Jump to content

atessu16

Honorary Members
  • Posts

    41
  • Joined

  • Last visited

Everything posted by atessu16

  1. I am really sorry for any inconvenience caused by me. My computer got broken and I bought a new one. I am really appreciated any ways. Thanks a lot and again sorry for stealing your time. Best regards,,
  2. I think I have a virus in my computer. It slowed down a lot for some reason. It says %100 CPU Usage. I can not even watch a video online because my computer lags(not the internet). I am really sorry for any inconvenience caused by me. Thanks in advance. I did dds and quick scan with malwarebytes. I put the results here: DDS results: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 11/15/2013 11:38:26 AMSystem Uptime: 2/5/2014 5:27:33 PM (2 hours ago).Motherboard: Acer | | Aspire 5810TProcessor: Genuine Intel® CPU U2700 @ 1.30GHz | CPU | 1300/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 426.041 GiB free.D: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP19: 12/7/2013 1:01:54 PM - Windows UpdateRP20: 12/11/2013 10:59:30 AM - Windows UpdateRP22: 12/12/2013 3:05:25 PM - Windows BackupRP23: 12/14/2013 10:11:04 PM - Windows UpdateRP24: 12/21/2013 10:39:41 PM - Windows BackupRP25: 12/21/2013 10:55:48 PM - Windows UpdateRP26: 12/22/2013 2:34:30 PM - Windows UpdateRP29: 12/23/2013 11:52:48 AM - Windows Modules InstallerRP30: 12/25/2013 6:56:57 PM - Windows UpdateRP31: 1/7/2014 11:17:55 AM - Windows UpdateRP33: 1/7/2014 11:35:46 AM - Installed Bradford Persistent AgentRP34: 1/7/2014 6:54:12 PM - Installed Bradford Persistent AgentRP36: 1/17/2014 10:54:26 AM - Windows UpdateRP37: 1/18/2014 3:02:06 PM - Windows UpdateRP39: 1/21/2014 3:59:44 PM - Windows UpdateRP42: 2/2/2014 11:21:28 PM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 12 ActiveXAdobe Reader X (10.1.4)avast! Free AntivirusBradford Persistent AgentEPSON WF-2540 Series Printer UninstallGoogle ChromeGoogle DriveGoogle Toolbar for Internet ExplorerGoogle Update HelperItibiti RTCK-Lite Codec Pack 7.0.0 (Standard)KnctrMalwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Norton Security ScanRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Yahoo Browser Settings.==== Event Viewer Messages From Past Week ========.2/5/2014 1:20:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.2/4/2014 7:33:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.2/3/2014 8:58:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.1/31/2014 2:36:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428Run by Owner at 19:17:51 on 2014-02-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1310 [GMT -5:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\splwow64.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [bncsaui.exe] C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 152.44.159.240 152.44.159.234TCP: Interfaces\{7B92CBD1-74BC-4801-8985-AE236239C0D0} : DHCPNameServer = 152.44.159.240 152.44.159.234TCP: Interfaces\{7B92CBD1-74BC-4801-8985-AE236239C0D0}\4416E69656C686F6573756 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{FF08CEFA-54B4-4D11-90A4-75D3913A9D20} : DHCPNameServer = 192.168.2.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-15 65776]R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-15 205320]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-15 1032416]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-15 409832]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-15 38984]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-15 84328]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-15 50344]R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2012-9-24 3082384]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-4 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-4 701512]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-4 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-23 111616]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-18 1255736]S4 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-12-2 151648].=============== Created Last 30 ================.2014-02-05 19:22:13 -------- d-----w- C:\ProgramData\McAfee Security Scan2014-02-05 19:22:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan2014-02-05 03:24:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes2014-02-05 03:24:45 -------- d-----w- C:\ProgramData\Malwarebytes2014-02-05 03:24:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-02-05 03:24:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-05 03:24:29 -------- d-----w- C:\Users\Owner\AppData\Local\Programs2014-02-05 03:11:58 -------- d-----w- C:\Windows\pss2014-02-04 17:48:07 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1F084C5-6BDD-4278-8C06-8FD3349896B0}\mpengine.dll2014-01-17 15:54:26 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-17 15:54:26 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-17 15:54:26 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-17 15:54:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-17 15:54:26 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-17 15:54:26 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-17 15:54:25 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-17 15:54:22 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-17 15:54:20 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2014-01-07 23:55:31 -------- d-----w- C:\ProgramData\Bradford Networks2014-01-07 23:55:25 -------- d-----w- C:\Program Files (x86)\Bradford Networks.==================== Find3M ====================.2014-02-05 18:22:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 18:22:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-15 20:47:21 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-11-15 20:47:21 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-11-15 20:47:21 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-11-15 20:47:21 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-11-15 20:47:19 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-11-15 20:47:18 43152 ----a-w- C:\Windows\avastSS.scr2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll.============= FINISH: 19:18:26.01 =============== MalwareBytes : Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.02.05.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Owner :: OWNER-PC [administrator] Protection: Enabled 2/4/2014 10:27:51 PMmbam-log-2014-02-04 (22-27-51).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 210574Time elapsed: 7 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Users\Owner\AppData\Local\SevereWeatherAlerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. Files Detected: 11C:\Users\Owner\Downloads\freeopener_1390.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\uninstall.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.C:\Users\Owner\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. (end)
  3. thanks a lot for your suggestions. I will do all of them. It all seems OK so far.
  4. I feel my pc is lil slower but I am not sure. Since I am not really sure about it, I will not bother you with that. Thank you very much for your help
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013 Ran by Ates at 2013-10-11 19:20:57 Run:1 Running from C:\Users\Ates\Desktop\Virus Boot Mode: Normal ============================================== Content of fixlist: ***************** Start DeleteQuarantine: End ***************** C:\FRST\Quarantine => Removed successfully. ==== End of Fixlog ====
  6. The internet connection problem is definitely fixed. Thanks a lot for helping me out with this issue.
  7. It might be fixed now. It has been like 30min non stop internet I will keep you updated. But I feel like the computer got lil slower. But I am not sure. I will keep you updated as soon as I am sure about what is going on.
  8. Same, iexplore -extoff worked for 20-30min and stopped working but I can Skype or use other internet access softwares.
  9. I have just checked it and yes, IE has the same problem as well.
  10. Well, I found a way to use my mouse and internet on Clean Boot. I disabled everything except microsoft products but there is something called samsung device configuration. I can not disable that one, If I disable it, the internet and my mouse will not work. I disabled everything else tho. Only Kaspersky(I can not disable it via msconfig) is running. I believe that the problem is still exists. It is so weird because I can not use Google Chrome or IE. It would act like I have no internet connection but I could keep Skyping with my friends.
  11. The Internet is comoletely gone after the clean boot. Also the Mouse does not work since I did it. I the mouse pad. What I have also figured out recently is that, the Internet actually works all the time. I can use Skype and other programs that require internet but I can not surf after being connected to Internet like 20 min. I need to disconnect and connect it to be able to surf another 20 min
  12. The same issue about the internet is still exists. I am going to attach a png files to show you the problem. Also I use the same wireless with different pc's and phones. They do not really have the same issue.Thanks a lot for your quick responds and help.
  13. I will let you know about the remaining issues as soon as I have any ideas about it, Thanks a lot for your help sir.
  14. Log from OTL : All processes killed========== OTL ==========Service gfibto stopped successfully!Service gfibto deleted successfully!C:\Windows\SysNative\drivers\gfibto.sys moved successfully.Service gfiark stopped successfully!Service gfiark deleted successfully!C:\Windows\SysNative\drivers\gfiark.sys moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\404 folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\myStuffDialogs folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js\resources folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully.C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully.Use Chrome's Settings page to change the HomePage.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\img\CVS folder moved successfully.C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\img folder moved successfully.C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\CVS folder moved successfully.C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0 folder moved successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{72cabc40-64b2-46ed-8648-26d831761150} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cabc40-64b2-46ed-8648-26d831761150}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.C:\Windows\SWREG.exe moved successfully.C:\Windows\SWSC.exe moved successfully.C:\Windows\NIRCMD.exe moved successfully.C:\Qoobox\Quarantine\Registry_backups folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates\AppData folder moved successfully.C:\Qoobox\Quarantine\C\Users\Ates folder moved successfully.C:\Qoobox\Quarantine\C\Users folder moved successfully.C:\Qoobox\Quarantine\C folder moved successfully.C:\Qoobox\Quarantine folder moved successfully.Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.C:\Qoobox folder moved successfully.C:\ProgramData\Ad-Aware Browsing Protection folder moved successfully.C:\Program Files (x86)\Toolbar Cleaner folder moved successfully.C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\History folder moved successfully.C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\Backups\09.16.2013,21-45-32 folder moved successfully.C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\Backups folder moved successfully.C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner folder moved successfully.C:\Users\Ates\AppData\Roaming\Lavasoft folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Lavasoft Registry Tuner folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft folder moved successfully.C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Styles folder moved successfully.C:\Program Files\Lavasoft\Lavasoft Registry Tuner folder moved successfully.C:\Program Files\Lavasoft folder moved successfully.File C:\windows\SysNative\drivers\gfiark.sys not found.C:\Users\Ates\AppData\Roaming\LavasoftStatistics folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T184451.614828PID1940 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T182627.630428PID1940 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T181038.020429PID2020 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T175830.020429PID1932 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T175511.330831PID936 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T162849.722264PID2356 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T154356.095232PID1952 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131007T054535.204432PID2040 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T212631.770828PID1944 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T080655.535921PID3616 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T080601.692828PID1956 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T072412.412027PID1940 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T070757.565432PID1296 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T070351.443228PID2008 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T065645.419832PID1680 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T064558.318427PID1652 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T054426.959627PID1284 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131005T230039.521228PID1360 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20131005T044404.051629PID1640 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200849.928427PID1352 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200248.663226PID1316 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200001.600826PID1352 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T195023.756826PID1116 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T194734.632026PID1312 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T194022.226425PID1312 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T193255.897227PID1400 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T191942.912827PID1352 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T095234.897227PID1312 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T092318.741226PID1444 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T084239.224827PID1480 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T070721.942428PID1480 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T063031.022027PID1312 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T021215.678826PID1388 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T020807.505628PID2096 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T002138.783232PID2120 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T184936.129629PID2084 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T080421.427628PID1644 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T063330.881627PID1352 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T052546.504029PID2080 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T040744.017834PID2260 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T034408.444826PID1448 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T033400.351226PID1432 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T031834.052844PID1724 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T030749.193627PID1312 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T025339.443228PID1288 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T183221.583628PID1364 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T124535.265234PID1004 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T003027.006427PID1280 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130927T184141.787644PID1088 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T062819.647626PID1360 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T061602.704855PID2176 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T044122.178027PID1356 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T191316.580431PID444 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T180640.739628PID1352 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T175932.022027PID892 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T103047.247441PID2340 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T073759.808768PID9688 folder moved successfully.C:\ProgramData\Ad-Aware Antivirus\Logs folder moved successfully.C:\ProgramData\Ad-Aware Antivirus folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\Rules folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\Quarantine folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\Logs folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\History folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\FW History folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\Events folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware\Downloads folder moved successfully.C:\ProgramData\Lavasoft\AntiMalware folder moved successfully.C:\ProgramData\Lavasoft folder moved successfully.C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully.C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully.C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar folder moved successfully.C:\Program Files (x86)\Lavasoft folder moved successfully.File C:\windows\SysNative\drivers\gfibto.sys not found.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T190632.406751PID3632 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184900.431937PID5916 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184900.333932PID424 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184504.636649PID3888 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184504.387049PID3240 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T182633.180636PID3516 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T182632.884236PID3596 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T175841.561248PID4236 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T175840.905846PID3728 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162852.001268PID3872 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162850.318465PID3020 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162314.834189PID3908 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162314.778186PID360 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T154401.690641PID3848 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T154401.349040PID3560 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131007T054545.003448PID3596 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131007T054544.582248PID2180 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T212638.037038PID1240 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T212637.491037PID1816 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T072418.843438PID1780 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T072418.297437PID1984 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070911.036759PID1840 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070910.178758PID4988 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070406.056252PID3916 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070405.479051PID1896 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065945.913221PID5132 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065807.458574PID2716 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065806.881373PID4640 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T064716.566964PID2804 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T064716.036563PID5196 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T061411.537175PID1968 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T061411.459175PID2536 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131005T231058.819649PID7036 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131005T231057.914848PID5976 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131001T094952.798667PID8164 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131001T094952.670659PID2244 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T201015.411775PID3904 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T201015.006175PID5940 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T192614.562314PID5468 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T192613.423512PID5320 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T095714.597791PID6900 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T095714.098591PID6760 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T084445.477495PID6164 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T084445.025094PID7016 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T071119.122044PID5792 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T071045.488384PID6384 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T064125.425336PID6420 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T064125.296329PID2296 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T035145.236216PID7688 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T023039.198894PID4720 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T023039.105889PID6876 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T190000.023947PID11556 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T061808.348120PID6424 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T061808.251114PID4352 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T055254.164529PID3012 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T055254.039729PID3960 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T040823.890702PID6072 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T040820.209096PID5632 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T033443.468500PID5092 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T033434.857285PID5728 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T032040.986415PID7204 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T032040.768014PID8168 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T183422.568336PID6892 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T183420.165932PID6300 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T124553.392466PID1572 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T124553.142866PID1544 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T093614.156201PID7496 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T093613.937801PID7684 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T072751.719887PID5792 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T072751.666884PID2372 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T003222.462228PID7080 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T003222.275028PID7048 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130927T200634.443762PID4520 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130927T200634.240962PID7772 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130924T201114.066548PID5572 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130924T201113.948541PID9476 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130922T190000.013932PID10100 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T063015.278228PID2344 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T063014.779028PID7164 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T061654.581146PID5724 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T061653.863545PID5696 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T060853.232887PID1268 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055727.670753PID9168 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055727.608352PID3116 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055657.135252PID4128 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055657.088452PID8348 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055629.627541PID1392 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055629.549540PID9456 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054216.140303PID9536 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054216.093502PID6156 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054203.669638PID4796 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054203.638438PID7904 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054138.015946PID7868 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054137.906746PID3936 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T044143.905664PID5984 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T044143.827664PID5928 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191554.745443PID1660 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191554.729843PID1716 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191343.662079PID1568 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191343.537279PID1540 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T180658.473658PID5524 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T180658.208457PID5472 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175959.089473PID5852 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175954.893866PID5132 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175602.552526PID6572 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175132.135975PID5784 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T174944.771834PID5712 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T174540.633871PID6808 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T103058.136259PID3580 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T103057.761859PID3692 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T073800.487807PID8352 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T073758.954720PID3312 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T064805.216488PID7716 folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.C:\Windows\0÷% moved successfully.File C:\windows\SysNative\drivers\gfibto.sys not found.C:\0 moved successfully.C:\Windows\PEV.exe moved successfully.C:\Windows\MBR.exe moved successfully.C:\Windows\sed.exe moved successfully.C:\Windows\grep.exe moved successfully.C:\Windows\zip.exe moved successfully.Folder C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\ not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Ates\Desktop\cmd.bat deleted successfully.C:\Users\Ates\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Ates->Temp folder emptied: 308736 bytes->Temporary Internet Files folder emptied: 393661 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 354483930 bytes->Flash cache emptied: 739 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56504 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 339,00 mb Restore point Set: OTL Restore PointC:\windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 10092013_191824 Files\Folders moved on Reboot...File\Folder C:\Qoobox\BackEnv not found!C:\Users\Ates\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Log from malwarebytes : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.10.09.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Ates :: ATES-PC [administrator] Protection: Enabled 09.10.2013 19:23:35mbam-log-2013-10-09 (19-23-35).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 203842Time elapsed: 3 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  15. It says post is too long for OTL.txt so I am going to attach that one. Extras.txt : OTL Extras logfile created on: 09.10.2013 14:53:48 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ates\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy 15,97 Gb Total Physical Memory | 13,64 Gb Available Physical Memory | 85,41% Memory free31,94 Gb Paging File | 29,61 Gb Available in Paging File | 92,70% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 676,54 Gb Total Space | 519,18 Gb Free Space | 76,74% Space Free | Partition Type: NTFSDrive D: | 698,64 Gb Total Space | 698,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Computer Name: ATES-PC | User Name: Ates | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]"DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{033AFA44-032C-422F-859C-C07870845F61}" = rport=445 | protocol=6 | dir=out | app=system | "{15E17B66-9423-45F8-8DC7-71745FB0C220}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{19755251-E772-42E8-A987-80CCC72B4F6C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1CBF440E-8E28-441F-8F52-B71C4D35C2B1}" = lport=445 | protocol=6 | dir=in | app=system | "{27F2E726-E6E6-4EF4-9CAA-C33A88597E08}" = rport=10243 | protocol=6 | dir=out | app=system | "{2BA7038D-FB0F-4DEB-9964-76F8914A338D}" = lport=10243 | protocol=6 | dir=in | app=system | "{313DB46F-F8AC-4018-AAF7-B002359BDF8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{33926353-37E6-44A0-BCFA-3431CAF10FF2}" = lport=139 | protocol=6 | dir=in | app=system | "{35B2AD63-0FEF-4B30-820A-906FC8CEBAC1}" = lport=137 | protocol=17 | dir=in | app=system | "{562D3548-1228-4453-9740-C81251AA1EF7}" = lport=138 | protocol=17 | dir=in | app=system | "{5C0E86F3-AC9A-408C-8F67-77DE1044C904}" = rport=139 | protocol=6 | dir=out | app=system | "{66A16CE5-3C76-46DA-A564-1A76C165F432}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78CF4BA5-1E95-44BE-8B79-5270F99AD729}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B7543AC-6BE3-48D4-96A0-BE574B8E679C}" = rport=137 | protocol=17 | dir=out | app=system | "{96A6DCD7-2178-42AC-ACBC-4A127FE250E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9A71FB99-B0D2-4704-AF2A-469D0FB0E227}" = lport=2869 | protocol=6 | dir=in | app=system | "{A1CE2871-64BC-4D67-AE24-206F8017A541}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BAC2BF6F-36E1-40CF-87F8-20FDC74C9107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7C81E25-E9BF-45E6-8FA2-F950028216E7}" = rport=138 | protocol=17 | dir=out | app=system | "{EBDF3AB5-299C-43A0-949C-5F90FF5C5121}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F3EAB034-3415-4A43-B7B7-78BDE6035764}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{073FE425-8520-43EA-B095-DCFF95394B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{095F6AC1-D5A6-4319-A7CF-AC6C226314A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0B902335-C244-401A-A44E-4EF6F34B8DCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0BFFBC92-8108-4559-91EE-3BC82CEB3935}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0CC5B7C7-F799-471B-80DE-73C3A1A03F8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0F19F32E-D5DB-4260-80E9-0FF1EE1FDE1B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1B8756CB-F17F-4CE9-8E1F-7E195A16D035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1D614D71-017F-4468-AD9D-304C4F68C763}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4e8c\hpdiagnosticcoreui.exe | "{1E1269F5-A3CC-476D-957C-288382717FC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{21FC977E-B623-4EC9-8151-80E6A7013A90}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs590c\hpdiagnosticcoreui.exe | "{2766C795-016C-4AD1-9A13-612DEBE8166F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{2A3F5291-591F-41E7-89C9-141A69C3EF06}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{2A7A1B6A-17B7-4852-B824-13987B8719D8}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe | "{2A88CAB1-BDE9-46FE-9E8E-B5B64B9BBDBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{32368C64-B743-496F-A025-69D5B4DC54E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3418FE7C-449D-4AA2-9886-7E79B3A4639C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{358AF7F2-3BEE-4618-8308-C8B57B3B0478}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{35E79F3F-9294-4326-9051-6C9A6A75E54D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{3A1A2242-D42D-4408-B8A0-90A183EDAFFA}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | "{419E2AC5-4507-4F86-921D-21726A1D9665}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{42E89487-1581-4A9B-919B-1AEC78464A86}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | "{43F51CE5-E1BF-4B1F-A652-C9329698F0A4}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4e8c\hpdiagnosticcoreui.exe | "{469B8720-EC9E-4466-BB41-2E2C2AFD2BBF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{48162F6C-6814-419A-890C-CD06E364BED7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{4D43436D-BE8B-42F8-9413-72FCD29F456F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{51126A91-EC8F-4303-B678-6B6EAA822611}" = dir=in | app=c:\users\ates\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{55B63DCA-1DFD-4592-B62C-F93BEC01C685}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{6904B65A-9CB6-40A8-A301-40E6AD2DFF82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{691AB4E3-AA22-44B2-89AE-D42B3FCA4696}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{6C5FA9C3-EA82-446A-A750-8FDACE81ADF3}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4bfb\hpdiagnosticcoreui.exe | "{71BA7480-EA28-4418-9A9B-2154C0020C15}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{73033334-47A1-4279-9533-0B265668DE60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75328866-CAE8-465B-8C96-2268D4F60D53}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{799E97E6-4AC5-4D7E-BB1A-65BF2B3DEB4A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{8C6B567F-C4E1-4632-9CE3-4E8BAF15A485}" = protocol=6 | dir=out | app=system | "{93136FD8-DA96-41CC-8242-27E84A538C3F}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4bfb\hpdiagnosticcoreui.exe | "{95150049-F247-421B-ACC4-3CAA53076A1F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{96BF76C4-9E3F-4287-92A8-B9CB1ACF5CF1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{99BFE48F-B04B-4563-8EA9-CB42758E4218}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A34829F7-2497-4692-ACE8-4645DF4199C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A64E749C-EE4A-4E6E-BA4E-A53824CEB675}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AA95936D-3F33-4683-80D4-CE377A14470E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC1AB9E5-8E1F-4BED-977E-B4B5AB88965A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AC52EBD5-E133-4644-9F08-D73B0466DBF7}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe | "{AF506B51-C3F4-430F-9FC3-86EA965F628C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{B65B10EB-902F-4CE4-A691-0213F11DD677}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{B702EE83-334C-48B1-A81B-A87977E2E16E}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs590c\hpdiagnosticcoreui.exe | "{BA15F9E0-7A82-4F13-88A3-94BB3C6F0FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{BA2E4F22-81A3-4B01-85B7-C1FDC757E157}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | "{BD706A9D-A01D-4156-8AA2-FA7F30B68415}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | "{C1B16655-5C88-4435-AF9F-25BC7B4D875B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA215392-B7F3-4BCD-A3A5-76FD127F4CC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D49B0CD6-B14A-4B26-8951-B1A83536C4C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DC120872-4902-4C95-BBF1-47049E769D0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{E0DEA635-FD82-4100-B19C-9ED084977879}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0EE962D-8634-4F48-A793-FE4FE622CF4F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | "{E304C3C5-E3ED-4122-B599-ABB5578B4D3B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E633861C-3F16-4546-A2F8-3047AB90EE95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{ECEFC0F7-74E8-491F-BF9F-011FD70D4C06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "TCP Query User{11B0D38A-BAC0-4D42-905C-DF9AB0FC7931}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "TCP Query User{218EE689-7893-4C2C-A3C8-0C381CF155F9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "UDP Query User{1B58425C-1693-42FE-83E6-6BD92293C7E0}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "UDP Query User{76CE5525-E5C5-45F1-A848-60CE2093A110}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{293CC68A-32BA-4BA4-84BD-0DCF6583566F}" = HP Deskjet 2510 series Basic Device Software"{2BB2B804-51EA-4F3C-8402-290FAD6ABD39}" = Lavasoft Registry Tuner"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed"{3AE88993-61F5-44D9-8286-EE7EE2F2EF4A}" = Creo Thumbnail Viewer 2.0"{4B3264AA-951A-4A6B-B837-125224261F12}" = HP Deskjet 2510 series Product Improvement Study"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.01"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.01"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software"{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache"AutoHotkey" = AutoHotkey 1.1.09.02"A-WIN-Extras 9.0.0 3824406_is1" = Mathematica Extras 9.0 (3824406)"CCleaner" = CCleaner"cFosSpeed" = cFosSpeed v5.00"Elantech" = ETDWare PS/2-X64 10.7.14.12_WHQL"HitmanPro37" = HitmanPro 3.7"Maple 16" = Maple 16"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"M-WIN-L 9.0.0 3825060_is1" = Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060)"Sandboxie" = Sandboxie 4.04 (64-bit)"WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.4.2"{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1" = WTFast 3.0 Beta 12"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide"{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}" = HP Deskjet 2510 series Help"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40"{287D1D31-F936-4848-8760-4446C689AAFF}" = ModeShift"{3C982C81-3DCB-41D4-A95F-34B2A4DF174D}" = PTC Quality Agent"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0"{FF3AE578-C715-4E32-A7D7-8F8258CB0E9A}" = Creo Platform 2.9"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Afterburner" = MSI Afterburner 2.2.5"AutoItv3" = AutoIt v3.3.8.1"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01"Bandicam" = Bandicam"BandiMPEG1" = Bandisoft MPEG-1 Decoder"Creative Element Power Tools" = Creative Element Power Tools"Creo Direct Version 2.0 Datecode [M010]" = Creo Direct Version 2.0 Datecode [M010]"Creo Layout Version 2.0 Datecode [M010]" = Creo Layout Version 2.0 Datecode [M010]"Creo Parametric Version 2.0 Datecode [M010]" = Creo Parametric Version 2.0 Datecode [M010]"Creo Simulate Version 2.0 Datecode [M010]" = Creo Simulate Version 2.0 Datecode [M010]"DAEMON Tools Lite" = DAEMON Tools Lite"File Properties Changer" = File Properties Changer"Game Console - WildGames" = WildTangent ORB Game Console"HP Photo Creations" = HP Photo Creations"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013"LaglessProxy" = LaglessProxy"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Maple 16" = Maple 16"NETGEAR Genie" = NETGEAR Genie"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"PasswordBox" = PasswordBox"Proxifier_is1" = Proxifier version 3.0"Razer Game Booster_is1" = Razer Game Booster"Revo Uninstaller" = Revo Uninstaller 1.95"TeamViewer 8" = TeamViewer 8"TechPowerUp GPU-Z" = TechPowerUp GPU-Z"TuneUp Utilities 2013" = TuneUp Utilities 2013"VLC media player" = VLC media player 2.0.3"WildTangent wildgames Master Uninstall" = WildTangent Games"Window Hide Tool_is1" = Window Hide Tool 2.0"WT085559" = Diner Dash 2 Restaurant Rescue"WT085567" = Chuzzle Deluxe"WT085580" = John Deere Drive Green"WT085581" = Penguins!"WT085583" = Polar Golfer"WT085587" = Agatha Christie - Death on the Nile"WT085597" = Build-a-lot"WT085618" = Farm Frenzy"WT085622" = Insaniquarium Deluxe"WT085663" = Peggle"WT085669" = Plants vs. Zombies"WT089285" = Zuma Deluxe"WT089286" = Bejeweled 2 Deluxe ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2118131730-1538694497-4234192510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"Smarttürk WebTV v0.05" = Smarttürk WebTV v0.05"SmarttürkWebTV-V0.06" = SmarttürkWebTV-V0.06"TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 09.10.2013 15:09:47 | Computer Name = Ates-PC | Source = WinMgmt | ID = 10Description = [ System Events ]Error - 09.10.2013 15:07:14 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7001Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error - 09.10.2013 15:08:05 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7023Description = The AMD External Events Utility .NET. service terminated with the following error: %%2 Error - 09.10.2013 15:08:14 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300Description = Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300Description = Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300Description = Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7001Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error - 09.10.2013 15:08:41 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300Description = Error - 09.10.2013 15:08:42 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300Description = Error - 09.10.2013 15:15:56 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 09.10.2013 15:18:17 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report > OTL.Txt
  16. Since i uninstalled adaware, the internet works for a while and then partially stops. It waits really long time and says resolving hosts or something. It sometimes opens the page after for a while and sometimes does not. When I disconnect and connect the internet, it starts working fine again. It all began right after I saw an warning message with WinPatrol. AmdInstaller something. I said reject and after like 10 minutes, my internet was gone. None of my antivirus programs could have found the virus. FSS.txt : Farbar Service Scanner Version: 13-09-2013Ran by Ates (administrator) on 09-10-2013 at 13:37:27Running from "C:\Users\Ates\Desktop\Virus"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0 System Restore:============ System Restore Disabled Policy: ======================== Action Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Windows Defender:============== Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Checkup.txt : Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2013 Java 7 Update 40 Adobe Flash Player 11.6.602.168 Adobe Reader XI Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  17. ComboFix.txt : ComboFix 13-10-09.01 - Ates 09.10.2013 12:11:08.4.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16355.13737 [GMT -7:00]Running from: c:\users\Ates\Desktop\Virus\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-09-09 to 2013-10-09 )))))))))))))))))))))))))))))))..2013-10-09 19:18 . 2013-10-09 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\users\Ates\AppData\Local\adawarebp2013-10-09 19:04 . 2013-10-09 19:08 -------- d-----w- c:\programdata\boost_interprocess2013-10-09 18:15 . 2013-10-09 18:15 -------- d-----w- C:\FRST2013-10-09 15:45 . 2013-10-09 15:45 -------- d-----w- c:\users\Ates\AppData\Roaming\Proxifier2013-10-09 15:44 . 2011-05-01 08:32 88816 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll2013-10-09 15:44 . 2011-05-01 08:32 73968 ----a-w- c:\windows\system32\PrxerDrv.dll2013-10-09 15:44 . 2011-05-01 08:32 67824 ----a-w- c:\windows\SysWow64\PrxerDrv.dll2013-10-09 15:44 . 2011-05-01 08:32 55024 ----a-w- c:\windows\system32\PrxerNsp.dll2013-10-09 15:44 . 2011-05-01 08:32 54000 ----a-w- c:\windows\SysWow64\PrxerNsp.dll2013-10-09 15:44 . 2011-05-01 08:32 100592 ----a-w- c:\windows\system32\ProxifierShellExt.dll2013-10-09 15:44 . 2013-10-09 15:44 -------- d-----w- c:\program files (x86)\Proxifier2013-10-08 03:43 . 2013-10-09 12:43 -------- d-----w- c:\program files (x86)\KO1002013-10-06 07:27 . 2013-02-01 14:39 72296 ----a-w- c:\windows\SysWow64\WTFastDrv.dll2013-10-06 07:27 . 2013-02-01 14:39 79464 ----a-w- c:\windows\system32\WTFastDrv.dll2013-10-06 07:27 . 2013-10-06 07:27 -------- d-----w- c:\program files (x86)\WTFast2013-09-30 08:20 . 2013-10-09 14:36 -------- d-----w- c:\program files (x86)\LaglessProxy2013-09-30 06:39 . 2013-09-30 06:39 -------- d-----w- c:\users\Ates\AppData\Roaming\WinPatrol2013-09-30 06:39 . 2013-09-30 06:39 -------- d-----w- c:\program files (x86)\BillP Studios2013-09-30 04:04 . 2013-09-30 04:05 -------- d-----w- c:\program files\CCleaner2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\programdata\Oracle2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\program files (x86)\Common Files\Java2013-09-30 04:03 . 2013-09-30 04:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\program files (x86)\Java2013-09-30 03:56 . 2013-09-30 03:56 -------- d-----w- c:\program files (x86)\VS Revo Group2013-09-29 08:05 . 2013-09-29 08:05 -------- d-----w- c:\windows\ERUNT2013-09-29 03:08 . 2013-09-29 03:08 -------- d-----w- c:\program files\HitmanPro2013-09-29 03:08 . 2013-09-29 03:17 -------- d-----w- c:\programdata\HitmanPro2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\users\Ates\AppData\Roaming\Malwarebytes2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\programdata\Malwarebytes2013-09-29 02:54 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-29 02:49 . 2013-10-09 18:44 -------- d-----w- C:\AdwCleaner2013-09-27 18:44 . 2013-09-27 18:44 -------- d-----w- c:\users\Ates\AppData\Local\AAA_Internet_Publishing,_2013-09-24 18:11 . 2013-10-09 06:43 -------- d-----w- c:\program files (x86)\FlameKO2013-09-18 20:21 . 2013-09-18 20:23 -------- d-----w- c:\program files (x86)\SexyKO2013-09-17 20:54 . 2013-09-17 20:54 -------- d-----w- c:\users\Ates\AppData\Local\Geckofx2013-09-17 20:53 . 2013-09-20 10:15 -------- d-----w- c:\program files (x86)\SmarttürkWebTV-V0.062013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection2013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\Toolbar Cleaner2013-09-16 17:52 . 2013-09-16 17:52 -------- d-----w- c:\users\Ates\AppData\Roaming\Lavasoft2013-09-16 17:51 . 2013-09-16 17:51 -------- d-----w- c:\program files\Lavasoft2013-09-16 11:35 . 2013-05-23 15:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys2013-09-16 07:38 . 2013-09-16 17:32 -------- d-----w- c:\programdata\Ad-Aware Antivirus2013-09-16 06:49 . 2013-10-09 19:06 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus2013-09-16 06:49 . 2013-09-16 06:49 -------- d-----w- c:\programdata\Lavasoft2013-09-16 06:49 . 2013-09-16 06:49 -------- d-----w- c:\programdata\Downloaded Installations2013-09-16 06:49 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\Lavasoft2013-09-16 06:48 . 2013-09-16 19:14 -------- d-----w- c:\users\Ates\AppData\Roaming\Ad-Aware Antivirus2013-09-16 06:48 . 2013-09-16 17:56 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys2013-09-15 11:00 . 2011-10-31 18:02 307200 ----a-w- c:\windows\SysWow64\pbproxy.dll2013-09-15 07:52 . 2013-09-15 07:52 -------- d-----w- c:\users\Ates\AppData\Local\Amazon2013-09-15 06:23 . 2013-09-15 06:23 -------- d-sh--w- c:\users\Ates\AppData\Local\icsxml2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\users\Ates\AppData\Local\Razer2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\programdata\Razer2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\program files (x86)\Razer2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\users\Ates\AppData\Local\Programs2013-09-15 04:48 . 2012-11-23 01:42 -------- d-----w- c:\program files (x86)\Cure2013-09-14 11:36 . 2013-09-14 11:36 -------- d-----w- c:\users\Ates\AppData\Local\Microsoft_Corporation2013-09-14 11:34 . 2013-09-14 11:35 -------- d-----w- c:\program files (x86)\Microsoft SQL Server2013-09-14 11:31 . 2013-09-14 11:36 -------- d-----w- c:\program files\Microsoft SQL Server2013-09-13 11:05 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\mpengine.dll2013-09-11 02:54 . 2013-09-11 12:19 -------- d-----w- c:\users\Ates\AppData\Roaming\Open Download Manager2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\modules2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\js2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\css2013-09-11 02:50 . 2013-09-11 02:50 -------- d-----w- c:\users\Ates\AppData\Local\avgchrome2013-09-11 02:47 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.0022013-09-11 02:32 . 2013-09-11 02:32 -------- d-----w- c:\programdata\KLC2013-09-11 02:32 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.0012013-09-11 02:15 . 2013-09-11 02:32 -------- d-----w- c:\program files (x86)\KLC2013-09-11 02:15 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.0002013-09-11 02:15 . 2002-12-20 19:02 1077336 ------w- c:\windows\SysWow64\mscomctl.ocx2013-09-11 02:15 . 1999-12-07 14:00 61491 ----a-w- c:\windows\SysWow64\wbemdisp.TLB...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 19:18 . 2013-10-09 19:18 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\offreg.dll2013-09-30 04:03 . 2012-08-28 17:25 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-30 04:03 . 2012-08-28 17:25 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-08-20 18:04 . 2013-08-20 18:04 369168 ----a-w- c:\windows\system32\wpcap.dll2013-08-20 18:04 . 2013-08-20 18:04 35344 ----a-w- c:\windows\system32\drivers\npf.sys2013-08-20 18:04 . 2013-08-20 18:04 106000 ----a-w- c:\windows\system32\packet.dll2013-07-29 20:16 . 2012-06-08 18:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-09-24 441408]"WTFast Tray"="c:\program files (x86)\WTFast\WTFast.exe" [2013-09-25 2483672].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/13 11:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R4 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]R4 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]R4 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]R4 Sendoriv1;Sendoriv1;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]R4 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R4 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_38F51D56.Contents of the 'Scheduled Tasks' folder.2013-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job- c:\users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 19:03].2013-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job- c:\users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 19:03].2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job- c:\users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 12:56].2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job- c:\users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 12:56].2013-10-09 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\programdata\HP Photo Creations\Communicator.exe [2013-10-06 10:23].2013-09-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41].2013-09-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]..--------- X64 Entries -----------..------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htmLSP: %SystemRoot%\system32\WTFastDrv.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727: NameServer = 8.8.8.8,8.8.4.4.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)Toolbar-10 - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)c:\users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnk - c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exeHKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exeAddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]@Denied: (A 2 3) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]@="%SystemRoot%\\Explorer.exe""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]@="DAO.Client".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]@="{C8618CE4-0624-7047-8336-6E676D6F7574}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SOFTWARE\Datafocus]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Mortice Kern Systems]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-10-09 12:19:34ComboFix-quarantined-files.txt 2013-10-09 19:19ComboFix2.txt 2013-10-09 18:14.Pre-Run: 557.424.799.744 bytes freePost-Run: 557.327.679.488 bytes free.- - End Of File - - D40AFA76377049B1D6CC7D7875768DF2 ComboFix-Quarantined-flies.txt : 2013-10-09 19:18:52 . 2013-10-09 19:18:52 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SBRegRebootCleaner.reg.dat2013-10-09 18:14:24 . 2013-10-09 18:14:24 0 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr2013-10-09 18:13:31 . 2013-10-09 19:18:42 180 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat2013-10-09 18:13:31 . 2013-10-09 19:18:41 282 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{72cabc40-64b2-46ed-8648-26d831761150}.reg.dat2013-10-09 18:13:31 . 2013-10-09 19:18:41 208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat2013-10-09 18:08:37 . 2013-10-09 18:08:37 1,172 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat2013-10-09 18:08:37 . 2013-10-09 18:08:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat2013-10-09 18:08:22 . 2013-10-09 19:16:42 16,655 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2013-10-09 17:57:44 . 2013-10-09 19:10:33 153 ----a-w- C:\Qoobox\Quarantine\catchme.log2013-09-16 17:57:43 . 2013-10-06 07:04:06 1,868 ----a-w- C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnk.vir
  18. There is something that I figured out now. When I say disable advanced firewall on adaware antivirus, I can connect to internet. I have been using the same antivirus programs for a while and did not have this issue before this virus activity. I have Kaspersy Internet Security 2013, adaware pro and MalwareBytes Anti-Malware. I also use WinPatrol in addition. I also got little nervous and did AdwCleaner and RogueKiller. It does not really seem like it helped at all.
  19. Addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013Ran by Ates at 2013-10-09 11:16:15Running from C:\Users\Ates\Desktop\VirusBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== Ad-Aware Antivirus (x32 Version: 10.5.3.4405)Ad-Aware Browsing Protection (x32 Version: 1.0.1.110)Adobe AIR (x32 Version: 3.4.0.2540)Adobe Download Assistant (x32 Version: 1.2.2)Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.168)Adobe Photoshop CS6 (x32 Version: 13.0)Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)Apple Application Support (x32 Version: 2.2.2)Apple Mobile Device Support (Version: 6.0.0.59)Apple Software Update (x32 Version: 2.1.3.127)AutoHotkey 1.1.09.02 (Version: 1.1.09.02)AutoIt v3.3.8.1 (x32)Axife Mouse Recorder DEMO 5.01 (x32)Bandicam (x32)Bandisoft MPEG-1 Decoder (x32)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)Bonjour (Version: 3.0.0.10)Build-a-lot (x32 Version: 2.2.0.82)CCleaner (Version: 4.04)cFosSpeed v5.00 (Version: 5.00)Chuzzle Deluxe (x32 Version: 2.2.0.82)Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)Creative Element Power Tools (x32 Version: 3.0.6)Creo Direct Version 2.0 Datecode [M010] (x32 Version: 2.0)Creo Layout Version 2.0 Datecode [M010] (x32 Version: 2.0)Creo Parametric Version 2.0 Datecode [M010] (x32 Version: 2.0)Creo Platform 2.9 (x32 Version: 2.9.0)Creo Simulate Version 2.0 Datecode [M010] (x32 Version: 2.0)Creo Thumbnail Viewer 2.0 (Version: 30.12.130)CyberLink Media Suite (x32 Version: 8.0.2227)CyberLink MediaShow (x32 Version: 5.0.1130a)CyberLink Power2Go (x32 Version: 6.1.4813b)CyberLink PowerDirector (x32 Version: 8.0.4207)CyberLink PowerDVD 10 (x32 Version: 10.0.3706.52)CyberLink YouCam (x32 Version: 3.1.4417)D3DX10 (x32 Version: 15.4.2368.0902)DAEMON Tools Lite (x32 Version: 4.45.4.0315)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)Dolby Home Theater v4 (x32 Version: 7.2.7000.7)Easy File Share (x32 Version: 1.2.4)Easy Migration (x32 Version: 1.0)Easy Settings (x32 Version: 1.1)Easy Software Manager (x32 Version: 1.1.41.25)Easy Support Center 1.0 (x32 Version: 1.1.49)E-POP (x32 Version: 1.0.1)ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)ExpressCache (Version: 1.0.64)Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)Farm Frenzy (x32 Version: 2.2.0.82)File Properties Changer (x32)Google Chrome (HKCU Version: 29.0.1547.76)HitmanPro 3.7 (Version: 3.7.7.205)HP Deskjet 2510 series Basic Device Software (Version: 28.0.1313.0)HP Deskjet 2510 series Help (x32 Version: 27.0.0)HP Deskjet 2510 series Product Improvement Study (Version: 28.0.1313.0)HP Deskjet 2510 series Setup Guide (x32 Version: 27.0.0)HP Photo Creations (x32 Version: 1.0.0.12412)HP Update (x32 Version: 5.003.003.001)Insaniquarium Deluxe (x32 Version: 2.2.0.82)Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)Intel® Management Engine Components (x32 Version: 8.0.2.1410)Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086)Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)Intel® Trusted Connect Service Client (Version: 1.23.605.1)iTunes (Version: 10.7.0.21)Java 7 Update 40 (x32 Version: 7.0.400)Java Auto Updater (x32 Version: 2.1.9.8)John Deere Drive Green (x32 Version: 2.2.0.82)Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)LaglessProxy (x32 Version: 1.0)Lavasoft Registry Tuner (Version: 2.0.0)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Maple 16Maple 16 (x32 Version: 16.0.0.0)Mathematica Extras 9.0 (3824406) (Version: 9.0.0)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Office 2010 (x32 Version: 14.0.4763.1000)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)Microsoft Silverlight (Version: 5.1.20125.0)Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)ModeShift (x32 Version: 1.0)MSI Afterburner 2.2.5 (x32 Version: 2.2.5)MSI Kombustor 2.4.2 (x32)NETGEAR Genie (x32 Version: 2.2.28.24.exe )Norton Online Backup (x32 Version: 2.2.1.35)NVIDIA Control Panel 296.01 (Version: 296.01)NVIDIA Graphics Driver 296.01 (Version: 296.01)NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)NVIDIA Install Application (Version: 2.1002.62.312)NVIDIA PhysX (x32 Version: 9.11.1111)NVIDIA PhysX System Software 9.11.1111 (Version: 9.11.1111)PasswordBox (x32 Version: 1.12.2.1665)PDF Settings CS6 (x32 Version: 11.0)Peggle (x32 Version: 2.2.0.82)Penguins! (x32 Version: 2.2.0.82)Plants vs. Zombies (x32 Version: 2.2.0.82)Polar Golfer (x32 Version: 2.2.0.82)Proxifier version 3.0 (x32 Version: 3.0)PTC Quality Agent (x32 Version: 2.0.0.0)Razer Game Booster (x32 Version: 3.7)Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094)RegCure Pro (x32 Version: 3.1.6.0)Revo Uninstaller 1.95 (x32 Version: 1.95)Samsung Recovery Solution 5 (x32 Version: 5.0.2.3)Sandboxie 4.04 (64-bit) (Version: 4.04)Skype™ 6.1 (x32 Version: 6.1.129)Smarttürk WebTV v0.05 (HKCU)SmarttürkWebTV-V0.06 (HKCU)Software Launcher (x32 Version: 1.0.2)TeamSpeak 3 Client (HKCU Version: 3.0.13)TeamViewer 8 (x32 Version: 8.0.16642)TechPowerUp GPU-Z (x32)TuneUp Utilities 2013 (x32 Version: 13.0.2020.14)TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2020.14)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Ventrilo Client for Windows x64 (Version: 3.0.8.0)VLC media player 2.0.3 (x32 Version: 2.0.3)WildTangent Games (x32 Version: 1.0.1.5)WildTangent ORB Game Console (x32)Window Hide Tool 2.0 (x32)WinPatrol (Version: 28.9.2013.1)WinRAR 4.20 (64-bit) (Version: 4.20.0)Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060) (Version: 9.0.0)WTFast 3.0 Beta 12 (x32 Version: 3.0.1.12)Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2013-05-16 03:24 - 2013-10-09 11:10 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {015D3F17-53C6-4E2A-830A-A11ED0CB9A70} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)Task: {079F7EE1-9851-4467-BB87-9F6D897C6E95} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2012-01-26] (SAMSUNG Electronics)Task: {089009F1-D204-4F1B-85A6-EF892E8D1E62} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-02-08] (Samsung)Task: {15531474-384B-4883-8CF7-E29199BA23F4} - \ParetoLogic Update Version3 No Task FileTask: {1E62BEA0-A29E-4FFA-9CAE-593DC1333987} - System32\Tasks\AdobeAAMUpdater-1.0-Ates-PC-Ates => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)Task: {27035E51-D742-4F9C-859D-E6DF67ABC549} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-02-12] (Samsung Electronics Co., Ltd.)Task: {29D9F031-4FBE-4F81-B9F3-6E04D1025FA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)Task: {2A1525B8-2108-4A26-B6DE-5BAA3B4D56A2} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-03-04] (Samsung Electronics Co., Ltd.)Task: {32EE1501-8168-4DC2-946A-4D3D126E70EE} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exeTask: {35D9101D-C415-4E78-81FE-90FBC96FCA5B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)Task: {3A756C9A-2511-484D-80DA-A822CA80FF41} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28] (Facebook Inc.)Task: {3B44B648-0F08-41AD-9C74-E14C6361CDC8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {3C0C7C10-5C78-4D8E-B642-52B571403C27} - \ParetoLogic Registration3 No Task FileTask: {3D4393C7-5C62-470D-B0BF-DFBFFE268F53} - System32\Tasks\LaglessUI-Service => C:\Program Files (x86)\LaglessProxy\LaglessUI.service.exe [2013-05-27] ()Task: {42F30F43-4634-46A6-8F0E-48CACCA2871E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()Task: {609AABC5-6C51-4064-9B31-1E64AB34ED5E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)Task: {616758BC-AC16-415A-B099-64B4A4588628} - \DealPlyUpdate No Task FileTask: {61ECFC90-344E-4517-9836-44535CF9858B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)Task: {66842EAB-AD74-4AAF-AF41-F5D32393C623} - System32\Tasks\Google Updater and Installer => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)Task: {6E739ACB-F600-4067-AD90-950CE457A358} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)Task: {788F4D85-E1D1-4A01-9807-53EC9748B402} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-30] (Samsung Electronics)Task: {841843B8-9A73-4ACE-8EE5-8FBDBC1572AD} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-03-04] (Samsung Electronics Co., Ltd.)Task: {9664F92C-7E9C-4006-A167-62B5AD9CD8C9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)Task: {A7A99B5E-92BD-4C24-8D27-77307B08633D} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exeTask: {AF0CF219-366A-4896-9B64-341D156C4200} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-10-06] ()Task: {C59B5924-49C7-49E2-843B-C526A7A55C06} - System32\Tasks\{E08E35BE-FAE1-4E03-99F9-1C7564CD9F5C} => C:\Program Files (x86)\Creation\Creation.exeTask: {DC5BCC9C-ED85-4BA8-A8EB-2B8266BC99B5} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-12-19] (SEC)Task: {DE9A76C6-533F-4D3F-9E15-22A8E9CAFC29} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-01-31] (Samsung Electronics Co., Ltd.)Task: {E162314B-4926-4F46-BFC8-EB7442B5549B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28] (Facebook Inc.)Task: {F60BEDD1-BA4D-4AF0-986F-58A7B2822A4F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-17] (SAMSUNG Electronics co., LTD.)Task: {F7F3A05E-DA1C-4EA6-96C0-3DA74BC5EC72} - System32\Tasks\ModeShift => C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe [2012-02-01] (Samsung Electronics Co., Ltd.)Task: {FD52530C-5C51-43E3-8E4B-737C43669145} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exeTask: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exeTask: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-17 21:39 - 2012-12-06 16:06 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll2013-09-13 09:25 - 2013-09-13 09:25 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll2013-09-15 23:53 - 2013-07-05 14:25 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll2013-09-15 23:53 - 2013-07-05 14:25 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (10/09/2013 11:12:21 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 11:00:12 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 10:56:52 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 09:30:11 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 08:45:36 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 07:52:25 AM) (Source: Application Error) (User: )Description: Faulting application name: KnightOnLine.exe, version: 4.26.13.1965, time stamp: 0x517f5efdFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x056413d1Faulting process id: 0x850Faulting application start time: 0xKnightOnLine.exe0Faulting application path: KnightOnLine.exe1Faulting module path: KnightOnLine.exe2Report Id: KnightOnLine.exe3 Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.]. Operation: Obtain a callable interface for this provider Check If Volume Is Supported by Provider Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: 0 Execution Context: Coordinator Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\ Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.] Operation: Obtain a callable interface for this provider Check If Volume Is Supported by Provider Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: 0 Execution Context: Coordinator Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\ System errors:=============Error: (10/09/2013 11:10:38 AM) (Source: Service Control Manager) (User: )Description: The AMD External Events Utility .NET. service terminated with the following error: %%2 Error: (10/09/2013 11:09:53 AM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/09/2013 11:09:49 AM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/09/2013 11:07:38 AM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/09/2013 11:01:15 AM) (Source: Service Control Manager) (User: )Description: The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2013 10:58:55 AM) (Source: WMPNetworkSvc) (User: )Description: WMPNetworkSvc0x80070422 Error: (10/09/2013 10:58:54 AM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (10/09/2013 10:58:30 AM) (Source: Service Control Manager) (User: )Description: The AMD External Events Utility .NET. service terminated with the following error: %%2 Error: (10/09/2013 10:56:27 AM) (Source: Service Control Manager) (User: )Description: The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2013 10:55:23 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (10/09/2013 11:12:21 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 11:00:12 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 10:56:52 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 09:30:11 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 08:45:36 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2013 07:52:25 AM) (Source: Application Error)(User: )Description: KnightOnLine.exe4.26.13.1965517f5efdunknown0.0.0.000000000c0000005056413d185001cec4fd004d397fC:\Program Files (x86)\KO100\KnightOnLine.exeunknown68c85a12-30f2-11e3-bd4b-c48508720163 Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: -1 Snapshot Context: -1 Execution Context: Coordinator Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Check If Volume Is Supported by Provider Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: 0 Execution Context: Coordinator Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\ Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Obtain a callable interface for this provider Check If Volume Is Supported by Provider Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {00000000-0000-0000-0000-000000000000} Snapshot Context: 0 Execution Context: Coordinator Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\ CodeIntegrity Errors:=================================== Date: 2013-10-09 00:21:28.738 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-09 00:21:28.736 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-09 00:21:28.735 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.247 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.244 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.228 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.225 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-10-07 06:35:08.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 14%Total physical RAM: 16355.11 MBAvailable physical RAM: 14024.66 MBTotal Pagefile: 32708.41 MBAvailable Pagefile: 30407.68 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:676.54 GB) (Free:519.16 GB) NTFSDrive d: (2ndHDD) (Fixed) (Total:698.64 GB) (Free:698.02 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 699 GB) (Disk ID: 5CF4F757)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=22 GB) - (Type=27) ========================================================Disk: 1 (Size: 7 GB) (Disk ID: 74F02DEA)Partition 1: (Not Active) - (Size=7 GB) - (Type=73) ========================================================Disk: 2 (Size: 699 GB) (Disk ID: 92CDA70E)Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  20. I will delete one of them. Thanks for warning me about it. FRST.txt : Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by Ates (administrator) on ATES-PC on 09-10-2013 11:15:23Running from C:\Users\Ates\Desktop\VirusWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)HKCU\...\Run: [WTFast Tray] - C:\Program Files (x86)\WTFast\WTFast.exe [2483672 2013-09-25] (AAA Internet Publishing, Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-15] (Kaspersky Lab ZAO)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)Startup: C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnkShortcutTarget: Ad-Aware Antivirus.lnk -> C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)Toolbar: HKLM-x32 - No Name - {72cabc40-64b2-46ed-8648-26d831761150} - No FileToolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No FileDPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog9 01 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 02 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 03 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 04 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 16 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 16 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ates\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.comFF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.comFF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.comFF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.comFF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.comFF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.comFF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.comFF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.comFF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Ates\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (Wolfram Mathematica) - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ates\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)CHR Plugin: (Google Update) - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Extension: (Kaspersky URL Advisor) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0CHR Extension: (GorillaPrice offer) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0CHR Extension: () - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1CHR Extension: (Safe Money) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0CHR Extension: (Virtual Keyboard) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Lavasoft NewTab) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0CHR Extension: (Anti-Banner) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crxCHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crxCHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crxCHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crxCHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crxCHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-15] (Kaspersky Lab ZAO)S4 cFosSpeedS; C:\Program Files\Topos\cFosSpeed\spd.exe [559320 2009-10-30] (cFos Software GmbH)S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-19] (CyberLink)S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)S2 FastUserSwitchingCompatibility; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-28] (SurfRight B.V.)S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4710040 2012-05-01] (Symantec Corporation)R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-13] (PasswordBox, Inc.)S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-12] ()R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)S4 Sendoriv1; C:\Program Files (x86)\Sendori\SendoriSvc.exe [x] ==================== Drivers (Whitelisted) ==================== R3 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed.sys [1222360 2009-10-30] (cFos Software GmbH)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-09] (DT Soft Ltd)R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-16] (GFI Software)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-19] (Kaspersky Lab)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-19] (Kaspersky Lab)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-29] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)S4 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-18] (TuneUp Software)S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-09 11:15 - 2013-10-09 11:15 - 00000000 ____D C:\FRST2013-10-09 11:14 - 2013-10-09 11:14 - 00030688 _____ C:\ComboFix.txt2013-10-09 11:02 - 2011-06-25 23:45 - 00256000 _____ C:\windows\PEV.exe2013-10-09 11:02 - 2010-11-07 10:20 - 00208896 _____ C:\windows\MBR.exe2013-10-09 11:02 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2013-10-09 11:02 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2013-10-09 11:02 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2013-10-09 11:02 - 2000-08-30 17:00 - 00098816 _____ C:\windows\sed.exe2013-10-09 11:02 - 2000-08-30 17:00 - 00080412 _____ C:\windows\grep.exe2013-10-09 11:02 - 2000-08-30 17:00 - 00068096 _____ C:\windows\zip.exe2013-10-09 10:55 - 2013-10-09 11:14 - 00000000 ____D C:\Qoobox2013-10-09 10:36 - 2013-10-09 10:37 - 00000000 ____D C:\Users\Ates\Desktop\Virus2013-10-09 10:34 - 2013-10-09 10:34 - 00022538 _____ C:\Users\Ates\Desktop\dds.txt2013-10-09 10:34 - 2013-10-09 10:34 - 00012976 _____ C:\Users\Ates\Desktop\attach.txt2013-10-09 08:50 - 2013-10-09 08:50 - 00003144 _____ C:\windows\System32\Tasks\{6098B53F-986A-4DD0-8998-A596C96D83A1}2013-10-09 08:45 - 2013-10-09 08:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Proxifier2013-10-09 08:44 - 2013-10-09 08:44 - 00001023 _____ C:\Users\Ates\Desktop\Proxifier.lnk2013-10-09 08:44 - 2013-10-09 08:44 - 00000000 ____D C:\Program Files (x86)\Proxifier2013-10-09 08:44 - 2011-05-01 01:32 - 00100592 _____ (Initex) C:\windows\system32\ProxifierShellExt.dll2013-10-09 08:44 - 2011-05-01 01:32 - 00088816 _____ (Initex) C:\windows\SysWOW64\ProxifierShellExt.dll2013-10-09 08:44 - 2011-05-01 01:32 - 00073968 _____ (Initex) C:\windows\system32\PrxerDrv.dll2013-10-09 08:44 - 2011-05-01 01:32 - 00067824 _____ (Initex) C:\windows\SysWOW64\PrxerDrv.dll2013-10-09 08:44 - 2011-05-01 01:32 - 00055024 _____ C:\windows\system32\PrxerNsp.dll2013-10-09 08:44 - 2011-05-01 01:32 - 00054000 _____ C:\windows\SysWOW64\PrxerNsp.dll2013-10-09 08:41 - 2013-10-09 08:41 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (2).zip2013-10-09 08:41 - 2013-10-09 08:41 - 00000000 ____D C:\Users\Ates\Desktop\lagless2013-10-09 08:39 - 2013-10-09 08:39 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (1).zip2013-10-09 08:38 - 2013-10-09 08:38 - 00024092 _____ C:\Users\Ates\Downloads\Lagless_server_list_28_11_2012 (2).zip2013-10-09 08:38 - 2013-10-09 08:38 - 00002065 _____ C:\Users\Ates\Downloads\settings for proxifier_03_01_2013 (1).zip2013-10-09 08:10 - 2012-10-13 07:43 - 00000029 _____ C:\Users\Ates\Desktop\Proxifier serial number.txt2013-10-09 08:10 - 2012-10-03 05:14 - 03691656 _____ (Initex ) C:\Users\Ates\Desktop\Proxifier.exe2013-10-09 08:09 - 2013-10-09 08:09 - 03608881 _____ C:\Users\Ates\Downloads\m3393_Proxyfier.zip2013-10-09 07:56 - 2013-10-09 07:57 - 34374536 _____ C:\Users\Ates\Downloads\WinGate8.0.2.4614-USE.exe2013-10-09 07:02 - 2013-10-09 07:02 - 00001697 _____ C:\Users\Ates\Desktop\Ping spikes.txt2013-10-07 20:51 - 2013-10-09 07:44 - 00001401 _____ C:\Users\Ates\Desktop\Launcher - Shortcut.lnk2013-10-07 20:43 - 2013-10-09 05:43 - 00000000 ____D C:\Program Files (x86)\KO1002013-10-07 20:28 - 2013-10-07 20:28 - 00002519 _____ C:\Users\Ates\Desktop\Skype.lnk2013-10-07 20:27 - 2013-10-07 20:27 - 00001995 _____ C:\Users\Ates\Desktop\LaglessProxy.lnk2013-10-07 02:44 - 2013-10-07 02:44 - 01367552 _____ C:\Users\Ates\Downloads\Chapter 5 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00584192 _____ C:\Users\Ates\Downloads\Chapter 3 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00559616 _____ C:\Users\Ates\Downloads\Chapter 4 Part 2 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00301568 _____ C:\Users\Ates\Downloads\Chapter 4 part 1 %282013%29.ppt2013-10-06 00:38 - 2013-10-06 00:38 - 00054719 _____ C:\Users\Ates\Downloads\servers (2).zip2013-10-06 00:27 - 2013-10-06 00:27 - 00000983 _____ C:\Users\Public\Desktop\WTFast.lnk2013-10-06 00:27 - 2013-10-06 00:27 - 00000000 ____D C:\Program Files (x86)\WTFast2013-10-06 00:27 - 2013-02-01 07:39 - 00079464 _____ (Initex) C:\windows\system32\WTFastDrv.dll2013-10-06 00:27 - 2013-02-01 07:39 - 00072296 _____ (Initex) C:\windows\SysWOW64\WTFastDrv.dll2013-10-06 00:06 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (2).msi2013-10-06 00:06 - 2013-10-06 00:06 - 04597248 _____ C:\Users\Ates\Downloads\pcap525_x86.msi2013-10-06 00:05 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (1).msi2013-10-05 23:49 - 2013-10-05 23:49 - 00004604 _____ C:\PBUninstaller.log2013-10-05 23:48 - 2013-10-07 20:52 - 00000000 ____D C:\Users\Ates\Desktop\Deskop2013-10-05 23:38 - 2013-10-05 23:39 - 01912363 _____ C:\Users\Ates\Downloads\WinMTR-v092.zip2013-10-05 22:23 - 2013-10-05 22:23 - 01644848 _____ ( ) C:\Users\Ates\Downloads\freecap_setup_eng.exe2013-10-05 05:42 - 2013-10-05 05:42 - 00003152 _____ C:\windows\System32\Tasks\{39288CD3-FEAA-4881-86E4-EFD40BF84C21}2013-10-05 05:40 - 2013-10-05 05:40 - 04361633 _____ ( ) C:\Users\Ates\Downloads\widecap_setup.en.1.5 (2).exe2013-10-05 05:39 - 2013-10-05 05:39 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64.msi2013-10-05 05:39 - 2013-10-05 05:39 - 00928100 _____ C:\Users\Ates\Downloads\smoothping (1).zip2013-09-30 13:02 - 2013-09-30 13:02 - 00002452 _____ C:\windows\SysWOW64\APConfig.xml2013-09-30 13:02 - 2013-09-30 13:02 - 00001738 _____ C:\windows\SysWOW64\EmailAVConfig.xml2013-09-30 13:02 - 2013-09-30 13:02 - 00000502 _____ C:\windows\SysWOW64\HIPSConfig.xml2013-09-30 01:21 - 2013-09-30 02:20 - 00003330 _____ C:\windows\System32\Tasks\LaglessUI-Service2013-09-30 01:21 - 2013-09-30 01:21 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaglessProxy2013-09-30 01:20 - 2013-10-09 07:36 - 00000000 ____D C:\Program Files (x86)\LaglessProxy2013-09-30 00:00 - 2013-09-30 00:00 - 00000020 _____ C:\windows\0÷%2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\WinPatrol2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Program Files (x86)\BillP Studios2013-09-29 23:38 - 2013-09-29 23:38 - 00907304 _____ (BillP Studios) C:\Users\Ates\Downloads\wpsetup.exe2013-09-29 21:04 - 2013-09-29 21:05 - 00000000 ____D C:\Program Files\CCleaner2013-09-29 21:04 - 2013-09-29 21:04 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC2013-09-29 21:03 - 2013-09-29 21:03 - 04429440 _____ (Piriform Ltd) C:\Users\Ates\Downloads\ccsetup404.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\ProgramData\Oracle2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\Program Files (x86)\Java2013-09-29 21:02 - 2013-09-29 21:02 - 00913832 _____ (Oracle Corporation) C:\Users\Ates\Downloads\chromeinstall-7u40.exe2013-09-29 20:56 - 2013-09-29 20:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ates\Downloads\revosetup.exe2013-09-29 20:56 - 2013-09-29 20:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-09-29 20:51 - 2013-09-29 20:51 - 02637824 _____ (TODO: <Company name>) C:\Users\Ates\Downloads\Gorilla_Uninstaller_Download_File.exe2013-09-29 17:21 - 2013-10-06 22:45 - 987788256 _____ C:\windows\MEMORY.DMP2013-09-29 17:21 - 2013-09-29 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\adawarebp2013-09-29 11:41 - 2013-10-09 11:09 - 00000000 ____D C:\windows\erdnt2013-09-29 01:05 - 2013-09-29 01:05 - 00000000 ____D C:\windows\ERUNT2013-09-29 01:04 - 2013-10-09 10:59 - 00000000 ____D C:\ProgramData\boost_interprocess2013-09-29 00:59 - 2013-09-29 00:59 - 01030305 _____ (Thisisu) C:\Users\Ates\Downloads\JRT.exe2013-09-29 00:57 - 2013-09-29 00:57 - 01042066 _____ C:\Users\Ates\Downloads\AdwCleaner (1).exe2013-09-29 00:23 - 2013-09-28 08:07 - 678011494 _____ C:\Users\Ates\Downloads\Knight_Kingdom (1).rar2013-09-29 00:19 - 2013-09-29 00:38 - 737013724 _____ C:\Users\Ates\Downloads\KO100-Client-Beta-2-Released-d.rar2013-09-28 22:19 - 2013-09-28 22:19 - 00688992 ____R (Swearware) C:\Users\Ates\Downloads\dds.com2013-09-28 20:17 - 2013-09-28 20:17 - 00001898 _____ C:\windows\system32\.crusader2013-09-28 20:08 - 2013-09-28 20:17 - 00000000 ____D C:\ProgramData\HitmanPro2013-09-28 20:08 - 2013-09-28 20:08 - 00000000 ____D C:\Program Files\HitmanPro2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Malwarebytes2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-28 19:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2013-09-28 19:49 - 2013-09-29 23:25 - 00000000 ____D C:\AdwCleaner2013-09-28 19:48 - 2013-09-28 19:48 - 09879648 _____ (SurfRight B.V.) C:\Users\Ates\Downloads\HitmanPro_x64.exe2013-09-28 19:47 - 2013-09-28 19:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ates\Downloads\mbam-setup-1.75.0.1300.exe2013-09-28 19:47 - 2013-09-28 19:47 - 01042066 _____ C:\Users\Ates\Downloads\adwcleaner.exe2013-09-27 11:44 - 2013-09-27 11:44 - 00000000 ____D C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_2013-09-27 11:41 - 2013-10-09 11:10 - 00024218 _____ C:\windows\PFRO.log2013-09-27 11:41 - 2013-09-30 01:42 - 00002850 _____ C:\autoupdate.log2013-09-27 11:37 - 2013-09-27 11:37 - 04273808 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetupFR.3.0.1.12.exe2013-09-26 21:48 - 2013-09-26 21:48 - 08711779 _____ C:\Users\Ates\Downloads\Manuel.zip2013-09-26 21:46 - 2013-09-26 22:40 - 608749959 _____ C:\Users\Ates\Downloads\YataganOnline.rar2013-09-26 12:43 - 2013-09-26 12:43 - 00007617 _____ C:\Users\Ates\AppData\Local\Resmon.ResmonCfg2013-09-26 12:36 - 2013-09-26 12:36 - 00863610 _____ C:\Users\Ates\Downloads\amr501dm.rar2013-09-24 11:11 - 2013-10-08 23:43 - 00000000 ____D C:\Program Files (x86)\FlameKO2013-09-24 07:08 - 2013-09-24 07:08 - 00771986 _____ C:\Users\Ates\Downloads\Outlook (2).zip2013-09-23 04:30 - 2013-09-23 04:30 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29 (1).ppt2013-09-23 04:26 - 2013-09-23 04:26 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29.ppt2013-09-23 04:25 - 2013-09-23 04:25 - 00376832 _____ C:\Users\Ates\Downloads\Chapter 2 Part 3 %282013%29.ppt2013-09-22 01:00 - 2013-10-09 11:10 - 00003360 _____ C:\windows\setupact.log2013-09-22 01:00 - 2013-09-22 01:00 - 00000000 _____ C:\windows\setuperr.log2013-09-20 22:18 - 2013-09-20 22:18 - 01475192 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetup.2.13.2.0 (1).exe2013-09-20 11:21 - 2013-09-20 11:21 - 00000000 _____ C:\Users\Ates\agent.log2013-09-20 03:34 - 2013-09-20 03:34 - 01466856 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetup.2.0.1.3.exe2013-09-18 13:21 - 2013-09-18 13:23 - 00000000 ____D C:\Program Files (x86)\SexyKO2013-09-18 02:05 - 2013-09-18 02:05 - 04512276 _____ C:\Users\Ates\Downloads\Outlook (1).zip2013-09-17 13:54 - 2013-09-17 13:54 - 00000000 ____D C:\Users\Ates\AppData\Local\Geckofx2013-09-17 13:53 - 2013-09-20 03:15 - 00000000 ____D C:\Program Files (x86)\SmarttürkWebTV-V0.062013-09-17 13:53 - 2013-09-17 13:53 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmarttürkWebTV-V0.062013-09-17 13:50 - 2013-09-17 13:51 - 22453185 _____ C:\Users\Ates\Downloads\Versiyon0.06.rar2013-09-17 13:50 - 2013-09-17 13:50 - 00889416 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\dotNetFx40_Full_setup (1).exe2013-09-16 22:27 - 2013-09-16 22:27 - 01027698 _____ C:\Users\Ates\Downloads\patch1011.zip2013-09-16 22:27 - 2013-09-16 22:27 - 01027443 _____ C:\Users\Ates\Downloads\patch1010.zip2013-09-16 22:18 - 2013-09-16 22:26 - 164766027 _____ C:\Users\Ates\Downloads\patch1005.zip2013-09-16 22:14 - 2013-09-16 22:14 - 00000000 ____D C:\Users\Ates\Downloads\SexyKO v10002013-09-16 11:05 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys2013-09-16 11:04 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys2013-09-16 11:04 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner2013-09-16 10:55 - 2013-09-16 10:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (4).exe2013-09-16 10:52 - 2013-09-16 10:52 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Lavasoft2013-09-16 10:51 - 2013-09-16 10:51 - 09368992 _____ (Lavasoft) C:\Users\Ates\Downloads\Lavasoft_Registry_Tuner_v.2.0.0.exe2013-09-16 10:51 - 2013-09-16 10:51 - 00000000 ____D C:\Program Files\Lavasoft2013-09-16 10:51 - 2012-09-20 05:40 - 00047496 _____ (GFI Software) C:\windows\system32\sbbd.exe2013-09-16 10:49 - 2013-09-16 10:49 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (3).exe2013-09-16 10:45 - 2013-09-16 10:45 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (2).exe2013-09-16 10:37 - 2013-09-16 10:37 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (1).exe2013-09-16 04:35 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiark.sys2013-09-16 00:38 - 2013-10-05 23:39 - 00004318 _____ C:\windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan2013-09-16 00:38 - 2013-09-16 10:32 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus2013-09-16 00:38 - 2013-09-16 00:38 - 00000000 ____D C:\Users\Ates\AppData\Roaming\LavasoftStatistics2013-09-15 23:49 - 2013-09-16 21:42 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus2013-09-15 23:49 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Lavasoft2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Downloaded Installations2013-09-15 23:48 - 2013-09-16 12:14 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus2013-09-15 23:48 - 2013-09-16 10:56 - 00014456 _____ (GFI Software) C:\windows\system32\Drivers\gfibto.sys2013-09-15 23:47 - 2013-09-15 23:47 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer.exe2013-09-15 06:23 - 2013-09-15 06:23 - 00000000 ____D C:\Users\Ates\Documents\fx2013-09-15 04:00 - 2011-10-31 11:02 - 00307200 _____ (PingBetter) C:\windows\SysWOW64\pbproxy.dll2013-09-15 03:59 - 2013-09-15 03:59 - 03203437 _____ (PingBetter) C:\Users\Ates\Downloads\PingBetterSetup3.1.0.1.exe2013-09-15 03:39 - 2013-09-15 03:40 - 14035465 _____ C:\Users\Ates\Downloads\pz_setup_1.1.6.zip2013-09-15 00:52 - 2013-09-15 00:52 - 00000000 ____D C:\Users\Ates\AppData\Local\Amazon2013-09-14 23:23 - 2013-09-14 23:23 - 00000038 ___SH C:\Users\Ates\AppData\Local\30cb054b51a6e2f65d62f4.627160002013-09-14 23:23 - 2013-09-14 23:23 - 00000000 __SHD C:\Users\Ates\AppData\Local\icsxml2013-09-14 23:20 - 2013-09-14 23:20 - 05341777 _____ (Lowerping) C:\Users\Ates\Downloads\Lowerping_1.4.exe2013-09-14 22:07 - 2013-09-30 02:20 - 00003172 _____ C:\windows\System32\Tasks\Razer_Game_Booster_AutoUpdate2013-09-14 22:06 - 2013-09-14 22:06 - 00000000 ____D C:\Users\Ates\Documents\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Users\Ates\AppData\Local\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\ProgramData\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Program Files (x86)\Razer2013-09-14 22:04 - 2013-09-14 22:05 - 23832608 _____ (Razer USA Ltd ) C:\Users\Ates\Downloads\Game_Booster_v3.7.0.11.exe2013-09-14 21:48 - 2012-11-22 18:42 - 00000000 ____D C:\Program Files (x86)\Cure2013-09-14 21:47 - 2013-09-14 21:48 - 06872237 _____ C:\Users\Ates\Downloads\Cure.rar2013-09-14 21:18 - 2013-09-14 21:18 - 00001291 _____ C:\Users\Ates\Downloads\Pingfix.rar2013-09-14 18:34 - 2013-09-14 18:35 - 06091510 _____ C:\Users\Ates\Downloads\LaglessProxy1.1 (1).exe2013-09-14 04:36 - 2013-09-14 04:36 - 00000000 ____D C:\Users\Ates\AppData\Local\Microsoft_Corporation2013-09-14 04:34 - 2013-09-14 04:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server2013-09-14 04:31 - 2013-09-14 04:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server2013-09-14 04:30 - 2013-09-14 04:30 - 86525456 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SQLEXPR_x64_ENU.exe2013-09-14 04:18 - 2013-09-15 02:12 - 06982764 _____ C:\Users\Ates\Downloads\TrayhoperEditors-Pvp-Sehri.rar2013-09-13 09:34 - 2013-09-30 02:31 - 00000000 ____D C:\windows\pss2013-09-10 20:01 - 2013-09-16 10:27 - 00003722 _____ C:\Users\Ates\Downloads\hs-smc2b.zip2013-09-10 19:54 - 2013-09-11 05:19 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Open Download Manager2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\modules2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\js2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\css2013-09-10 19:50 - 2013-09-10 19:50 - 00000000 ____D C:\Users\Ates\AppData\Local\avgchrome2013-09-10 19:48 - 2013-09-30 02:20 - 00003114 _____ C:\windows\System32\Tasks\YourFile DownloaderUpdate2013-09-10 19:47 - 2013-09-10 19:47 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup1.exe2013-09-10 19:47 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.0022013-09-10 19:32 - 2013-09-10 19:32 - 00000000 ____D C:\ProgramData\KLC2013-09-10 19:32 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.0012013-09-10 19:31 - 2013-09-10 19:32 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup.exe2013-09-10 19:26 - 2013-09-10 19:26 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup (1).exe2013-09-10 19:26 - 2013-09-10 19:26 - 01300888 _____ (Koyote-Lab Inc.) C:\Users\Ates\Downloads\FuzeZipSetup-r140-w-bc.exe2013-09-10 19:15 - 2013-09-10 19:32 - 00000000 ____D C:\Program Files (x86)\KLC2013-09-10 19:15 - 2013-09-10 19:15 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup.exe2013-09-10 19:15 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.0002013-09-10 19:15 - 2002-12-20 12:02 - 01077336 ____N (Microsoft Corporation) C:\windows\SysWOW64\mscomctl.ocx2013-09-10 19:15 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\windows\SysWOW64\wbemdisp.TLB ==================== One Month Modified Files and Folders ======= 2013-10-09 11:15 - 2013-10-09 11:15 - 00000000 ____D C:\FRST2013-10-09 11:15 - 2012-06-12 17:59 - 01234356 _____ C:\windows\WindowsUpdate.log2013-10-09 11:15 - 2009-07-13 20:20 - 00000000 ____D C:\windows\tracing2013-10-09 11:14 - 2013-10-09 11:14 - 00030688 _____ C:\ComboFix.txt2013-10-09 11:14 - 2013-10-09 10:55 - 00000000 ____D C:\Qoobox2013-10-09 11:14 - 2009-07-13 22:13 - 00780196 _____ C:\windows\system32\PerfStringBackup.INI2013-10-09 11:10 - 2013-09-27 11:41 - 00024218 _____ C:\windows\PFRO.log2013-10-09 11:10 - 2013-09-22 01:00 - 00003360 _____ C:\windows\setupact.log2013-10-09 11:10 - 2013-02-24 01:18 - 00065536 _____ C:\windows\system32\Ikeext.etl2013-10-09 11:10 - 2012-09-18 11:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab2013-10-09 11:10 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-10-09 11:10 - 2009-07-13 19:34 - 66846720 _____ C:\windows\system32\config\SOFTWARE.bak2013-10-09 11:10 - 2009-07-13 19:34 - 48234496 _____ C:\windows\system32\config\SYSTEM.bak2013-10-09 11:10 - 2009-07-13 19:34 - 00815104 _____ C:\windows\system32\config\DEFAULT.bak2013-10-09 11:10 - 2009-07-13 19:34 - 00057344 _____ C:\windows\system32\config\SAM.bak2013-10-09 11:10 - 2009-07-13 19:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak2013-10-09 11:10 - 2009-07-13 19:34 - 00000215 _____ C:\windows\system.ini2013-10-09 11:09 - 2013-09-29 11:41 - 00000000 ____D C:\windows\erdnt2013-10-09 11:05 - 2009-07-13 21:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-09 11:05 - 2009-07-13 21:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-09 10:59 - 2013-09-29 01:04 - 00000000 ____D C:\ProgramData\boost_interprocess2013-10-09 10:58 - 2013-09-08 22:30 - 00000336 _____ C:\windows\Tasks\HP Photo Creations Communicator.job2013-10-09 10:37 - 2013-10-09 10:36 - 00000000 ____D C:\Users\Ates\Desktop\Virus2013-10-09 10:34 - 2013-10-09 10:34 - 00022538 _____ C:\Users\Ates\Desktop\dds.txt2013-10-09 10:34 - 2013-10-09 10:34 - 00012976 _____ C:\Users\Ates\Desktop\attach.txt2013-10-09 09:53 - 2013-09-04 01:11 - 00740864 ___SH C:\Users\Ates\Downloads\Thumbs.db2013-10-09 09:36 - 2013-09-08 22:30 - 00003344 _____ C:\windows\System32\Tasks\HP Photo Creations Communicator2013-10-09 08:50 - 2013-10-09 08:50 - 00003144 _____ C:\windows\System32\Tasks\{6098B53F-986A-4DD0-8998-A596C96D83A1}2013-10-09 08:45 - 2013-10-09 08:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Proxifier2013-10-09 08:44 - 2013-10-09 08:44 - 00001023 _____ C:\Users\Ates\Desktop\Proxifier.lnk2013-10-09 08:44 - 2013-10-09 08:44 - 00000000 ____D C:\Program Files (x86)\Proxifier2013-10-09 08:41 - 2013-10-09 08:41 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (2).zip2013-10-09 08:41 - 2013-10-09 08:41 - 00000000 ____D C:\Users\Ates\Desktop\lagless2013-10-09 08:39 - 2013-10-09 08:39 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (1).zip2013-10-09 08:38 - 2013-10-09 08:38 - 00024092 _____ C:\Users\Ates\Downloads\Lagless_server_list_28_11_2012 (2).zip2013-10-09 08:38 - 2013-10-09 08:38 - 00002065 _____ C:\Users\Ates\Downloads\settings for proxifier_03_01_2013 (1).zip2013-10-09 08:09 - 2013-10-09 08:09 - 03608881 _____ C:\Users\Ates\Downloads\m3393_Proxyfier.zip2013-10-09 07:57 - 2013-10-09 07:56 - 34374536 _____ C:\Users\Ates\Downloads\WinGate8.0.2.4614-USE.exe2013-10-09 07:52 - 2012-09-10 02:39 - 00000000 ____D C:\Users\Ates\AppData\Local\CrashDumps2013-10-09 07:44 - 2013-10-07 20:51 - 00001401 _____ C:\Users\Ates\Desktop\Launcher - Shortcut.lnk2013-10-09 07:36 - 2013-09-30 01:20 - 00000000 ____D C:\Program Files (x86)\LaglessProxy2013-10-09 07:32 - 2012-08-28 07:36 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Skype2013-10-09 07:02 - 2013-10-09 07:02 - 00001697 _____ C:\Users\Ates\Desktop\Ping spikes.txt2013-10-09 05:43 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files (x86)\KO1002013-10-08 23:43 - 2013-09-24 11:11 - 00000000 ____D C:\Program Files (x86)\FlameKO2013-10-07 20:52 - 2013-10-05 23:48 - 00000000 ____D C:\Users\Ates\Desktop\Deskop2013-10-07 20:28 - 2013-10-07 20:28 - 00002519 _____ C:\Users\Ates\Desktop\Skype.lnk2013-10-07 20:27 - 2013-10-07 20:27 - 00001995 _____ C:\Users\Ates\Desktop\LaglessProxy.lnk2013-10-07 02:44 - 2013-10-07 02:44 - 01367552 _____ C:\Users\Ates\Downloads\Chapter 5 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00584192 _____ C:\Users\Ates\Downloads\Chapter 3 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00559616 _____ C:\Users\Ates\Downloads\Chapter 4 Part 2 %282013%29.ppt2013-10-07 02:44 - 2013-10-07 02:44 - 00301568 _____ C:\Users\Ates\Downloads\Chapter 4 part 1 %282013%29.ppt2013-10-06 22:45 - 2013-09-29 17:21 - 987788256 _____ C:\windows\MEMORY.DMP2013-10-06 22:45 - 2012-10-02 19:59 - 00000000 ____D C:\windows\Minidump2013-10-06 03:45 - 2013-04-27 00:28 - 00552960 ___SH C:\Users\Ates\Desktop\Thumbs.db2013-10-06 03:23 - 2013-09-08 22:30 - 00000000 ___RD C:\Users\Ates\Documents\HP Photo Creations2013-10-06 03:23 - 2013-09-08 22:05 - 00000000 ____D C:\ProgramData\Visan2013-10-06 03:23 - 2013-09-08 22:05 - 00000000 ____D C:\ProgramData\HP Photo Creations2013-10-06 03:13 - 2012-10-15 17:23 - 00000000 ____D C:\Users\Ates\AppData\Roaming\TS3Client2013-10-06 01:16 - 2012-10-15 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\TeamSpeak 3 Client2013-10-06 00:38 - 2013-10-06 00:38 - 00054719 _____ C:\Users\Ates\Downloads\servers (2).zip2013-10-06 00:27 - 2013-10-06 00:27 - 00000983 _____ C:\Users\Public\Desktop\WTFast.lnk2013-10-06 00:27 - 2013-10-06 00:27 - 00000000 ____D C:\Program Files (x86)\WTFast2013-10-06 00:23 - 2012-08-28 05:46 - 00000000 ___RD C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-10-06 00:06 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (2).msi2013-10-06 00:06 - 2013-10-06 00:06 - 04597248 _____ C:\Users\Ates\Downloads\pcap525_x86.msi2013-10-06 00:06 - 2013-10-06 00:05 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (1).msi2013-10-05 23:50 - 2013-02-23 23:33 - 00000000 ____D C:\Users\Ates\AppData\Local\SmoothpingElite2013-10-05 23:49 - 2013-10-05 23:49 - 00004604 _____ C:\PBUninstaller.log2013-10-05 23:49 - 2013-02-23 23:33 - 00000000 ____D C:\Program Files (x86)\Smoothping Elite2013-10-05 23:45 - 2013-02-23 12:07 - 00000000 ____D C:\Users\Ates\AppData\Local\Lowerping2013-10-05 23:43 - 2013-04-01 14:11 - 00000000 ____D C:\Users\Ates\AppData\Roaming\GameRanger2013-10-05 23:41 - 2013-08-21 10:59 - 00000000 ____D C:\Users\Ates\AppData\Local\BattlePing2013-10-05 23:39 - 2013-10-05 23:38 - 01912363 _____ C:\Users\Ates\Downloads\WinMTR-v092.zip2013-10-05 23:39 - 2013-09-16 00:38 - 00004318 _____ C:\windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan2013-10-05 23:01 - 2009-07-13 22:08 - 00032582 _____ C:\windows\Tasks\SCHEDLGU.TXT2013-10-05 22:23 - 2013-10-05 22:23 - 01644848 _____ ( ) C:\Users\Ates\Downloads\freecap_setup_eng.exe2013-10-05 05:48 - 2013-08-28 22:05 - 00001586 _____ C:\windows\Sandboxie.ini2013-10-05 05:42 - 2013-10-05 05:42 - 00003152 _____ C:\windows\System32\Tasks\{39288CD3-FEAA-4881-86E4-EFD40BF84C21}2013-10-05 05:40 - 2013-10-05 05:40 - 04361633 _____ ( ) C:\Users\Ates\Downloads\widecap_setup.en.1.5 (2).exe2013-10-05 05:39 - 2013-10-05 05:39 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64.msi2013-10-05 05:39 - 2013-10-05 05:39 - 00928100 _____ C:\Users\Ates\Downloads\smoothping (1).zip2013-10-05 05:18 - 2012-06-12 18:15 - 00002820 _____ C:\windows\System32\Tasks\ModeShift2013-10-04 21:25 - 2012-08-30 22:07 - 00000000 ____D C:\Users\Ates\AppData\Roaming\SoftGrid Client2013-10-03 10:59 - 2012-11-20 04:59 - 00000000 ____D C:\Program Files (x86)\PasswordBox2013-09-30 13:02 - 2013-09-30 13:02 - 00002452 _____ C:\windows\SysWOW64\APConfig.xml2013-09-30 13:02 - 2013-09-30 13:02 - 00001738 _____ C:\windows\SysWOW64\EmailAVConfig.xml2013-09-30 13:02 - 2013-09-30 13:02 - 00000502 _____ C:\windows\SysWOW64\HIPSConfig.xml2013-09-30 13:02 - 2012-06-12 18:00 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2013-09-30 13:02 - 2012-06-12 18:00 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2013-09-30 13:01 - 2012-06-12 18:00 - 00003494 _____ C:\windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d2013-09-30 13:01 - 2012-06-12 18:00 - 00003190 _____ C:\windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon2013-09-30 12:51 - 2012-06-12 18:04 - 00003394 _____ C:\windows\System32\Tasks\MovieColorEnhancer2013-09-30 12:51 - 2012-06-12 18:04 - 00003220 _____ C:\windows\System32\Tasks\Easy Software Manager Agent2013-09-30 12:49 - 2012-06-12 18:04 - 00003502 _____ C:\windows\System32\Tasks\EasySpeedUpManager2013-09-30 12:49 - 2012-06-12 18:04 - 00003448 _____ C:\windows\System32\Tasks\SmartSetting2013-09-30 12:48 - 2012-06-12 18:04 - 00003212 _____ C:\windows\System32\Tasks\EasyDisplayMgr2013-09-30 12:44 - 2012-06-12 18:06 - 00003216 _____ C:\windows\System32\Tasks\advSRS52013-09-30 12:44 - 2012-06-12 18:04 - 00003294 _____ C:\windows\System32\Tasks\EasyBatteryManager2013-09-30 12:42 - 2012-06-12 18:14 - 00003320 _____ C:\windows\System32\Tasks\SamsungSupportCenter2013-09-30 12:14 - 2012-06-12 18:17 - 00003150 _____ C:\windows\System32\Tasks\MirageAgent2013-09-30 02:31 - 2013-09-13 09:34 - 00000000 ____D C:\windows\pss2013-09-30 02:23 - 2012-10-28 12:03 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job2013-09-30 02:23 - 2012-10-28 12:03 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job2013-09-30 02:23 - 2012-08-28 05:56 - 00001026 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job2013-09-30 02:23 - 2012-08-28 05:56 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job2013-09-30 02:20 - 2013-09-30 01:21 - 00003330 _____ C:\windows\System32\Tasks\LaglessUI-Service2013-09-30 02:20 - 2013-09-14 22:07 - 00003172 _____ C:\windows\System32\Tasks\Razer_Game_Booster_AutoUpdate2013-09-30 02:20 - 2013-09-10 19:48 - 00003114 _____ C:\windows\System32\Tasks\YourFile DownloaderUpdate2013-09-30 02:20 - 2012-10-28 12:03 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA2013-09-30 02:20 - 2012-10-28 12:03 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core2013-09-30 02:20 - 2012-09-18 00:12 - 00002952 _____ C:\windows\System32\Tasks\{E08E35BE-FAE1-4E03-99F9-1C7564CD9F5C}2013-09-30 02:20 - 2012-09-02 22:52 - 00003500 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Ates-PC-Ates2013-09-30 02:20 - 2012-08-28 05:56 - 00004006 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA2013-09-30 02:20 - 2012-08-28 05:56 - 00003610 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core2013-09-30 02:00 - 2012-09-02 22:26 - 00000000 ____D C:\Users\Ates\AppData\Local\Adobe2013-09-30 01:42 - 2013-09-27 11:41 - 00002850 _____ C:\autoupdate.log2013-09-30 01:21 - 2013-09-30 01:21 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaglessProxy2013-09-30 00:00 - 2013-09-30 00:00 - 00000020 _____ C:\windows\0÷%2013-09-30 00:00 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\WinPatrol2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Program Files (x86)\BillP Studios2013-09-29 23:39 - 2013-04-07 05:02 - 00000000 ____D C:\ProgramData\InstallMate2013-09-29 23:38 - 2013-09-29 23:38 - 00907304 _____ (BillP Studios) C:\Users\Ates\Downloads\wpsetup.exe2013-09-29 23:25 - 2013-09-28 19:49 - 00000000 ____D C:\AdwCleaner2013-09-29 21:07 - 2012-09-09 15:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\DAEMON Tools Lite2013-09-29 21:07 - 2012-08-29 10:23 - 00000000 ____D C:\Users\Ates\Tracing2013-09-29 21:05 - 2013-09-29 21:04 - 00000000 ____D C:\Program Files\CCleaner2013-09-29 21:04 - 2013-09-29 21:04 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC2013-09-29 21:03 - 2013-09-29 21:03 - 04429440 _____ (Piriform Ltd) C:\Users\Ates\Downloads\ccsetup404.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2013-09-29 21:03 - 2013-09-29 21:03 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\ProgramData\Oracle2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\Program Files (x86)\Java2013-09-29 21:03 - 2012-08-28 10:25 - 00868264 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll2013-09-29 21:03 - 2012-08-28 10:25 - 00790440 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll2013-09-29 21:02 - 2013-09-29 21:02 - 00913832 _____ (Oracle Corporation) C:\Users\Ates\Downloads\chromeinstall-7u40.exe2013-09-29 21:01 - 2012-09-02 22:26 - 00000000 ____D C:\ProgramData\Adobe2013-09-29 21:01 - 2012-09-02 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe2013-09-29 20:56 - 2013-09-29 20:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ates\Downloads\revosetup.exe2013-09-29 20:56 - 2013-09-29 20:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2013-09-29 20:51 - 2013-09-29 20:51 - 02637824 _____ (TODO: <Company name>) C:\Users\Ates\Downloads\Gorilla_Uninstaller_Download_File.exe2013-09-29 17:21 - 2013-09-29 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\adawarebp2013-09-29 11:51 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default2013-09-29 01:05 - 2013-09-29 01:05 - 00000000 ____D C:\windows\ERUNT2013-09-29 00:59 - 2013-09-29 00:59 - 01030305 _____ (Thisisu) C:\Users\Ates\Downloads\JRT.exe2013-09-29 00:57 - 2013-09-29 00:57 - 01042066 _____ C:\Users\Ates\Downloads\AdwCleaner (1).exe2013-09-29 00:38 - 2013-09-29 00:19 - 737013724 _____ C:\Users\Ates\Downloads\KO100-Client-Beta-2-Released-d.rar2013-09-28 22:19 - 2013-09-28 22:19 - 00688992 ____R (Swearware) C:\Users\Ates\Downloads\dds.com2013-09-28 20:17 - 2013-09-28 20:17 - 00001898 _____ C:\windows\system32\.crusader2013-09-28 20:17 - 2013-09-28 20:08 - 00000000 ____D C:\ProgramData\HitmanPro2013-09-28 20:08 - 2013-09-28 20:08 - 00000000 ____D C:\Program Files\HitmanPro2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Malwarebytes2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-28 19:52 - 2012-12-14 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-28 19:48 - 2013-09-28 19:48 - 09879648 _____ (SurfRight B.V.) C:\Users\Ates\Downloads\HitmanPro_x64.exe2013-09-28 19:47 - 2013-09-28 19:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ates\Downloads\mbam-setup-1.75.0.1300.exe2013-09-28 19:47 - 2013-09-28 19:47 - 01042066 _____ C:\Users\Ates\Downloads\adwcleaner.exe2013-09-28 08:07 - 2013-09-29 00:23 - 678011494 _____ C:\Users\Ates\Downloads\Knight_Kingdom (1).rar2013-09-27 11:44 - 2013-09-27 11:44 - 00000000 ____D C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_2013-09-27 11:37 - 2013-09-27 11:37 - 04273808 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetupFR.3.0.1.12.exe2013-09-26 22:40 - 2013-09-26 21:46 - 608749959 _____ C:\Users\Ates\Downloads\YataganOnline.rar2013-09-26 21:48 - 2013-09-26 21:48 - 08711779 _____ C:\Users\Ates\Downloads\Manuel.zip2013-09-26 12:43 - 2013-09-26 12:43 - 00007617 _____ C:\Users\Ates\AppData\Local\Resmon.ResmonCfg2013-09-26 12:36 - 2013-09-26 12:36 - 00863610 _____ C:\Users\Ates\Downloads\amr501dm.rar2013-09-24 07:08 - 2013-09-24 07:08 - 00771986 _____ C:\Users\Ates\Downloads\Outlook (2).zip2013-09-23 04:30 - 2013-09-23 04:30 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29 (1).ppt2013-09-23 04:26 - 2013-09-23 04:26 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29.ppt2013-09-23 04:25 - 2013-09-23 04:25 - 00376832 _____ C:\Users\Ates\Downloads\Chapter 2 Part 3 %282013%29.ppt2013-09-22 01:00 - 2013-09-22 01:00 - 00000000 _____ C:\windows\setuperr.log2013-09-20 22:18 - 2013-09-20 22:18 - 01475192 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetup.2.13.2.0 (1).exe2013-09-20 11:21 - 2013-09-20 11:21 - 00000000 _____ C:\Users\Ates\agent.log2013-09-20 11:21 - 2012-08-28 05:45 - 00000000 ____D C:\Users\Ates2013-09-20 03:34 - 2013-09-20 03:34 - 01466856 _____ (Initex & AAA Internet Publishing ) C:\Users\Ates\Downloads\WTFastSetup.2.0.1.3.exe2013-09-20 03:15 - 2013-09-17 13:53 - 00000000 ____D C:\Program Files (x86)\SmarttürkWebTV-V0.062013-09-20 03:15 - 2012-12-06 17:36 - 00000000 ____D C:\windows\SysWOW64\SysInfo2013-09-20 03:15 - 2012-10-24 19:34 - 00000000 ____D C:\Users\Ates\AppData\Roaming\TeamViewer2013-09-20 03:15 - 2012-10-01 15:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ventrilo2013-09-20 03:15 - 2012-05-06 22:07 - 00000000 ____D C:\windows\MSetup2013-09-20 03:15 - 2011-02-11 12:57 - 00000000 ____D C:\windows\Panther2013-09-18 13:23 - 2013-09-18 13:21 - 00000000 ____D C:\Program Files (x86)\SexyKO2013-09-18 02:05 - 2013-09-18 02:05 - 04512276 _____ C:\Users\Ates\Downloads\Outlook (1).zip2013-09-17 13:54 - 2013-09-17 13:54 - 00000000 ____D C:\Users\Ates\AppData\Local\Geckofx2013-09-17 13:53 - 2013-09-17 13:53 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmarttürkWebTV-V0.062013-09-17 13:53 - 2012-08-30 22:06 - 00774412 _____ C:\windows\SysWOW64\PerfStringBackup.INI2013-09-17 13:51 - 2013-09-17 13:50 - 22453185 _____ C:\Users\Ates\Downloads\Versiyon0.06.rar2013-09-17 13:50 - 2013-09-17 13:50 - 00889416 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\dotNetFx40_Full_setup (1).exe2013-09-16 22:41 - 2013-04-24 01:02 - 00000000 ____D C:\Program Files (x86)\NvidiaInspector2013-09-16 22:41 - 2013-02-23 23:33 - 00000000 ____D C:\Users\Ates\Smoothping2013-09-16 22:41 - 2012-10-02 19:44 - 00000000 ____D C:\Users\Ates\AppData\Local\gctmp2013-09-16 22:41 - 2012-09-17 23:21 - 00000000 ____D C:\Program Files (x86)\Creative Element Power Tools2013-09-16 22:27 - 2013-09-16 22:27 - 01027698 _____ C:\Users\Ates\Downloads\patch1011.zip2013-09-16 22:27 - 2013-09-16 22:27 - 01027443 _____ C:\Users\Ates\Downloads\patch1010.zip2013-09-16 22:26 - 2013-09-16 22:18 - 164766027 _____ C:\Users\Ates\Downloads\patch1005.zip2013-09-16 22:14 - 2013-09-16 22:14 - 00000000 ____D C:\Users\Ates\Downloads\SexyKO v10002013-09-16 21:42 - 2013-09-15 23:49 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus2013-09-16 12:14 - 2013-09-15 23:48 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner2013-09-16 10:57 - 2013-09-15 23:49 - 00000000 ____D C:\Program Files (x86)\Lavasoft2013-09-16 10:56 - 2013-09-15 23:48 - 00014456 _____ (GFI Software) C:\windows\system32\Drivers\gfibto.sys2013-09-16 10:55 - 2013-09-16 10:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (4).exe2013-09-16 10:52 - 2013-09-16 10:52 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Lavasoft2013-09-16 10:51 - 2013-09-16 10:51 - 09368992 _____ (Lavasoft) C:\Users\Ates\Downloads\Lavasoft_Registry_Tuner_v.2.0.0.exe2013-09-16 10:51 - 2013-09-16 10:51 - 00000000 ____D C:\Program Files\Lavasoft2013-09-16 10:51 - 2012-09-09 17:24 - 00002030 _____ C:\02013-09-16 10:49 - 2013-09-16 10:49 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (3).exe2013-09-16 10:45 - 2013-09-16 10:45 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (2).exe2013-09-16 10:37 - 2013-09-16 10:37 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (1).exe2013-09-16 10:32 - 2013-09-16 00:38 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus2013-09-16 10:27 - 2013-09-10 20:01 - 00003722 _____ C:\Users\Ates\Downloads\hs-smc2b.zip2013-09-16 10:26 - 2013-05-16 03:38 - 00002967 _____ C:\Users\Ates\Downloads\APCS6.Act.7z2013-09-16 07:47 - 2012-09-17 20:01 - 00000000 ____D C:\Program Files (x86)\ValentinaKoClient2013-09-16 06:00 - 2013-08-28 21:46 - 00000000 ____D C:\Users\Ates\Documents\KlameKO2013-09-16 00:38 - 2013-09-16 00:38 - 00000000 ____D C:\Users\Ates\AppData\Roaming\LavasoftStatistics2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Lavasoft2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Downloaded Installations2013-09-15 23:47 - 2013-09-15 23:47 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer.exe2013-09-15 06:23 - 2013-09-15 06:23 - 00000000 ____D C:\Users\Ates\Documents\fx2013-09-15 03:59 - 2013-09-15 03:59 - 03203437 _____ (PingBetter) C:\Users\Ates\Downloads\PingBetterSetup3.1.0.1.exe2013-09-15 03:56 - 2013-02-23 12:07 - 00000000 __SHD C:\Users\Ates\wc2013-09-15 03:40 - 2013-09-15 03:39 - 14035465 _____ C:\Users\Ates\Downloads\pz_setup_1.1.6.zip2013-09-15 03:27 - 2013-02-23 23:32 - 05725312 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SmoothpingElite.exe2013-09-15 02:14 - 2013-02-22 11:24 - 430855765 _____ C:\Users\Ates\Downloads\yildizko.rar2013-09-15 02:13 - 2013-08-22 23:22 - 585668566 _____ C:\Users\Ates\Downloads\bian-ko.net.rar2013-09-15 02:12 - 2013-09-14 04:18 - 06982764 _____ C:\Users\Ates\Downloads\TrayhoperEditors-Pvp-Sehri.rar2013-09-15 01:52 - 2013-03-14 00:07 - 00000027 _____ C:\Users\Ates\Downloads\Pedal.rar2013-09-15 01:52 - 2013-02-22 09:56 - 375645617 _____ C:\Users\Ates\Downloads\KnightOnline (1).rar2013-09-15 01:52 - 2013-01-24 19:17 - 677909864 _____ C:\Users\Ates\Downloads\Knight_Online.rar2013-09-15 00:56 - 2013-02-24 02:47 - 00000000 ____D C:\Program Files (x86)\OpenVPN2013-09-15 00:56 - 2012-06-12 18:12 - 00000000 ____D C:\Program Files\Samsung2013-09-15 00:56 - 2012-06-12 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-09-15 00:52 - 2013-09-15 00:52 - 00000000 ____D C:\Users\Ates\AppData\Local\Amazon2013-09-15 00:52 - 2012-09-22 23:51 - 00000000 ____D C:\Program Files (x86)\AC Tool2013-09-15 00:52 - 2012-06-12 18:02 - 00000000 ____D C:\Program Files (x86)\Amazon2013-09-14 23:23 - 2013-09-14 23:23 - 00000038 ___SH C:\Users\Ates\AppData\Local\30cb054b51a6e2f65d62f4.627160002013-09-14 23:23 - 2013-09-14 23:23 - 00000000 __SHD C:\Users\Ates\AppData\Local\icsxml2013-09-14 23:23 - 2013-02-23 12:07 - 00000000 __SHD C:\Users\Ates\AppData\Roaming\wyUpdate AU2013-09-14 23:20 - 2013-09-14 23:20 - 05341777 _____ (Lowerping) C:\Users\Ates\Downloads\Lowerping_1.4.exe2013-09-14 22:06 - 2013-09-14 22:06 - 00000000 ____D C:\Users\Ates\Documents\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Users\Ates\AppData\Local\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\ProgramData\Razer2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Program Files (x86)\Razer2013-09-14 22:05 - 2013-09-14 22:04 - 23832608 _____ (Razer USA Ltd ) C:\Users\Ates\Downloads\Game_Booster_v3.7.0.11.exe2013-09-14 21:57 - 2012-10-01 15:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2013-09-14 21:57 - 2012-09-22 18:44 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jitbit Macro Recorder2013-09-14 21:57 - 2012-09-17 17:15 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2013-09-14 21:48 - 2013-09-14 21:47 - 06872237 _____ C:\Users\Ates\Downloads\Cure.rar2013-09-14 21:18 - 2013-09-14 21:18 - 00001291 _____ C:\Users\Ates\Downloads\Pingfix.rar2013-09-14 18:35 - 2013-09-14 18:34 - 06091510 _____ C:\Users\Ates\Downloads\LaglessProxy1.1 (1).exe2013-09-14 04:36 - 2013-09-14 04:36 - 00000000 ____D C:\Users\Ates\AppData\Local\Microsoft_Corporation2013-09-14 04:36 - 2013-09-14 04:31 - 00000000 ____D C:\Program Files\Microsoft SQL Server2013-09-14 04:35 - 2013-09-14 04:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server2013-09-14 04:30 - 2013-09-14 04:30 - 86525456 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SQLEXPR_x64_ENU.exe2013-09-13 23:22 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF2013-09-11 05:22 - 2013-08-20 11:04 - 00000000 ____D C:\Users\Ates\AppData\Local\NETGEARGenie2013-09-11 05:19 - 2013-09-10 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Open Download Manager2013-09-10 20:14 - 2012-09-17 18:12 - 00000000 ____D C:\windows\SysWOW64\Extensions2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\modules2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\js2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\css2013-09-10 19:50 - 2013-09-10 19:50 - 00000000 ____D C:\Users\Ates\AppData\Local\avgchrome2013-09-10 19:47 - 2013-09-10 19:47 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup1.exe2013-09-10 19:32 - 2013-09-10 19:32 - 00000000 ____D C:\ProgramData\KLC2013-09-10 19:32 - 2013-09-10 19:31 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup.exe2013-09-10 19:32 - 2013-09-10 19:15 - 00000000 ____D C:\Program Files (x86)\KLC2013-09-10 19:26 - 2013-09-10 19:26 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup (1).exe2013-09-10 19:26 - 2013-09-10 19:26 - 01300888 _____ (Koyote-Lab Inc.) C:\Users\Ates\Downloads\FuzeZipSetup-r140-w-bc.exe2013-09-10 19:15 - 2013-09-10 19:15 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 03:33 ==================== End Of Log ============================
  21. Attach.txt : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 28.08.2012 05:45:27 System Uptime: 09.10.2013 09:28:11 (1 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SAMSUNG_NP1234567890 Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 1587/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 677 GiB total, 519,438 GiB free. D: is FIXED (NTFS) - 699 GiB total, 698,021 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1E4FF4C&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1E4FF4C&0&01 Service: vwifimp . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Browsing Protection Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader XI (11.0.04) Agatha Christie - Death on the Nile Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.1.09.02 AutoIt v3.3.8.1 Axife Mouse Recorder DEMO 5.01 Bandicam Bandisoft MPEG-1 Decoder Bejeweled 2 Deluxe Bonjour Build-a-lot CCleaner cFosSpeed v5.00 Chuzzle Deluxe Compatibility Pack for the 2007 Office system Creative Element Power Tools Creo Direct Version 2.0 Datecode [M010] Creo Layout Version 2.0 Datecode [M010] Creo Parametric Version 2.0 Datecode [M010] Creo Platform 2.9 Creo Simulate Version 2.0 Datecode [M010] Creo Thumbnail Viewer 2.0 CyberLink Media Suite CyberLink MediaShow CyberLink Power2Go CyberLink PowerDirector CyberLink PowerDVD 10 CyberLink YouCam D3DX10 DAEMON Tools Lite Diner Dash 2 Restaurant Rescue Dolby Home Theater v4 E-POP Easy File Share Easy Migration Easy Settings Easy Software Manager Easy Support Center 1.0 ETDWare PS/2-X64 10.7.14.12_WHQL ExpressCache Facebook Video Calling 1.2.0.287 Farm Frenzy File Properties Changer Google Chrome HitmanPro 3.7 HP Deskjet 2510 series Basic Device Software HP Deskjet 2510 series Help HP Deskjet 2510 series Product Improvement Study HP Deskjet 2510 series Setup Guide HP Photo Creations HP Update Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client iTunes Java 7 Update 40 Java Auto Updater John Deere Drive Green Kaspersky Internet Security 2013 LaglessProxy Lavasoft Registry Tuner Malwarebytes Anti-Malware version 1.75.0.1300 Maple 16 Mathematica Extras 9.0 (3824406) Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Starter 2010 - English Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft SQL Server 2008 Setup Support Files (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 ModeShift MSI Afterburner 2.2.5 MSI Kombustor 2.4.2 NETGEAR Genie Norton Online Backup NVIDIA Control Panel 296.01 NVIDIA Graphics Driver 296.01 NVIDIA HD Audio Driver 1.2.22.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.1111 PasswordBox PDF Settings CS6 Peggle Penguins! Plants vs. Zombies Polar Golfer Proxifier version 3.0 PTC Quality Agent Razer Game Booster Realtek PCIE Card Reader RegCure Pro Revo Uninstaller 1.95 Samsung Recovery Solution 5 Sandboxie 4.04 (64-bit) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype™ 6.1 Smarttürk WebTV v0.05 SmarttürkWebTV-V0.06 Software Launcher TeamSpeak 3 Client TeamViewer 8 TechPowerUp GPU-Z TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client for Windows x64 VLC media player 2.0.3 WildTangent Games WildTangent ORB Game Console Window Hide Tool 2.0 WinPatrol WinRAR 4.20 (64-bit) Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060) WTFast 3.0 Beta 12 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 09.10.2013 09:49:38, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 09.10.2013 09:49:29, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 09.10.2013 09:28:50, Error: Service Control Manager [7023] - The AMD External Events Utility .NET. service terminated with the following error: The system cannot find the file specified. 06.10.2013 22:45:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 06.10.2013 22:45:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa8000a744b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: . 06.10.2013 14:27:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 06.10.2013 01:06:45, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). 05.10.2013 23:03:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 05.10.2013 23:03:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 05.10.2013 23:03:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 05.10.2013 23:03:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 05.10.2013 23:02:35, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 23:01:35, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 05.10.2013 16:05:19, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting. . ==== End Of File =========================== DDS.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Ates at 10:34:20 on 2013-10-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16355.12990 [GMT -7:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\PasswordBox\pbbtnService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\wuauclt.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot uRun: [WTFast Tray] "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" StartupFolder: C:\Users\Ates\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AD-AWA~1.LNK - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll LSP: %SystemRoot%\system32\WTFastDrv.dll TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\2375942554531313 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727 : DHCPNameServer = 195.175.39.40 195.175.39.39 TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\E45445745414250333D25374 : DHCPNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{735D444F-D725-45E8-85A7-38BBCD3072ED} : DHCPNameServer = 65.32.5.111 65.32.5.112 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-6-12 80688] R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-9-15 14456] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-31 16152] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-9-9 283200] R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-6-12 23344] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-6-12 13824] R1 SbFw;SbFw;C:\windows\System32\drivers\SbFw.sys [2013-9-16 258848] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-28 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-28 701512] R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-9-13 67584] R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-12 31624] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2012-9-12 82872] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-6-12 7680] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720] R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-4-29 258896] R3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-9-16 41032] R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-31 355096] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-31 786200] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29528] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-28 25928] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-6-12 340584] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-12 648808] R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\windows\System32\drivers\SbFwIm.sys [2013-9-16 120064] R3 SBHIPS;SBHIPS;C:\windows\System32\drivers\sbhips.sys [2013-9-16 61216] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384] R3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2012-9-20 86816] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/13 11:11:00;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-19 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584] S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912] S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\windows\System32\drivers\SbFwIm.sys [2013-9-16 120064] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-9-14 14544] S4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S4 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-22 79664] S4 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-28 109352] S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-12 2439272] S4 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-12 128280] S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-12 161560] S4 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528] S4 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192] S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-5-1 4710040] S4 Sendoriv1;Sendoriv1;C:\Program Files (x86)\Sendori\SendoriSvc.exe --> C:\Program Files (x86)\Sendori\SendoriSvc.exe [?] S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-11 3467768] S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792] S4 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-12 363800] S4 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] . =============== Created Last 30 ================ . 2013-10-09 15:45:19 -------- d-----w- C:\Users\Ates\AppData\Roaming\Proxifier 2013-10-09 15:44:53 88816 ----a-w- C:\windows\SysWow64\ProxifierShellExt.dll 2013-10-09 15:44:53 73968 ----a-w- C:\windows\System32\PrxerDrv.dll 2013-10-09 15:44:53 67824 ----a-w- C:\windows\SysWow64\PrxerDrv.dll 2013-10-09 15:44:53 55024 ----a-w- C:\windows\System32\PrxerNsp.dll 2013-10-09 15:44:53 54000 ----a-w- C:\windows\SysWow64\PrxerNsp.dll 2013-10-09 15:44:53 100592 ----a-w- C:\windows\System32\ProxifierShellExt.dll 2013-10-09 15:44:52 -------- d-----w- C:\Program Files (x86)\Proxifier 2013-10-08 03:43:05 -------- d-----w- C:\Program Files (x86)\KO100 2013-10-06 07:27:45 79464 ----a-w- C:\windows\System32\WTFastDrv.dll 2013-10-06 07:27:45 72296 ----a-w- C:\windows\SysWow64\WTFastDrv.dll 2013-10-06 07:27:43 -------- d-----w- C:\Program Files (x86)\WTFast 2013-09-30 08:20:59 -------- d-----w- C:\Program Files (x86)\LaglessProxy 2013-09-30 06:39:11 -------- d-----w- C:\Users\Ates\AppData\Roaming\WinPatrol 2013-09-30 06:39:09 -------- d-----w- C:\Program Files (x86)\BillP Studios 2013-09-30 06:30:36 -------- d-sh--w- C:\$RECYCLE.BIN 2013-09-30 04:04:30 -------- d-----w- C:\Program Files\CCleaner 2013-09-30 04:03:42 -------- d-----w- C:\ProgramData\Oracle 2013-09-30 04:03:31 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-30 03:56:35 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2013-09-30 00:21:54 -------- d-----w- C:\Users\Ates\AppData\Local\adawarebp 2013-09-29 08:05:30 -------- d-----w- C:\windows\ERUNT 2013-09-29 08:04:37 -------- d-----w- C:\ProgramData\boost_interprocess 2013-09-29 03:08:41 -------- d-----w- C:\Program Files\HitmanPro 2013-09-29 03:08:22 -------- d-----w- C:\ProgramData\HitmanPro 2013-09-29 02:54:57 -------- d-----w- C:\Users\Ates\AppData\Roaming\Malwarebytes 2013-09-29 02:54:51 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-09-29 02:54:51 -------- d-----w- C:\ProgramData\Malwarebytes 2013-09-29 02:54:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-29 02:49:39 -------- d-----w- C:\AdwCleaner 2013-09-27 18:44:28 -------- d-----w- C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_ 2013-09-24 18:11:35 -------- d-----w- C:\Program Files (x86)\FlameKO 2013-09-18 20:21:18 -------- d-----w- C:\Program Files (x86)\SexyKO 2013-09-17 20:54:46 -------- d-----w- C:\Users\Ates\AppData\Local\Geckofx 2013-09-17 20:53:30 -------- d-----w- C:\Program Files (x86)\SmarttürkWebTV-V0.06 2013-09-16 18:05:18 61216 ----a-w- C:\windows\System32\drivers\sbhips.sys 2013-09-16 18:04:54 258848 ----a-w- C:\windows\System32\drivers\SbFw.sys 2013-09-16 18:04:54 120064 ----a-w- C:\windows\System32\drivers\SbFwIm.sys 2013-09-16 17:57:18 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2013-09-16 17:57:12 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-09-16 17:51:51 -------- d-----w- C:\Program Files\Lavasoft 2013-09-16 17:51:32 47496 ----a-w- C:\windows\System32\sbbd.exe 2013-09-16 11:35:09 41032 ----a-w- C:\windows\System32\drivers\gfiark.sys 2013-09-16 07:38:00 -------- d-----w- C:\Users\Ates\AppData\Roaming\LavasoftStatistics 2013-09-16 07:38:00 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus 2013-09-16 06:49:39 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2013-09-16 06:49:29 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-09-16 06:49:11 -------- d-----w- C:\Program Files (x86)\Lavasoft 2013-09-16 06:48:07 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys 2013-09-16 06:48:07 -------- d-----w- C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus 2013-09-15 11:00:13 307200 ----a-w- C:\windows\SysWow64\pbproxy.dll 2013-09-15 07:52:54 -------- d-----w- C:\Users\Ates\AppData\Local\Amazon 2013-09-15 06:23:11 -------- d-sh--w- C:\Users\Ates\AppData\Local\icsxml 2013-09-15 05:05:47 -------- d-----w- C:\Users\Ates\AppData\Local\Razer 2013-09-15 05:05:23 -------- d-----w- C:\Users\Ates\AppData\Local\Programs 2013-09-15 04:48:23 -------- d-----w- C:\Program Files (x86)\Cure 2013-09-14 11:36:45 -------- d-----w- C:\Users\Ates\AppData\Local\Microsoft_Corporation 2013-09-14 11:34:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2013-09-14 11:31:47 -------- d-----w- C:\Program Files\Microsoft SQL Server 2013-09-13 16:34:17 -------- d-----w- C:\windows\pss 2013-09-13 11:05:05 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\mpengine.dll 2013-09-11 02:54:43 -------- d-----w- C:\Users\Ates\AppData\Roaming\Open Download Manager 2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\modules 2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\js 2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\css 2013-09-11 02:50:31 -------- d-----w- C:\Users\Ates\AppData\Local\avgchrome 2013-09-11 02:47:46 431616 ----a-w- C:\windows\SysWow64\temp.002 2013-09-11 02:32:28 431616 ----a-w- C:\windows\SysWow64\temp.001 2013-09-11 02:32:28 -------- d-----w- C:\ProgramData\KLC 2013-09-11 02:15:37 61491 ----a-w- C:\windows\SysWow64\wbemdisp.TLB 2013-09-11 02:15:37 431616 ----a-w- C:\windows\SysWow64\temp.000 2013-09-11 02:15:37 1077336 ------w- C:\windows\SysWow64\mscomctl.ocx 2013-09-11 02:15:37 -------- d-----w- C:\Program Files (x86)\KLC . ==================== Find3M ==================== . 2013-09-30 04:03:28 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-09-30 04:03:28 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-08-20 18:04:38 369168 ----a-w- C:\windows\System32\wpcap.dll 2013-08-20 18:04:38 35344 ----a-w- C:\windows\System32\drivers\npf.sys 2013-08-20 18:04:38 106000 ----a-w- C:\windows\System32\packet.dll 2013-07-29 20:16:24 54368 ----a-w- C:\windows\System32\drivers\kltdi.sys . ============= FINISH: 10:34:43,73 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.