:52.0963 0716 TermService - ok
23:00:52.0983 0716 [ 952BA92FBDDFCDF3EB714EC67F9315A2 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:00:52.0993 0716 Themes - ok
23:00:53.0053 0716 [ 046EA1353DD599DAC9ABDCD13504B06C ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
23:00:53.0063 0716 tifm21 - ok
23:00:53.0113 0716 [ 93CF04CAA59A85BF3163DEB44A28F44E ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:00:53.0113 0716 TlntSvr - ok
23:00:53.0123 0716 TosIde - ok
23:00:53.0153 0716 [ 02A4096174745AD6E11AB5EC097EB8BB ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:00:53.0163 0716 TrkWks - ok
23:00:53.0203 0716 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:00:53.0213 0716 Udfs - ok
23:00:53.0213 0716 ultra - ok
23:00:53.0273 0716 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:00:53.0293 0716 Update - ok
23:00:53.0353 0716 [ B69B61C2219F5FE503E5333194CDC8A7 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:00:53.0374 0716 upnphost - ok
23:00:53.0394 0716 [ B13F0403FAB578C2280E80703797AD07 ] UPS C:\WINDOWS\System32\ups.exe
23:00:53.0404 0716 UPS - ok
23:00:53.0464 0716 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:00:53.0474 0716 usbccgp - ok
23:00:53.0514 0716 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:00:53.0514 0716 usbehci - ok
23:00:53.0584 0716 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:00:53.0584 0716 usbhub - ok
23:00:53.0614 0716 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:00:53.0624 0716 USBSTOR - ok
23:00:53.0664 0716 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:00:53.0664 0716 usbuhci - ok
23:00:53.0684 0716 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:00:53.0694 0716 VgaSave - ok
23:00:53.0694 0716 ViaIde - ok
23:00:53.0724 0716 [ 2A405A3E1D925B49E09369999854E853 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:00:53.0724 0716 VolSnap - ok
23:00:53.0794 0716 [ EE0393DBF85980500A1F7774E1C81F6D ] VSS C:\WINDOWS\System32\vssvc.exe
23:00:53.0804 0716 VSS - ok
23:00:54.0024 0716 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
23:00:54.0125 0716 w29n51 - ok
23:00:54.0165 0716 [ 2D1385433AB3F76F324023FAFCD8A711 ] W32Time C:\WINDOWS\system32\w32time.dll
23:00:54.0175 0716 W32Time - ok
23:00:54.0235 0716 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:00:54.0245 0716 Wanarp - ok
23:00:54.0345 0716 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:00:54.0345 0716 Wdf01000 - ok
23:00:54.0365 0716 WDICA - ok
23:00:54.0385 0716 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:00:54.0385 0716 wdmaud - ok
23:00:54.0455 0716 [ AEECAAAC59CDD24DDE0D5C0164250D96 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:00:54.0465 0716 WebClient - ok
23:00:54.0575 0716 [ F2424C8EB744E9AEF66F3691E82FC6DD ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:00:54.0575 0716 winmgmt - ok
23:00:54.0645 0716 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:00:54.0655 0716 WmdmPmSN - ok
23:00:54.0715 0716 [ CD5BAFF011B55090F624576E9740F5BC ] Wmi C:\WINDOWS\System32\advapi32.dll
23:00:54.0725 0716 Wmi - ok
23:00:54.0766 0716 [ 2A86994CBAB96D9D5F5E4CEE99E09EE0 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:00:54.0776 0716 WmiApSrv - ok
23:00:54.0896 0716 [ F97BFA16A420AFD1C74B6ECB28C3EBEC ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:00:54.0936 0716 WMPNetworkSvc - ok
23:00:54.0976 0716 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:00:54.0976 0716 WpdUsb - ok
23:00:55.0036 0716 [ AD3204B412F8DC6443363392D9DA3B26 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:00:55.0056 0716 wscsvc - ok
23:00:55.0126 0716 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:00:55.0136 0716 WSTCODEC - ok
23:00:55.0176 0716 [ 7E2A44A76F9724D4CC6A6198323EB475 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:00:55.0256 0716 wuauserv - ok
23:00:55.0336 0716 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:00:55.0336 0716 WudfPf - ok
23:00:55.0386 0716 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:00:55.0396 0716 WudfRd - ok
23:00:55.0446 0716 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:00:55.0446 0716 WudfSvc - ok
23:00:55.0547 0716 [ 229B9795979FD2F437AAB2D85030245E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:00:55.0547 0716 WZCSVC - ok
23:00:55.0587 0716 [ 9C76585F186648F69B2014C19030A571 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:00:55.0717 0716 xmlprov - ok
23:00:55.0727 0716 ================ Scan global ===============================
23:00:55.0797 0716 [ 1FDCDFA9B345635C6D06D37656F04E5F ] C:\WINDOWS\system32\basesrv.dll
23:00:55.0847 0716 [ FBD7B3B5C24FA1A92C15A5278F6BD8F6 ] C:\WINDOWS\system32\winsrv.dll
23:00:55.0867 0716 [ FBD7B3B5C24FA1A92C15A5278F6BD8F6 ] C:\WINDOWS\system32\winsrv.dll
23:00:55.0897 0716 [ 782EE83D0F77F497ECF0A07DA1C3589F ] C:\WINDOWS\system32\services.exe
23:00:55.0897 0716 [Global] - ok
23:00:55.0897 0716 ================ Scan MBR ==================================
23:00:55.0927 0716 [ 988ED281FD011A58DAB7E4AE71DED8F5 ] \Device\Harddisk0\DR0
23:00:56.0348 0716 \Device\Harddisk0\DR0 - ok
23:00:56.0358 0716 ================ Scan VBR ==================================
23:00:56.0358 0716 [ 2E23B1F8E6832A4AC2ECBD06B1F5B344 ] \Device\Harddisk0\DR0\Partition1
23:00:56.0358 0716 \Device\Harddisk0\DR0\Partition1 - ok
23:00:56.0398 0716 [ EBD4D5BD72D251F5F1E5DC978C7DA43F ] \Device\Harddisk0\DR0\Partition2
23:00:56.0398 0716 \Device\Harddisk0\DR0\Partition2 - ok
23:00:56.0408 0716 ============================================================
23:00:56.0408 0716 Scan finished
23:00:56.0408 0716 ============================================================
23:00:56.0428 0684 Detected object count: 1
23:00:56.0428 0684 Actual detected object count: 1
23:03:14.0476 0684 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:03:14.0476 0684 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:06:10.0249 1880 Deinitialize success

ozgur1318
2013-01-16, 23:41
Otl log:

OTL logfile created on: 1/16/2013 23:08:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mask\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,72% Memory free
3,35 Gb Paging File | 2,83 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45,22 Gb Total Space | 5,44 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,36 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive L: | 638,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 587,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 658,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive S: | 3,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MATRIX | User Name: mask | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mask\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\KUR YAZILIM\Sayisal Saat\Saat.exe (KUR YAZILIM)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll ()
MOD - C:\WINDOWS\system32\PAStiSvc.exe ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (afs4ckg1) -- File not found
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (MBB Incorporated)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.as-ya.com/arabul.html
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BCCA24B5-B0E3-42E5-8F94-77102400A4A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://go.navige.com/"
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/30 01:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 11:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 11:00:45 | 000,000,000 | ---D | M]

[2009/03/28 20:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Extensions
[2013/01/05 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions
[2013/01/05 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\trash
[2012/02/01 19:31:36 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/01/05 20:38:49 | 000,220,411 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/24 00:50:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/30 22:33:15 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/11 11:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/11 11:00:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/11 11:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 11:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/30 01:37:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/11 11:01:00 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/30 01:37:14 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 15:01:10 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/05 09:09:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012/12/05 09:09:42 | 000,002,702 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-tr.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={BCCA24B5-B0E3-42E5-8F94-77102400A4A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/01/07 03:23:25 | 000,446,353 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 209.85.229.99 www.youtube.com
O1 - Hosts: 209.85.229.99 youtube.com
O1 - Hosts: 74.125.43.103 docs.google.com
O1 - Hosts: 74.125.43.103 translate.google.com
O1 - Hosts: 74.125.43.103 code.google.com
O1 - Hosts: 74.125.43.103 pages.google.com
O1 - Hosts: 74.125.43.103 video.google.com
O1 - Hosts: 74.125.43.103 translate.google.com.tr
O1 - Hosts: 74.125.43.103 docs.google.com
O1 - Hosts: 74.125.43.103 sites.google.com
O1 - Hosts: 74.125.43.103 books.google.com
O1 - Hosts: 74.125.43.103 chrome.google.com
O1 - Hosts: 74.125.43.103 sketchup.google.com
O1 - Hosts: 74.125.43.103 froogle.google.com
O1 - Hosts: 74.125.43.103 labs.google.com
O1 - Hosts: 74.125.43.103 mars.google.com
O1 - Hosts: 74.125.43.103 moon.google.com
O1 - Hosts: 74.125.43.103 notebook.google.com
O1 - Hosts: 74.125.43.103 toolbar.google.com
O1 - Hosts: 74.125.43.103 browsersync.google.com
O1 - Hosts: 74.125.43.103 catalog.google.com
O1 - Hosts: 74.125.43.103 codesearch.google.com
O1 - Hosts: 74.125.43.103 dir.google.com
O1 - Hosts: 74.125.43.103 earth.google.com
O1 - Hosts: 15355 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alarmli Sayisal Saat 2.11] C:\Program Files\KUR YAZILIM\Sayisal Saat\Saat.exe (KUR YAZILIM)
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003..\Run: [Facebook Update] "C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - Startup: C:\Documents and Settings\mask\Start Menu\Programlar\Başlangıç\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} https://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BD6F888-C2DD-4C6E-AEB1-35239B12252E}: NameServer = 4.2.2.1,4.2.2.2,4.2.2.2,4.4.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FB36C43-0510-4F28-93F7-CD4919229FF2}: NameServer = 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.4
O18 - Protocol\Handler\ebk {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\mask\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mask\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/28 18:47:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - L:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/07/06 19:04:48 | 000,000,135 | R--- | M] () - L:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - M:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/09/24 18:34:44 | 000,000,135 | R--- | M] () - M:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/09/25 13:08:44 | 001,572,864 | R--- | M] () - N:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/09/25 13:08:44 | 000,000,135 | R--- | M] () - N:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/10/13 23:23:46 | 000,045,056 | R--- | M] () - S:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/13 23:19:48 | 000,000,146 | R--- | M] () - S:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{229b97b2-2a0b-11de-94ef-00c09fdb5f2c}\Shell\AutoRun\command - "" = em8tqm.cmd
O33 - MountPoints2\{229b97b2-2a0b-11de-94ef-00c09fdb5f2c}\Shell\open\Command - "" = em8tqm.cmd
O33 - MountPoints2\{503c9ae0-a1b3-11e0-95d3-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{503c9ae0-a1b3-11e0-95d3-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\AutoRun.exe
O33 - MountPoints2\{503c9ae2-a1b3-11e0-95d3-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{503c9ae2-a1b3-11e0-95d3-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\AutoRun.exe
O33 - MountPoints2\{b8733713-26d4-11e2-9623-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{b8733713-26d4-11e2-9623-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\Autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AUTORUN.EXE -- [2000/09/20 19:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\L\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AUTORUN.EXE -- [2000/09/20 19:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\M\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Autorun.exe -- [2001/09/25 13:08:44 | 001,572,864 | R--- | M] ()
O33 - MountPoints2\N\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\Autorun.exe -- [2005/10/13 23:23:46 | 000,045,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 22:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mask\Desktop\OTL.exe
[2013/01/16 22:42:36 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mask\Desktop\tdsskiller.exe
[2013/01/16 21:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mask\Belgelerim\GTA San Andreas User Files
[2013/01/16 21:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013/01/16 21:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Rockstar Games
[2013/01/11 11:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/07 01:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mask\Desktop\bakım
[2012/12/25 17:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Superstar
[2012/12/25 17:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Superstar
[2012/12/25 13:37:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/16 22:56:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1957994488-2147049779-1003.job
[2013/01/16 22:55:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1957994488-2147049779-1003.job
[2013/01/16 22:55:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/16 22:51:49 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_mask.job
[2013/01/16 22:51:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 22:51:19 | 2145,505,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 22:47:31 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yedek C masaütüsnden.lnk
[2013/01/16 22:44:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mask\Desktop\OTL.exe
[2013/01/16 22:42:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/16 22:42:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mask\Desktop\tdsskiller.exe
[2013/01/16 22:12:49 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol pskyatrı adhd and osho.lnk
[2013/01/16 22:11:52 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yol.lnk
[2013/01/16 22:11:50 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Turnuvalar.lnk
[2013/01/16 21:21:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1957994488-2147049779-1003UA.job
[2013/01/16 11:20:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/16 03:21:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1957994488-2147049779-1003Core.job
[2013/01/15 17:48:11 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_mask.job
[2013/01/15 17:48:11 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_mask.job
[2013/01/14 15:00:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\ChssBase.ini
[2013/01/07 03:23:25 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/07 02:47:05 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-032325.backup
[2013/01/07 02:31:25 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/07 02:31:25 | 000,428,638 | ---- | M] () -- C:\WINDOWS\System32\perfh01F.dat
[2013/01/07 02:31:25 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc01F.dat
[2013/01/07 02:31:25 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/07 01:50:23 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-024705.backup
[2013/01/07 01:41:03 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-015023.backup
[2013/01/07 01:38:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\MBR.dat
[2013/01/05 16:56:45 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-014102.backup
[2013/01/05 15:36:22 | 000,446,249 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130105-165645.backup
[2012/12/31 00:32:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/31 00:32:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/27 01:35:06 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Timers.lnk
[2012/12/26 02:51:20 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\mask\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol CBase9.lnk
[2012/12/25 03:20:54 | 000,446,249 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130105-153622.backup
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/16 22:47:31 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yedek C masaütüsnden.lnk
[2013/01/16 22:12:49 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol pskyatrı adhd and osho.lnk
[2013/01/16 22:11:52 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yol.lnk
[2013/01/16 22:11:50 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Turnuvalar.lnk
[2013/01/07 01:38:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\MBR.dat
[2012/12/27 01:35:06 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Timers.lnk
[2012/12/26 02:51:20 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\mask\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol CBase9.lnk
[2012/12/22 04:46:02 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_mask.job
[2012/12/22 04:46:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_mask.job
[2012/12/22 04:46:01 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_mask.job
[2012/11/12 16:30:22 | 000,000,132 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2012/07/21 09:38:08 | 000,000,020 | ---- | C] () -- C:\WINDOWS\level.ini
[2012/05/22 12:12:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/20 02:50:45 | 000,000,507 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/09/07 00:15:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AGS_SQLite.dll
[2011/05/13 17:23:18 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\ebkp.dll
[2011/03/18 23:14:00 | 000,295,424 | ---- | C] () -- C:\WINDOWS\unin0411.exe
[2009/03/30 23:51:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\mask\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/28 19:21:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mask\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2009/03/28 19:09:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 18:00:24 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:52:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 18:00:27 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

------------------------------------------------------

OTL Extras logfile created on: 1/16/2013 23:08:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mask\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,72% Memory free
3,35 Gb Paging File | 2,83 Gb Available in Paging File | 84,58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45,22 Gb Total Space | 5,44 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,36 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive L: | 638,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 587,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 658,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive S: | 3,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MATRIX | User Name: mask | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57635:TCP" = 57635:TCP:*:Enabled:Pando Media Booster
"57635:UDP" = 57635:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6908:TCP" = 6908:TCP:*:Enabled:League of Legends Launcher
"6908:UDP" = 6908:UDP:*:Enabled:League of Legends Launcher
"6978:TCP" = 6978:TCP:*:Enabled:League of Legends Launcher
"6978:UDP" = 6978:UDP:*:Enabled:League of Legends Launcher
"6966:TCP" = 6966:TCP:*:Enabled:League of Legends Launcher
"6966:UDP" = 6966:UDP:*:Enabled:League of Legends Launcher
"6887:TCP" = 6887:TCP:*:Enabled:League of Legends Launcher
"6887:UDP" = 6887:UDP:*:Enabled:League of Legends Launcher
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"6943:TCP" = 6943:TCP:*:Enabled:League of Legends Launcher
"6943:UDP" = 6943:UDP:*:Enabled:League of Legends Launcher
"6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher
"6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher
"6895:TCP" = 6895:TCP:*:Enabled:League of Legends Launcher
"6895:UDP" = 6895:UDP:*:Enabled:League of Legends Launcher
"57635:TCP" = 57635:TCP:*:Enabled:Pando Media Booster
"57635:UDP" = 57635:UDP:*:Enabled:Pando Media Booster
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
"6993:TCP" = 6993:TCP:*:Enabled:League of Legends Launcher
"6993:UDP" = 6993:UDP:*:Enabled:League of Legends Launcher
"6974:TCP" = 6974:TCP:*:Enabled:League of Legends Launcher
"6974:UDP" = 6974:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)
"C:\Program Files\League of Legends\Air\LolClient.exe" = C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Program Files\League of Legends\Game\League of Legends.exe" = C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\League of Legends\League Of Legends\air\LolClient.exe" = C:\Program Files\League of Legends\League Of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Program Files\League of Legends\League Of Legends\game\League of Legends.exe" = C:\Program Files\League of Legends\League Of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2B7BC7C5-CE5F-373A-A1E7-37A5B909D933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - TRK
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C941f-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = TIxx21
"{42E25176-3F0C-4466-BEF2-8B3633FE1835}" = Turkcell 3G VINN
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5709AA0A-FEAC-11D7-A675-AB5A481BAC79}" = USB Vibration Joystick
"{5F18FDF7-D061-403E-95F9-2FFC39DE8ECD}" = PC CHIPS USB Camera
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{749A90DA-425F-4191-AFE4-7D1FA5EBAED1}_is1" = Chess Eye
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CAF9762-B107-4E7B-A459-68F083298C58}" = Rybka 4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{ACFD4C9A-931B-3CAB-9F72-78FDE810F394}" = Microsoft .NET Framework 3.5 Language Pack SP1 - trk
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18F4235-BF97-4284-8318-7EFF20B0D07B}" = ATI Catalyst Control Center
"{C5DCB7E0-2ECB-4341-AAF7-424A4DBCEC9C}_is1" = makat v3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E1674673-0F0D-3D81-B2A0-9842A986C1D6}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - TRK
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9683839-1A7F-4874-91B7-64CDF4AC4679}" = Rybka 4
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Chess School" = Advanced Chess School
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Alarmli Sayisal Saat 2.11" = Alarmlı Sayısal Saat Kaldır
"All ATI Software" = ATI - Yazılım Kaldır Yardımcı Programı
"ATI Display Driver" = ATI Display Driver
"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3
"avast!" = avast! Antivirus
"Başlangıç Düzey Satranç Okulu" = Başlangıç Düzey Satranç Okulu
"Bookup 2000 Express_is1" = Bookup 2000 Express build 29
"BrainWave Generator" = BrainWave Generator
"BSPlayerp" = BS.Player PRO
"CBReader " = CBReader
"Chess Assistant 7.1 Light" = Chess Assistant 7.1 Light
"Chess Opening Trainer" = Chess Opening Trainer 1.1
"Chess Vision Trainer" = Chess Vision Trainer 3.0
"Chessmaster Challenge_is1" = Chessmaster Challenge
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"Dasher" = Dasher
"DemonStarDeinstKey" = DemonStar
"Dracula Virüs Temizleyici 2010" = Dracula Virüs Temizleyici 2010
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FinalAlert 2 Yuri's Revenge" = FinalAlert 2 Yuri's Revenge
"FlashGet(JetCar)" = FlashGet(JetCar)
"GOM Player" = GOM Player
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IGZones_is1" = IGZ Lobby System
"İleri Düzey Satranç Okulu" = İleri Düzey Satranç Okulu
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{5F18FDF7-D061-403E-95F9-2FFC39DE8ECD}" = PC CHIPS USB Camera
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"Kasparov Chessmate_is1" = Kasparov Chessmate
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Basic)
"Magic The Gathering - Duels of the Planeswalkers 2012_is1" = Magic The Gathering - Duels of the Planeswalkers 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mate Studies" = Mate Studies
"MeHeR OYUNSOFT" = MeHeR OYUNSOFT
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - trk" = Microsoft .NET Framework 3.5 Dil Paketi SP1 - trk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0 (x86 tr)" = Mozilla Firefox 18.0 (x86 tr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 12.00.1467" = Opera 12.00
"Personal Chess Trainer" = Personal Chess Trainer 2.00.29
"PlayChess" = PlayChess
"PowerISO" = PowerISO
"Product_Name" = Siber Loto
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"Red Alert 2" = Command & Conquer Red Alert 2
"Risk WarZone Client" = Risk WarZone Client
"RomStation" = RomStation
"ScummVM_is1" = ScummVM 1.0.0
"sp6" = Logitech SetPoint 6.32
"ST6UNST #1" = MateMaster 1.5
"STRATEGY 2.0" = STRATEGY 2.0
"Superstar" = Superstar
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Voobly_is1" = Voobly
"Warkeys" = Warkeys 1.13.1.0b
"WarZone Client v1.0.41" = WarZone Client v1.0.41
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge
"ZTE USB Driver" = ZTE USB Driver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
------------------------------------------------------
thanks
(btw i play chess and study on the "Torre attack" lately, it's great :).)

ozgur1318
2013-01-16, 23:45
and my freezing and slowing down problems still continues..even sometimes when i try to open a folder or file on my computer or desktop, it slows, freezes for a couple of seconds etc. and then opens it.
again, i am really glad u will able to help me :).

torreattack
2013-01-17, 16:35
Hi ozgur1318 :


btw i play chess and study on the "Torre attack" lately, it's great
Great opening, isn't it?


1. Policy Notification

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

As long as you have the P2P program(s) installed, per File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282), I can offer you no further assistance.

I strongly recommend that you uninstall:
uTorrent


However, that choice is up to you.
If you choose NOT to remove these programs...indicate that in your next reply.
If you choose to remove these programs, when finished...run another OTL scan and copy/paste the logs in your next reply.


2. MGADiag
Please download MGA Diagnostic Tool (http://go.microsoft.com/fwlink/?linkid=52012) and save it to your Desktop.
Doubl3e click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.


3. CKScanner
Please download CKScanner from Here (http://downloads.malwareremoval.com/CKScanner.exe)
Important: - Save it to your desktop.
Double click CKScanner.exe then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please Run the program only once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


thanks,
torreattack

torreattack
2013-01-20, 05:31
Hi ozgur1318 :

It has been 2 days since my last post to you.
Do you still need help with this problem?
Do you need more time?
Are you having problems understanding or following my instructions?

thanks,
torreattack

ozgur1318
2013-01-22, 17:00
i was out of my city and without internet conneciton and was busy :
i will send u as ssoon as i have time and yep i still have the problems and i will send u the logs soon thanks ..

ozgur1318
2013-01-22, 23:16
ok i did uninstalled utorrent . and then did an otl search i couldnt find the extras.txt on my desktop this time :s . i dont know why? and then i did the mgadiag and cksscanner .here is all the logs i have :
OTL logfile created on: 1/17/2013 23:50:01 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mask\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,02% Memory free
3,35 Gb Paging File | 2,65 Gb Available in Paging File | 79,20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45,22 Gb Total Space | 5,45 Gb Free Space | 12,06% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,36 Gb Free Space | 1,23% Space Free | Partition Type: NTFS
Drive L: | 638,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 587,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 658,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive S: | 3,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MATRIX | User Name: mask | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mask\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\GRETECH\GomPlayer\GOM.EXE (Gretech Corp.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\KUR YAZILIM\Sayisal Saat\Saat.exe (KUR YAZILIM)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax ()
MOD - C:\Program Files\K-Lite Codec Pack\ffdshow\ff_libmad.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GSFU.ax ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll ()
MOD - C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GVF.ax ()
MOD - C:\Program Files\GRETECH\GomPlayer\libavcodec.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GRFU.ax ()
MOD - C:\Program Files\GRETECH\GomPlayer\GomTVStrm.dll ()
MOD - C:\Program Files\GRETECH\GomPlayer\GAF.ax ()
MOD - C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_rg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_impex.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\System\timer.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_wire.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_disk.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\System\tagz.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files\Winamp\System\xml.w5s ()
MOD - C:\Program Files\Winamp\System\png.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_nowplaying.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files\Winamp\System\playlist.w5s ()
MOD - C:\Program Files\Winamp\Plugins\gen_dropbox.dll ()
MOD - C:\Program Files\Winamp\System\filereader.w5s ()
MOD - C:\Program Files\Winamp\Plugins\pmp_usb.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_dash.dll ()
MOD - C:\Program Files\Winamp\System\jpeg.w5s ()
MOD - C:\Program Files\Winamp\System\primo.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_transcode.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flac.dll ()
MOD - C:\Program Files\Winamp\System\bmp.w5s ()
MOD - C:\Program Files\Winamp\System\gif.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_orb.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_swf.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flv.dll ()
MOD - C:\Program Files\Winamp\System\gracenote.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_plg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_autotag.dll ()
MOD - C:\Program Files\Winamp\System\dlmgr.w5s ()
MOD - C:\Program Files\Winamp\tataki.dll ()
MOD - C:\Program Files\Winamp\nde.dll ()
MOD - C:\Program Files\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\PAStiSvc.exe ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (afs4ckg1) -- File not found
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (MBB Incorporated)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.as-ya.com/arabul.html
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BCCA24B5-B0E3-42E5-8F94-77102400A4A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B5f63a3f3-29e2-4b45-8a55-64870a31e66d%7D&mid=d51cb7009a0f47d0b5b4d189d93fb6df-10cafb425e3ac088a8e2cec640d05209b4f76c18&ds=gm011&v=11.1.0.7&lang=tr&pr=sa&d=2012-05-22%2012%3A59%3A15&sap=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://go.navige.com/"
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/30 01:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 11:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 11:00:45 | 000,000,000 | ---D | M]

[2009/03/28 20:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Extensions
[2013/01/05 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions
[2013/01/05 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\trash
[2012/02/01 19:31:36 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/01/05 20:38:49 | 000,220,411 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/24 00:50:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/30 22:33:15 | 000,199,396 | ---- | M] () (No name found) -- C:\Documents and Settings\mask\Application Data\Mozilla\Firefox\Profiles\qstv0i50.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/11 11:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/11 11:00:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/11 11:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 11:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/30 01:37:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/01/11 11:01:00 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/30 01:37:14 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 15:01:10 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/05 09:09:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012/12/05 09:09:42 | 000,002,702 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-tr.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={BCCA24B5-B0E3-42E5-8F94-77102400A4A9}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/01/07 03:23:25 | 000,446,353 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 209.85.229.99 www.youtube.com
O1 - Hosts: 209.85.229.99 youtube.com
O1 - Hosts: 74.125.43.103 docs.google.com
O1 - Hosts: 74.125.43.103 translate.google.com
O1 - Hosts: 74.125.43.103 code.google.com
O1 - Hosts: 74.125.43.103 pages.google.com
O1 - Hosts: 74.125.43.103 video.google.com
O1 - Hosts: 74.125.43.103 translate.google.com.tr
O1 - Hosts: 74.125.43.103 docs.google.com
O1 - Hosts: 74.125.43.103 sites.google.com
O1 - Hosts: 74.125.43.103 books.google.com
O1 - Hosts: 74.125.43.103 chrome.google.com
O1 - Hosts: 74.125.43.103 sketchup.google.com
O1 - Hosts: 74.125.43.103 froogle.google.com
O1 - Hosts: 74.125.43.103 labs.google.com
O1 - Hosts: 74.125.43.103 mars.google.com
O1 - Hosts: 74.125.43.103 moon.google.com
O1 - Hosts: 74.125.43.103 notebook.google.com
O1 - Hosts: 74.125.43.103 toolbar.google.com
O1 - Hosts: 74.125.43.103 browsersync.google.com
O1 - Hosts: 74.125.43.103 catalog.google.com
O1 - Hosts: 74.125.43.103 codesearch.google.com
O1 - Hosts: 74.125.43.103 dir.google.com
O1 - Hosts: 74.125.43.103 earth.google.com
O1 - Hosts: 15355 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alarmli Sayisal Saat 2.11] C:\Program Files\KUR YAZILIM\Sayisal Saat\Saat.exe (KUR YAZILIM)
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003..\Run: [Facebook Update] "C:\Documents and Settings\mask\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - Startup: C:\Documents and Settings\mask\Start Menu\Programlar\Başlangıç\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1957994488-2147049779-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (Amaze Soft)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} https://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BD6F888-C2DD-4C6E-AEB1-35239B12252E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BD6F888-C2DD-4C6E-AEB1-35239B12252E}: NameServer = 4.2.2.1,4.2.2.2,4.2.2.2,4.4.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FB36C43-0510-4F28-93F7-CD4919229FF2}: NameServer = 8.8.8.8,8.8.4.4,8.8.8.8,8.8.8.4
O18 - Protocol\Handler\ebk {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Geçerli Giriş Sayfam) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\mask\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mask\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/28 18:47:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - L:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/07/06 19:04:48 | 000,000,135 | R--- | M] () - L:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2000/09/20 19:55:56 | 000,827,392 | R--- | M] () - M:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/09/24 18:34:44 | 000,000,135 | R--- | M] () - M:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/09/25 13:08:44 | 001,572,864 | R--- | M] () - N:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/09/25 13:08:44 | 000,000,135 | R--- | M] () - N:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/10/13 23:23:46 | 000,045,056 | R--- | M] () - S:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/13 23:19:48 | 000,000,146 | R--- | M] () - S:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{229b97b2-2a0b-11de-94ef-00c09fdb5f2c}\Shell\AutoRun\command - "" = em8tqm.cmd
O33 - MountPoints2\{229b97b2-2a0b-11de-94ef-00c09fdb5f2c}\Shell\open\Command - "" = em8tqm.cmd
O33 - MountPoints2\{503c9ae0-a1b3-11e0-95d3-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{503c9ae0-a1b3-11e0-95d3-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\AutoRun.exe
O33 - MountPoints2\{503c9ae2-a1b3-11e0-95d3-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{503c9ae2-a1b3-11e0-95d3-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\AutoRun.exe
O33 - MountPoints2\{b8733713-26d4-11e2-9623-00c09fdb5f2c}\Shell - "" = AutoRun
O33 - MountPoints2\{b8733713-26d4-11e2-9623-00c09fdb5f2c}\Shell\AutoRun\command - "" = T:\Autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AUTORUN.EXE -- [2000/09/20 19:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\L\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AUTORUN.EXE -- [2000/09/20 19:55:56 | 000,827,392 | R--- | M] ()
O33 - MountPoints2\M\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Autorun.exe -- [2001/09/25 13:08:44 | 001,572,864 | R--- | M] ()
O33 - MountPoints2\N\Shell\readit\command - "" = notepad readme.doc
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\Autorun.exe -- [2005/10/13 23:23:46 | 000,045,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 23:41:35 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\mask\Desktop\MGADiag.exe
[2013/01/16 22:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mask\Desktop\OTL.exe
[2013/01/16 22:42:36 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mask\Desktop\tdsskiller.exe
[2013/01/16 21:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mask\Belgelerim\GTA San Andreas User Files
[2013/01/16 21:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013/01/16 21:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Rockstar Games
[2013/01/11 11:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/07 01:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mask\Desktop\bakım
[2012/12/25 17:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Superstar
[2012/12/25 17:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Superstar
[2012/12/25 13:37:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 23:42:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/17 23:41:55 | 000,681,984 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\CKScanner.exe
[2013/01/17 23:41:37 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\mask\Desktop\MGADiag.exe
[2013/01/17 12:21:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1957994488-2147049779-1003UA.job
[2013/01/17 03:21:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1343024091-1957994488-2147049779-1003Core.job
[2013/01/16 22:56:40 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1957994488-2147049779-1003.job
[2013/01/16 22:55:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1957994488-2147049779-1003.job
[2013/01/16 22:55:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/16 22:51:49 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_mask.job
[2013/01/16 22:51:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 22:51:19 | 2145,505,280 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 22:47:31 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yedek C masaütüsnden.lnk
[2013/01/16 22:44:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mask\Desktop\OTL.exe
[2013/01/16 22:42:38 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mask\Desktop\tdsskiller.exe
[2013/01/16 22:12:49 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol pskyatrı adhd and osho.lnk
[2013/01/16 22:11:52 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yol.lnk
[2013/01/16 22:11:50 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Turnuvalar.lnk
[2013/01/16 11:20:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/15 17:48:11 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_mask.job
[2013/01/15 17:48:11 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_mask.job
[2013/01/14 15:00:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\ChssBase.ini
[2013/01/07 03:23:25 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/07 02:47:05 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-032325.backup
[2013/01/07 02:31:25 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/07 02:31:25 | 000,428,638 | ---- | M] () -- C:\WINDOWS\System32\perfh01F.dat
[2013/01/07 02:31:25 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc01F.dat
[2013/01/07 02:31:25 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/07 01:50:23 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-024705.backup
[2013/01/07 01:41:03 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-015023.backup
[2013/01/07 01:38:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\MBR.dat
[2013/01/05 16:56:45 | 000,446,353 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130107-014102.backup
[2013/01/05 15:36:22 | 000,446,249 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130105-165645.backup
[2012/12/31 00:32:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/31 00:32:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/27 01:35:06 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\mask\Desktop\Kısayol Timers.lnk
[2012/12/26 02:51:20 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\mask\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol CBase9.lnk
[2012/12/25 03:20:54 | 000,446,249 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130105-153622.backup
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 23:41:54 | 000,681,984 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\CKScanner.exe
[2013/01/16 22:47:31 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yedek C masaütüsnden.lnk
[2013/01/16 22:12:49 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol pskyatrı adhd and osho.lnk
[2013/01/16 22:11:52 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Yol.lnk
[2013/01/16 22:11:50 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Turnuvalar.lnk
[2013/01/07 01:38:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\MBR.dat
[2012/12/27 01:35:06 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\mask\Desktop\Kısayol Timers.lnk
[2012/12/26 02:51:20 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\mask\Application Data\Microsoft\Internet Explorer\Quick Launch\Kısayol CBase9.lnk
[2012/12/22 04:46:02 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_mask.job
[2012/12/22 04:46:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_mask.job
[2012/12/22 04:46:01 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_mask.job
[2012/11/12 16:30:22 | 000,000,132 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2012/07/21 09:38:08 | 000,000,020 | ---- | C] () -- C:\WINDOWS\level.ini
[2012/05/22 12:12:44 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/20 02:50:45 | 000,000,507 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/09/07 00:15:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AGS_SQLite.dll
[2011/05/13 17:23:18 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\ebkp.dll
[2011/03/18 23:14:00 | 000,295,424 | ---- | C] () -- C:\WINDOWS\unin0411.exe
[2009/03/30 23:51:03 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\mask\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/28 19:21:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mask\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2009/03/28 19:09:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 18:00:24 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:52:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 18:00:27 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
------------------------
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-Q7P48-WGW88-CD9X8
Windows Product Key Hash: GyPRhiI+v22KcoIaGftZLSKshCw=
Windows Product ID: 55896-640-1127996-23606
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {7BB1DE35-991C-4872-BD53-79798886CE62}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2efd_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Opera\Opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7BB1DE35-991C-4872-BD53-79798886CE62}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-CD9X8</PKey><PID>55896-640-1127996-23606</PID><PIDType>1</PIDType><SID>S-1-5-21-1343024091-1957994488-2147049779</SID><SYSTEM><Manufacturer>NEC Computers International </Manufacturer><Model>EASYNOTE PB37R00229</Model></SYSTEM><BIOS><Manufacturer>NEC Computers International </Manufacturer><Version>NOTE BIOS Version Q3A05 </Version><SMBIOSVersion major="2" minor="31"/><Date>20050930000000.000000+000</Date></BIOS><HWID>A6263F07018400F2</HWID><UserLCID>041F</UserLCID><SystemLCID>041F</SystemLCID><TimeZone>GTB Standart Saati(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>B4731799DF39D00</Val><Hash>TE2IkmLeZINNu18+rAJgSV4jzMk=</Hash><Pid>73931-640-1790864-57711</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFA0:NEC Corporation|14C0B:Packard Bell B.V|14C0B:Packard Bell B.V|1FFA0:Packard Bell B.V
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
---------------------------------------------------------------------

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\dosg\mk2\fx\skcrack1.u8
c:\dosg\mm2\micro2\il-crack.com
c:\dosg\starw\swchess\captures\crackle.dsf
c:\program files\activision\rome - total war\crack\rometw-alx.exe
c:\program files\activision\rome - total war\crack\rometw-bi.exe
c:\program files\activision\rome - total war\crack\rometw.exe
c:\program files\age of empires 2 & the conquerors expansion - full game - [hussey]\crack.zip
c:\program files\age of empires 2 & the conquerors expansion - full game - [hussey]\crack\empires2.exe
c:\program files\alcohol soft\alcohol 120\crack.exe
c:\program files\autorunremover\lz0\keygen.exe
c:\program files\ea games\command and conquer generals\crack\deviance.nfo
c:\program files\ea games\command and conquer generals\crack\game.dat
c:\program files\ea games\command and conquer generals\crack\generals.exe
c:\program files\ea games\command and conquer generals\crack\generals_code.exe
c:\program files\firefly studios\stronghold crusader\gm\cracks.gm1
c:\program files\rockstar games\gta san andreas\data\decision\craig\crack1.ped
c:\program files\sega\medieval ii total war\crack\medieval2.exe
c:\program files\sega\medieval ii total war\crack\sfx.dat
c:\westwood\ra2\(2-4)cracked.yrm
c:\westwood\ra2\(2-4)crackedint.yrm
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.ZZ.11.EINAKQ
----- EOF -----
---------------------------------------------
thanks

torreattack
2013-01-24, 10:19
Hi ozgur1318 :

Spybot Forum Policy Notification

Illegal Software Detected !
While researching your log it has come to my attention that the program you have installed:
- is possibly illegal
- is cracked

Please review the Spybot Forum Policy on "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

This forum does not support the use of Pirated or otherwise illegal software.

Updating your software is essential for good internet security. Without a valid license for your software you will not be able to update your software to patch it against the latest exploits.
Therefore you will be unable to secure your computer and are certain to get re-infected in a very short time.
Use of Pirated software is illegal, and were we to help a person who we know to be using such software, we would in the eyes of the law be aiding and abetting the crime.
There may be circumstances where a user is unaware that their Operating System (Windows) is illegal, that is unfortunate, however it does not change the position of this forum.


Sorry,
torreattack