Jump to content

Virus does not allow me to connect to internet


Recommended Posts

Hello,

I have 3 licenced anti-virus including malwarebytes and I guess my computer is infected again. I was googling about proxifier socks5 proxies and etc, Kaspersky detected a virus and said it is deleted but my internet is gone now and it keeps giving non responde errors when I try to run something. May you please help me?

Best regards

Link to post
Share on other sites

Attach.txt :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28.08.2012 05:45:27
System Uptime: 09.10.2013 09:28:11 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | SAMSUNG_NP1234567890
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 1587/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 519,438 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 698,021 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1E4FF4C&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1E4FF4C&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.04)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoHotkey 1.1.09.02
AutoIt v3.3.8.1
Axife Mouse Recorder DEMO 5.01
Bandicam
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Bonjour
Build-a-lot
CCleaner
cFosSpeed v5.00
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Creative Element Power Tools
Creo Direct Version 2.0 Datecode [M010]
Creo Layout Version 2.0 Datecode [M010]
Creo Parametric Version 2.0 Datecode [M010]
Creo Platform 2.9
Creo Simulate Version 2.0 Datecode [M010]
Creo Thumbnail Viewer 2.0
CyberLink Media Suite
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
DAEMON Tools Lite
Diner Dash 2 Restaurant Rescue
Dolby Home Theater v4
E-POP
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
ETDWare PS/2-X64 10.7.14.12_WHQL
ExpressCache
Facebook Video Calling 1.2.0.287
Farm Frenzy
File Properties Changer
Google Chrome
HitmanPro 3.7
HP Deskjet 2510 series Basic Device Software
HP Deskjet 2510 series Help
HP Deskjet 2510 series Product Improvement Study
HP Deskjet 2510 series Setup Guide
HP Photo Creations
HP Update
Insaniquarium Deluxe
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 40
Java Auto Updater
John Deere Drive Green
Kaspersky Internet Security 2013
LaglessProxy
Lavasoft Registry Tuner
Malwarebytes Anti-Malware version 1.75.0.1300
Maple 16
Mathematica Extras 9.0 (3824406)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
ModeShift
MSI Afterburner 2.2.5
MSI Kombustor 2.4.2
NETGEAR Genie
Norton Online Backup
NVIDIA Control Panel 296.01
NVIDIA Graphics Driver 296.01
NVIDIA HD Audio Driver 1.2.22.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.1111
PasswordBox
PDF Settings CS6
Peggle
Penguins!
Plants vs. Zombies
Polar Golfer
Proxifier version 3.0
PTC Quality Agent
Razer Game Booster
Realtek PCIE Card Reader
RegCure Pro
Revo Uninstaller 1.95
Samsung Recovery Solution 5
Sandboxie 4.04 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 6.1
Smarttürk WebTV v0.05
SmarttürkWebTV-V0.06
Software Launcher
TeamSpeak 3 Client
TeamViewer 8
TechPowerUp GPU-Z
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client for Windows x64
VLC media player 2.0.3
WildTangent Games
WildTangent ORB Game Console
Window Hide Tool 2.0
WinPatrol
WinRAR 4.20 (64-bit)
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060)
WTFast 3.0 Beta 12
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
09.10.2013 09:49:38, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
09.10.2013 09:49:29, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
09.10.2013 09:28:50, Error: Service Control Manager [7023]  - The AMD External Events Utility .NET. service terminated with the following error:  The system cannot find the file specified.
06.10.2013 22:45:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file.
06.10.2013 22:45:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa8000a744b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: .
06.10.2013 14:27:55, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
06.10.2013 01:06:45, Error: Service Control Manager [7034]  - The Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).
05.10.2013 23:03:35, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
05.10.2013 23:03:35, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.
05.10.2013 23:03:35, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
05.10.2013 23:03:35, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:  An instance of the service is already running.
05.10.2013 23:02:35, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 23:01:35, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.10.2013 16:05:19, Error: Service Control Manager [7022]  - The Ad-Aware service hung on starting.
.
==== End Of File ===========================
 

 

DDS.txt  :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Ates at 10:34:20 on 2013-10-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16355.12990 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wuauclt.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mStart Page = about:blank
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [WTFast Tray] "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\Ates\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AD-AWA~1.LNK - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
LSP: %SystemRoot%\system32\WTFastDrv.dll
TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\2375942554531313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727 : DHCPNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\E45445745414250333D25374 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{735D444F-D725-45E8-85A7-38BBCD3072ED} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [sBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-6-12 80688]
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-9-15 14456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-31 16152]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-9-9 283200]
R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-6-12 23344]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-6-12 13824]
R1 SbFw;SbFw;C:\windows\System32\drivers\SbFw.sys [2013-9-16 258848]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-28 701512]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-9-13 67584]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-12 31624]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SGDrv;SGDrv;C:\windows\System32\drivers\SGDrv64.sys [2012-6-12 7680]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-4-29 258896]
R3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-9-16 41032]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-31 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-31 786200]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-28 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-6-12 340584]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-12 648808]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\windows\System32\drivers\SbFwIm.sys [2013-9-16 120064]
R3 SBHIPS;SBHIPS;C:\windows\System32\drivers\sbhips.sys [2013-9-16 61216]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 sbwtis;sbwtis;C:\windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/13 11:11:00;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-19 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\windows\System32\drivers\SbFwIm.sys [2013-9-16 120064]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-9-14 14544]
S4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S4 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-22 79664]
S4 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-28 109352]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-12 2439272]
S4 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-12 128280]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-12 161560]
S4 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S4 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-5-1 4710040]
S4 Sendoriv1;Sendoriv1;C:\Program Files (x86)\Sendori\SendoriSvc.exe --> C:\Program Files (x86)\Sendori\SendoriSvc.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-11 3467768]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792]
S4 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-12 363800]
S4 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
.
=============== Created Last 30 ================
.
2013-10-09 15:45:19 -------- d-----w- C:\Users\Ates\AppData\Roaming\Proxifier
2013-10-09 15:44:53 88816 ----a-w- C:\windows\SysWow64\ProxifierShellExt.dll
2013-10-09 15:44:53 73968 ----a-w- C:\windows\System32\PrxerDrv.dll
2013-10-09 15:44:53 67824 ----a-w- C:\windows\SysWow64\PrxerDrv.dll
2013-10-09 15:44:53 55024 ----a-w- C:\windows\System32\PrxerNsp.dll
2013-10-09 15:44:53 54000 ----a-w- C:\windows\SysWow64\PrxerNsp.dll
2013-10-09 15:44:53 100592 ----a-w- C:\windows\System32\ProxifierShellExt.dll
2013-10-09 15:44:52 -------- d-----w- C:\Program Files (x86)\Proxifier
2013-10-08 03:43:05 -------- d-----w- C:\Program Files (x86)\KO100
2013-10-06 07:27:45 79464 ----a-w- C:\windows\System32\WTFastDrv.dll
2013-10-06 07:27:45 72296 ----a-w- C:\windows\SysWow64\WTFastDrv.dll
2013-10-06 07:27:43 -------- d-----w- C:\Program Files (x86)\WTFast
2013-09-30 08:20:59 -------- d-----w- C:\Program Files (x86)\LaglessProxy
2013-09-30 06:39:11 -------- d-----w- C:\Users\Ates\AppData\Roaming\WinPatrol
2013-09-30 06:39:09 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-09-30 06:30:36 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-30 04:04:30 -------- d-----w- C:\Program Files\CCleaner
2013-09-30 04:03:42 -------- d-----w- C:\ProgramData\Oracle
2013-09-30 04:03:31 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-30 03:56:35 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-09-30 00:21:54 -------- d-----w- C:\Users\Ates\AppData\Local\adawarebp
2013-09-29 08:05:30 -------- d-----w- C:\windows\ERUNT
2013-09-29 08:04:37 -------- d-----w- C:\ProgramData\boost_interprocess
2013-09-29 03:08:41 -------- d-----w- C:\Program Files\HitmanPro
2013-09-29 03:08:22 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-29 02:54:57 -------- d-----w- C:\Users\Ates\AppData\Roaming\Malwarebytes
2013-09-29 02:54:51 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-29 02:54:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-29 02:54:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-29 02:49:39 -------- d-----w- C:\AdwCleaner
2013-09-27 18:44:28 -------- d-----w- C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_
2013-09-24 18:11:35 -------- d-----w- C:\Program Files (x86)\FlameKO
2013-09-18 20:21:18 -------- d-----w- C:\Program Files (x86)\SexyKO
2013-09-17 20:54:46 -------- d-----w- C:\Users\Ates\AppData\Local\Geckofx
2013-09-17 20:53:30 -------- d-----w- C:\Program Files (x86)\SmarttürkWebTV-V0.06
2013-09-16 18:05:18 61216 ----a-w- C:\windows\System32\drivers\sbhips.sys
2013-09-16 18:04:54 258848 ----a-w- C:\windows\System32\drivers\SbFw.sys
2013-09-16 18:04:54 120064 ----a-w- C:\windows\System32\drivers\SbFwIm.sys
2013-09-16 17:57:18 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-09-16 17:57:12 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-09-16 17:51:51 -------- d-----w- C:\Program Files\Lavasoft
2013-09-16 17:51:32 47496 ----a-w- C:\windows\System32\sbbd.exe
2013-09-16 11:35:09 41032 ----a-w- C:\windows\System32\drivers\gfiark.sys
2013-09-16 07:38:00 -------- d-----w- C:\Users\Ates\AppData\Roaming\LavasoftStatistics
2013-09-16 07:38:00 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-09-16 06:49:39 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-16 06:49:29 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-09-16 06:49:11 -------- d-----w- C:\Program Files (x86)\Lavasoft
2013-09-16 06:48:07 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys
2013-09-16 06:48:07 -------- d-----w- C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus
2013-09-15 11:00:13 307200 ----a-w- C:\windows\SysWow64\pbproxy.dll
2013-09-15 07:52:54 -------- d-----w- C:\Users\Ates\AppData\Local\Amazon
2013-09-15 06:23:11 -------- d-sh--w- C:\Users\Ates\AppData\Local\icsxml
2013-09-15 05:05:47 -------- d-----w- C:\Users\Ates\AppData\Local\Razer
2013-09-15 05:05:23 -------- d-----w- C:\Users\Ates\AppData\Local\Programs
2013-09-15 04:48:23 -------- d-----w- C:\Program Files (x86)\Cure
2013-09-14 11:36:45 -------- d-----w- C:\Users\Ates\AppData\Local\Microsoft_Corporation
2013-09-14 11:34:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-09-14 11:31:47 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-09-13 16:34:17 -------- d-----w- C:\windows\pss
2013-09-13 11:05:05 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\mpengine.dll
2013-09-11 02:54:43 -------- d-----w- C:\Users\Ates\AppData\Roaming\Open Download Manager
2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\modules
2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\js
2013-09-11 02:54:21 -------- d-----w- C:\windows\SysWow64\css
2013-09-11 02:50:31 -------- d-----w- C:\Users\Ates\AppData\Local\avgchrome
2013-09-11 02:47:46 431616 ----a-w- C:\windows\SysWow64\temp.002
2013-09-11 02:32:28 431616 ----a-w- C:\windows\SysWow64\temp.001
2013-09-11 02:32:28 -------- d-----w- C:\ProgramData\KLC
2013-09-11 02:15:37 61491 ----a-w- C:\windows\SysWow64\wbemdisp.TLB
2013-09-11 02:15:37 431616 ----a-w- C:\windows\SysWow64\temp.000
2013-09-11 02:15:37 1077336 ------w- C:\windows\SysWow64\mscomctl.ocx
2013-09-11 02:15:37 -------- d-----w- C:\Program Files (x86)\KLC
.
==================== Find3M  ====================
.
2013-09-30 04:03:28 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-09-30 04:03:28 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-08-20 18:04:38 369168 ----a-w- C:\windows\System32\wpcap.dll
2013-08-20 18:04:38 35344 ----a-w- C:\windows\System32\drivers\npf.sys
2013-08-20 18:04:38 106000 ----a-w- C:\windows\System32\packet.dll
2013-07-29 20:16:24 54368 ----a-w- C:\windows\System32\drivers\kltdi.sys
.
============= FINISH: 10:34:43,73 ===============
 

Link to post
Share on other sites

There are two security systems running on your system Kaspersky and Lavasoft, that is counterproductive and will cause major issues. You must UNinstall one of those, your choice...

 

Next..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

I will delete one of them. Thanks for warning me about it.

 

FRST.txt  :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Ates (administrator) on ATES-PC on 09-10-2013 11:15:23
Running from C:\Users\Ates\Desktop\Virus
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [sBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)
HKCU\...\Run: [WTFast Tray] - C:\Program Files (x86)\WTFast\WTFast.exe [2483672 2013-09-25] (AAA Internet Publishing, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
Startup: C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnk
ShortcutTarget: Ad-Aware Antivirus.lnk -> C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 -  No Name - {72cabc40-64b2-46ed-8648-26d831761150} -  No File
Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKCU -  No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 02 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 03 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 04 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9 16 %SystemRoot%\system32\WTFastDrv.dll [72296] (Initex)
Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Winsock: Catalog9-x64 16 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Ates\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Ates\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ates\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Wolfram Mathematica) - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Ates\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Ates\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (GorillaPrice offer) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0
CHR Extension: () - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1
CHR Extension: (Safe Money) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Virtual Keyboard) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Anti-Banner) - C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
 
==================== Services (Whitelisted) =================
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-15] (Kaspersky Lab ZAO)
S4 cFosSpeedS; C:\Program Files\Topos\cFosSpeed\spd.exe [559320 2009-10-30] (cFos Software GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-19] (CyberLink)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)
S2 FastUserSwitchingCompatibility; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-28] (SurfRight B.V.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4710040 2012-05-01] (Symantec Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-13] (PasswordBox, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-12] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-09-19] (TuneUp Software)
S4 Sendoriv1; C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed.sys [1222360 2009-10-30] (cFos Software GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-09] (DT Soft Ltd)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-16] (GFI Software)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-19] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-19] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S4 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-18] (TuneUp Software)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-09 11:15 - 2013-10-09 11:15 - 00000000 ____D C:\FRST
2013-10-09 11:14 - 2013-10-09 11:14 - 00030688 _____ C:\ComboFix.txt
2013-10-09 11:02 - 2011-06-25 23:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-09 11:02 - 2010-11-07 10:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-09 11:02 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-09 11:02 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-09 11:02 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-09 11:02 - 2000-08-30 17:00 - 00098816 _____ C:\windows\sed.exe
2013-10-09 11:02 - 2000-08-30 17:00 - 00080412 _____ C:\windows\grep.exe
2013-10-09 11:02 - 2000-08-30 17:00 - 00068096 _____ C:\windows\zip.exe
2013-10-09 10:55 - 2013-10-09 11:14 - 00000000 ____D C:\Qoobox
2013-10-09 10:36 - 2013-10-09 10:37 - 00000000 ____D C:\Users\Ates\Desktop\Virus
2013-10-09 10:34 - 2013-10-09 10:34 - 00022538 _____ C:\Users\Ates\Desktop\dds.txt
2013-10-09 10:34 - 2013-10-09 10:34 - 00012976 _____ C:\Users\Ates\Desktop\attach.txt
2013-10-09 08:50 - 2013-10-09 08:50 - 00003144 _____ C:\windows\System32\Tasks\{6098B53F-986A-4DD0-8998-A596C96D83A1}
2013-10-09 08:45 - 2013-10-09 08:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Proxifier
2013-10-09 08:44 - 2013-10-09 08:44 - 00001023 _____ C:\Users\Ates\Desktop\Proxifier.lnk
2013-10-09 08:44 - 2013-10-09 08:44 - 00000000 ____D C:\Program Files (x86)\Proxifier
2013-10-09 08:44 - 2011-05-01 01:32 - 00100592 _____ (Initex) C:\windows\system32\ProxifierShellExt.dll
2013-10-09 08:44 - 2011-05-01 01:32 - 00088816 _____ (Initex) C:\windows\SysWOW64\ProxifierShellExt.dll
2013-10-09 08:44 - 2011-05-01 01:32 - 00073968 _____ (Initex) C:\windows\system32\PrxerDrv.dll
2013-10-09 08:44 - 2011-05-01 01:32 - 00067824 _____ (Initex) C:\windows\SysWOW64\PrxerDrv.dll
2013-10-09 08:44 - 2011-05-01 01:32 - 00055024 _____ C:\windows\system32\PrxerNsp.dll
2013-10-09 08:44 - 2011-05-01 01:32 - 00054000 _____ C:\windows\SysWOW64\PrxerNsp.dll
2013-10-09 08:41 - 2013-10-09 08:41 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (2).zip
2013-10-09 08:41 - 2013-10-09 08:41 - 00000000 ____D C:\Users\Ates\Desktop\lagless
2013-10-09 08:39 - 2013-10-09 08:39 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (1).zip
2013-10-09 08:38 - 2013-10-09 08:38 - 00024092 _____ C:\Users\Ates\Downloads\Lagless_server_list_28_11_2012 (2).zip
2013-10-09 08:38 - 2013-10-09 08:38 - 00002065 _____ C:\Users\Ates\Downloads\settings for proxifier_03_01_2013 (1).zip
2013-10-09 08:10 - 2012-10-13 07:43 - 00000029 _____ C:\Users\Ates\Desktop\Proxifier serial number.txt
2013-10-09 08:10 - 2012-10-03 05:14 - 03691656 _____ (Initex                                                      ) C:\Users\Ates\Desktop\Proxifier.exe
2013-10-09 08:09 - 2013-10-09 08:09 - 03608881 _____ C:\Users\Ates\Downloads\m3393_Proxyfier.zip
2013-10-09 07:56 - 2013-10-09 07:57 - 34374536 _____ C:\Users\Ates\Downloads\WinGate8.0.2.4614-USE.exe
2013-10-09 07:02 - 2013-10-09 07:02 - 00001697 _____ C:\Users\Ates\Desktop\Ping spikes.txt
2013-10-07 20:51 - 2013-10-09 07:44 - 00001401 _____ C:\Users\Ates\Desktop\Launcher - Shortcut.lnk
2013-10-07 20:43 - 2013-10-09 05:43 - 00000000 ____D C:\Program Files (x86)\KO100
2013-10-07 20:28 - 2013-10-07 20:28 - 00002519 _____ C:\Users\Ates\Desktop\Skype.lnk
2013-10-07 20:27 - 2013-10-07 20:27 - 00001995 _____ C:\Users\Ates\Desktop\LaglessProxy.lnk
2013-10-07 02:44 - 2013-10-07 02:44 - 01367552 _____ C:\Users\Ates\Downloads\Chapter 5 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00584192 _____ C:\Users\Ates\Downloads\Chapter 3 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00559616 _____ C:\Users\Ates\Downloads\Chapter 4 Part 2 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00301568 _____ C:\Users\Ates\Downloads\Chapter 4 part 1 %282013%29.ppt
2013-10-06 00:38 - 2013-10-06 00:38 - 00054719 _____ C:\Users\Ates\Downloads\servers (2).zip
2013-10-06 00:27 - 2013-10-06 00:27 - 00000983 _____ C:\Users\Public\Desktop\WTFast.lnk
2013-10-06 00:27 - 2013-10-06 00:27 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-10-06 00:27 - 2013-02-01 07:39 - 00079464 _____ (Initex) C:\windows\system32\WTFastDrv.dll
2013-10-06 00:27 - 2013-02-01 07:39 - 00072296 _____ (Initex) C:\windows\SysWOW64\WTFastDrv.dll
2013-10-06 00:06 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (2).msi
2013-10-06 00:06 - 2013-10-06 00:06 - 04597248 _____ C:\Users\Ates\Downloads\pcap525_x86.msi
2013-10-06 00:05 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (1).msi
2013-10-05 23:49 - 2013-10-05 23:49 - 00004604 _____ C:\PBUninstaller.log
2013-10-05 23:48 - 2013-10-07 20:52 - 00000000 ____D C:\Users\Ates\Desktop\Deskop
2013-10-05 23:38 - 2013-10-05 23:39 - 01912363 _____ C:\Users\Ates\Downloads\WinMTR-v092.zip
2013-10-05 22:23 - 2013-10-05 22:23 - 01644848 _____ (                                                            ) C:\Users\Ates\Downloads\freecap_setup_eng.exe
2013-10-05 05:42 - 2013-10-05 05:42 - 00003152 _____ C:\windows\System32\Tasks\{39288CD3-FEAA-4881-86E4-EFD40BF84C21}
2013-10-05 05:40 - 2013-10-05 05:40 - 04361633 _____ (                                                            ) C:\Users\Ates\Downloads\widecap_setup.en.1.5 (2).exe
2013-10-05 05:39 - 2013-10-05 05:39 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64.msi
2013-10-05 05:39 - 2013-10-05 05:39 - 00928100 _____ C:\Users\Ates\Downloads\smoothping (1).zip
2013-09-30 13:02 - 2013-09-30 13:02 - 00002452 _____ C:\windows\SysWOW64\APConfig.xml
2013-09-30 13:02 - 2013-09-30 13:02 - 00001738 _____ C:\windows\SysWOW64\EmailAVConfig.xml
2013-09-30 13:02 - 2013-09-30 13:02 - 00000502 _____ C:\windows\SysWOW64\HIPSConfig.xml
2013-09-30 01:21 - 2013-09-30 02:20 - 00003330 _____ C:\windows\System32\Tasks\LaglessUI-Service
2013-09-30 01:21 - 2013-09-30 01:21 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaglessProxy
2013-09-30 01:20 - 2013-10-09 07:36 - 00000000 ____D C:\Program Files (x86)\LaglessProxy
2013-09-30 00:00 - 2013-09-30 00:00 - 00000020 _____ C:\windows\0÷%
2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\WinPatrol
2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-29 23:38 - 2013-09-29 23:38 - 00907304 _____ (BillP Studios) C:\Users\Ates\Downloads\wpsetup.exe
2013-09-29 21:04 - 2013-09-29 21:05 - 00000000 ____D C:\Program Files\CCleaner
2013-09-29 21:04 - 2013-09-29 21:04 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-09-29 21:03 - 2013-09-29 21:03 - 04429440 _____ (Piriform Ltd) C:\Users\Ates\Downloads\ccsetup404.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\ProgramData\Oracle
2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-29 21:02 - 2013-09-29 21:02 - 00913832 _____ (Oracle Corporation) C:\Users\Ates\Downloads\chromeinstall-7u40.exe
2013-09-29 20:56 - 2013-09-29 20:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ates\Downloads\revosetup.exe
2013-09-29 20:56 - 2013-09-29 20:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-09-29 20:51 - 2013-09-29 20:51 - 02637824 _____ (TODO: <Company name>) C:\Users\Ates\Downloads\Gorilla_Uninstaller_Download_File.exe
2013-09-29 17:21 - 2013-10-06 22:45 - 987788256 _____ C:\windows\MEMORY.DMP
2013-09-29 17:21 - 2013-09-29 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\adawarebp
2013-09-29 11:41 - 2013-10-09 11:09 - 00000000 ____D C:\windows\erdnt
2013-09-29 01:05 - 2013-09-29 01:05 - 00000000 ____D C:\windows\ERUNT
2013-09-29 01:04 - 2013-10-09 10:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-29 00:59 - 2013-09-29 00:59 - 01030305 _____ (Thisisu) C:\Users\Ates\Downloads\JRT.exe
2013-09-29 00:57 - 2013-09-29 00:57 - 01042066 _____ C:\Users\Ates\Downloads\AdwCleaner (1).exe
2013-09-29 00:23 - 2013-09-28 08:07 - 678011494 _____ C:\Users\Ates\Downloads\Knight_Kingdom (1).rar
2013-09-29 00:19 - 2013-09-29 00:38 - 737013724 _____ C:\Users\Ates\Downloads\KO100-Client-Beta-2-Released-d.rar
2013-09-28 22:19 - 2013-09-28 22:19 - 00688992 ____R (Swearware) C:\Users\Ates\Downloads\dds.com
2013-09-28 20:17 - 2013-09-28 20:17 - 00001898 _____ C:\windows\system32\.crusader
2013-09-28 20:08 - 2013-09-28 20:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-28 20:08 - 2013-09-28 20:08 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Malwarebytes
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 19:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-28 19:49 - 2013-09-29 23:25 - 00000000 ____D C:\AdwCleaner
2013-09-28 19:48 - 2013-09-28 19:48 - 09879648 _____ (SurfRight B.V.) C:\Users\Ates\Downloads\HitmanPro_x64.exe
2013-09-28 19:47 - 2013-09-28 19:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ates\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-28 19:47 - 2013-09-28 19:47 - 01042066 _____ C:\Users\Ates\Downloads\adwcleaner.exe
2013-09-27 11:44 - 2013-09-27 11:44 - 00000000 ____D C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_
2013-09-27 11:41 - 2013-10-09 11:10 - 00024218 _____ C:\windows\PFRO.log
2013-09-27 11:41 - 2013-09-30 01:42 - 00002850 _____ C:\autoupdate.log
2013-09-27 11:37 - 2013-09-27 11:37 - 04273808 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetupFR.3.0.1.12.exe
2013-09-26 21:48 - 2013-09-26 21:48 - 08711779 _____ C:\Users\Ates\Downloads\Manuel.zip
2013-09-26 21:46 - 2013-09-26 22:40 - 608749959 _____ C:\Users\Ates\Downloads\YataganOnline.rar
2013-09-26 12:43 - 2013-09-26 12:43 - 00007617 _____ C:\Users\Ates\AppData\Local\Resmon.ResmonCfg
2013-09-26 12:36 - 2013-09-26 12:36 - 00863610 _____ C:\Users\Ates\Downloads\amr501dm.rar
2013-09-24 11:11 - 2013-10-08 23:43 - 00000000 ____D C:\Program Files (x86)\FlameKO
2013-09-24 07:08 - 2013-09-24 07:08 - 00771986 _____ C:\Users\Ates\Downloads\Outlook (2).zip
2013-09-23 04:30 - 2013-09-23 04:30 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29 (1).ppt
2013-09-23 04:26 - 2013-09-23 04:26 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29.ppt
2013-09-23 04:25 - 2013-09-23 04:25 - 00376832 _____ C:\Users\Ates\Downloads\Chapter 2 Part 3 %282013%29.ppt
2013-09-22 01:00 - 2013-10-09 11:10 - 00003360 _____ C:\windows\setupact.log
2013-09-22 01:00 - 2013-09-22 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-09-20 22:18 - 2013-09-20 22:18 - 01475192 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetup.2.13.2.0 (1).exe
2013-09-20 11:21 - 2013-09-20 11:21 - 00000000 _____ C:\Users\Ates\agent.log
2013-09-20 03:34 - 2013-09-20 03:34 - 01466856 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetup.2.0.1.3.exe
2013-09-18 13:21 - 2013-09-18 13:23 - 00000000 ____D C:\Program Files (x86)\SexyKO
2013-09-18 02:05 - 2013-09-18 02:05 - 04512276 _____ C:\Users\Ates\Downloads\Outlook (1).zip
2013-09-17 13:54 - 2013-09-17 13:54 - 00000000 ____D C:\Users\Ates\AppData\Local\Geckofx
2013-09-17 13:53 - 2013-09-20 03:15 - 00000000 ____D C:\Program Files (x86)\SmarttürkWebTV-V0.06
2013-09-17 13:53 - 2013-09-17 13:53 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmarttürkWebTV-V0.06
2013-09-17 13:50 - 2013-09-17 13:51 - 22453185 _____ C:\Users\Ates\Downloads\Versiyon0.06.rar
2013-09-17 13:50 - 2013-09-17 13:50 - 00889416 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\dotNetFx40_Full_setup (1).exe
2013-09-16 22:27 - 2013-09-16 22:27 - 01027698 _____ C:\Users\Ates\Downloads\patch1011.zip
2013-09-16 22:27 - 2013-09-16 22:27 - 01027443 _____ C:\Users\Ates\Downloads\patch1010.zip
2013-09-16 22:18 - 2013-09-16 22:26 - 164766027 _____ C:\Users\Ates\Downloads\patch1005.zip
2013-09-16 22:14 - 2013-09-16 22:14 - 00000000 ____D C:\Users\Ates\Downloads\SexyKO v1000
2013-09-16 11:05 - 2012-09-20 05:11 - 00061216 _____ (GFI Software) C:\windows\system32\Drivers\sbhips.sys
2013-09-16 11:04 - 2012-09-20 05:11 - 00258848 _____ (GFI Software) C:\windows\system32\Drivers\SbFw.sys
2013-09-16 11:04 - 2012-09-12 20:19 - 00120064 _____ (GFI Software) C:\windows\system32\Drivers\SbFwIm.sys
2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-16 10:55 - 2013-09-16 10:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (4).exe
2013-09-16 10:52 - 2013-09-16 10:52 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Lavasoft
2013-09-16 10:51 - 2013-09-16 10:51 - 09368992 _____ (Lavasoft) C:\Users\Ates\Downloads\Lavasoft_Registry_Tuner_v.2.0.0.exe
2013-09-16 10:51 - 2013-09-16 10:51 - 00000000 ____D C:\Program Files\Lavasoft
2013-09-16 10:51 - 2012-09-20 05:40 - 00047496 _____ (GFI Software) C:\windows\system32\sbbd.exe
2013-09-16 10:49 - 2013-09-16 10:49 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (3).exe
2013-09-16 10:45 - 2013-09-16 10:45 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (2).exe
2013-09-16 10:37 - 2013-09-16 10:37 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (1).exe
2013-09-16 04:35 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\windows\system32\Drivers\gfiark.sys
2013-09-16 00:38 - 2013-10-05 23:39 - 00004318 _____ C:\windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-16 00:38 - 2013-09-16 10:32 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-16 00:38 - 2013-09-16 00:38 - 00000000 ____D C:\Users\Ates\AppData\Roaming\LavasoftStatistics
2013-09-15 23:49 - 2013-09-16 21:42 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-15 23:49 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-15 23:48 - 2013-09-16 12:14 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus
2013-09-15 23:48 - 2013-09-16 10:56 - 00014456 _____ (GFI Software) C:\windows\system32\Drivers\gfibto.sys
2013-09-15 23:47 - 2013-09-15 23:47 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer.exe
2013-09-15 06:23 - 2013-09-15 06:23 - 00000000 ____D C:\Users\Ates\Documents\fx
2013-09-15 04:00 - 2011-10-31 11:02 - 00307200 _____ (PingBetter) C:\windows\SysWOW64\pbproxy.dll
2013-09-15 03:59 - 2013-09-15 03:59 - 03203437 _____ (PingBetter) C:\Users\Ates\Downloads\PingBetterSetup3.1.0.1.exe
2013-09-15 03:39 - 2013-09-15 03:40 - 14035465 _____ C:\Users\Ates\Downloads\pz_setup_1.1.6.zip
2013-09-15 00:52 - 2013-09-15 00:52 - 00000000 ____D C:\Users\Ates\AppData\Local\Amazon
2013-09-14 23:23 - 2013-09-14 23:23 - 00000038 ___SH C:\Users\Ates\AppData\Local\30cb054b51a6e2f65d62f4.62716000
2013-09-14 23:23 - 2013-09-14 23:23 - 00000000 __SHD C:\Users\Ates\AppData\Local\icsxml
2013-09-14 23:20 - 2013-09-14 23:20 - 05341777 _____ (Lowerping) C:\Users\Ates\Downloads\Lowerping_1.4.exe
2013-09-14 22:07 - 2013-09-30 02:20 - 00003172 _____ C:\windows\System32\Tasks\Razer_Game_Booster_AutoUpdate
2013-09-14 22:06 - 2013-09-14 22:06 - 00000000 ____D C:\Users\Ates\Documents\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Users\Ates\AppData\Local\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\ProgramData\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-14 22:04 - 2013-09-14 22:05 - 23832608 _____ (Razer USA Ltd                                               ) C:\Users\Ates\Downloads\Game_Booster_v3.7.0.11.exe
2013-09-14 21:48 - 2012-11-22 18:42 - 00000000 ____D C:\Program Files (x86)\Cure
2013-09-14 21:47 - 2013-09-14 21:48 - 06872237 _____ C:\Users\Ates\Downloads\Cure.rar
2013-09-14 21:18 - 2013-09-14 21:18 - 00001291 _____ C:\Users\Ates\Downloads\Pingfix.rar
2013-09-14 18:34 - 2013-09-14 18:35 - 06091510 _____ C:\Users\Ates\Downloads\LaglessProxy1.1 (1).exe
2013-09-14 04:36 - 2013-09-14 04:36 - 00000000 ____D C:\Users\Ates\AppData\Local\Microsoft_Corporation
2013-09-14 04:34 - 2013-09-14 04:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-09-14 04:31 - 2013-09-14 04:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-09-14 04:30 - 2013-09-14 04:30 - 86525456 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SQLEXPR_x64_ENU.exe
2013-09-14 04:18 - 2013-09-15 02:12 - 06982764 _____ C:\Users\Ates\Downloads\TrayhoperEditors-Pvp-Sehri.rar
2013-09-13 09:34 - 2013-09-30 02:31 - 00000000 ____D C:\windows\pss
2013-09-10 20:01 - 2013-09-16 10:27 - 00003722 _____ C:\Users\Ates\Downloads\hs-smc2b.zip
2013-09-10 19:54 - 2013-09-11 05:19 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Open Download Manager
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\modules
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\js
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\css
2013-09-10 19:50 - 2013-09-10 19:50 - 00000000 ____D C:\Users\Ates\AppData\Local\avgchrome
2013-09-10 19:48 - 2013-09-30 02:20 - 00003114 _____ C:\windows\System32\Tasks\YourFile DownloaderUpdate
2013-09-10 19:47 - 2013-09-10 19:47 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup1.exe
2013-09-10 19:47 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.002
2013-09-10 19:32 - 2013-09-10 19:32 - 00000000 ____D C:\ProgramData\KLC
2013-09-10 19:32 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.001
2013-09-10 19:31 - 2013-09-10 19:32 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup.exe
2013-09-10 19:26 - 2013-09-10 19:26 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup (1).exe
2013-09-10 19:26 - 2013-09-10 19:26 - 01300888 _____ (Koyote-Lab Inc.) C:\Users\Ates\Downloads\FuzeZipSetup-r140-w-bc.exe
2013-09-10 19:15 - 2013-09-10 19:32 - 00000000 ____D C:\Program Files (x86)\KLC
2013-09-10 19:15 - 2013-09-10 19:15 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup.exe
2013-09-10 19:15 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\temp.000
2013-09-10 19:15 - 2002-12-20 12:02 - 01077336 ____N (Microsoft Corporation) C:\windows\SysWOW64\mscomctl.ocx
2013-09-10 19:15 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\windows\SysWOW64\wbemdisp.TLB
 
==================== One Month Modified Files and Folders =======
 
2013-10-09 11:15 - 2013-10-09 11:15 - 00000000 ____D C:\FRST
2013-10-09 11:15 - 2012-06-12 17:59 - 01234356 _____ C:\windows\WindowsUpdate.log
2013-10-09 11:15 - 2009-07-13 20:20 - 00000000 ____D C:\windows\tracing
2013-10-09 11:14 - 2013-10-09 11:14 - 00030688 _____ C:\ComboFix.txt
2013-10-09 11:14 - 2013-10-09 10:55 - 00000000 ____D C:\Qoobox
2013-10-09 11:14 - 2009-07-13 22:13 - 00780196 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-09 11:10 - 2013-09-27 11:41 - 00024218 _____ C:\windows\PFRO.log
2013-10-09 11:10 - 2013-09-22 01:00 - 00003360 _____ C:\windows\setupact.log
2013-10-09 11:10 - 2013-02-24 01:18 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-10-09 11:10 - 2012-09-18 11:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-09 11:10 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-09 11:10 - 2009-07-13 19:34 - 66846720 _____ C:\windows\system32\config\SOFTWARE.bak
2013-10-09 11:10 - 2009-07-13 19:34 - 48234496 _____ C:\windows\system32\config\SYSTEM.bak
2013-10-09 11:10 - 2009-07-13 19:34 - 00815104 _____ C:\windows\system32\config\DEFAULT.bak
2013-10-09 11:10 - 2009-07-13 19:34 - 00057344 _____ C:\windows\system32\config\SAM.bak
2013-10-09 11:10 - 2009-07-13 19:34 - 00028672 _____ C:\windows\system32\config\SECURITY.bak
2013-10-09 11:10 - 2009-07-13 19:34 - 00000215 _____ C:\windows\system.ini
2013-10-09 11:09 - 2013-09-29 11:41 - 00000000 ____D C:\windows\erdnt
2013-10-09 11:05 - 2009-07-13 21:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 11:05 - 2009-07-13 21:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 10:59 - 2013-09-29 01:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-09 10:58 - 2013-09-08 22:30 - 00000336 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2013-10-09 10:37 - 2013-10-09 10:36 - 00000000 ____D C:\Users\Ates\Desktop\Virus
2013-10-09 10:34 - 2013-10-09 10:34 - 00022538 _____ C:\Users\Ates\Desktop\dds.txt
2013-10-09 10:34 - 2013-10-09 10:34 - 00012976 _____ C:\Users\Ates\Desktop\attach.txt
2013-10-09 09:53 - 2013-09-04 01:11 - 00740864 ___SH C:\Users\Ates\Downloads\Thumbs.db
2013-10-09 09:36 - 2013-09-08 22:30 - 00003344 _____ C:\windows\System32\Tasks\HP Photo Creations Communicator
2013-10-09 08:50 - 2013-10-09 08:50 - 00003144 _____ C:\windows\System32\Tasks\{6098B53F-986A-4DD0-8998-A596C96D83A1}
2013-10-09 08:45 - 2013-10-09 08:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Proxifier
2013-10-09 08:44 - 2013-10-09 08:44 - 00001023 _____ C:\Users\Ates\Desktop\Proxifier.lnk
2013-10-09 08:44 - 2013-10-09 08:44 - 00000000 ____D C:\Program Files (x86)\Proxifier
2013-10-09 08:41 - 2013-10-09 08:41 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (2).zip
2013-10-09 08:41 - 2013-10-09 08:41 - 00000000 ____D C:\Users\Ates\Desktop\lagless
2013-10-09 08:39 - 2013-10-09 08:39 - 00403354 _____ C:\Users\Ates\Downloads\lagless_03_01_2013 (1).zip
2013-10-09 08:38 - 2013-10-09 08:38 - 00024092 _____ C:\Users\Ates\Downloads\Lagless_server_list_28_11_2012 (2).zip
2013-10-09 08:38 - 2013-10-09 08:38 - 00002065 _____ C:\Users\Ates\Downloads\settings for proxifier_03_01_2013 (1).zip
2013-10-09 08:09 - 2013-10-09 08:09 - 03608881 _____ C:\Users\Ates\Downloads\m3393_Proxyfier.zip
2013-10-09 07:57 - 2013-10-09 07:56 - 34374536 _____ C:\Users\Ates\Downloads\WinGate8.0.2.4614-USE.exe
2013-10-09 07:52 - 2012-09-10 02:39 - 00000000 ____D C:\Users\Ates\AppData\Local\CrashDumps
2013-10-09 07:44 - 2013-10-07 20:51 - 00001401 _____ C:\Users\Ates\Desktop\Launcher - Shortcut.lnk
2013-10-09 07:36 - 2013-09-30 01:20 - 00000000 ____D C:\Program Files (x86)\LaglessProxy
2013-10-09 07:32 - 2012-08-28 07:36 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Skype
2013-10-09 07:02 - 2013-10-09 07:02 - 00001697 _____ C:\Users\Ates\Desktop\Ping spikes.txt
2013-10-09 05:43 - 2013-10-07 20:43 - 00000000 ____D C:\Program Files (x86)\KO100
2013-10-08 23:43 - 2013-09-24 11:11 - 00000000 ____D C:\Program Files (x86)\FlameKO
2013-10-07 20:52 - 2013-10-05 23:48 - 00000000 ____D C:\Users\Ates\Desktop\Deskop
2013-10-07 20:28 - 2013-10-07 20:28 - 00002519 _____ C:\Users\Ates\Desktop\Skype.lnk
2013-10-07 20:27 - 2013-10-07 20:27 - 00001995 _____ C:\Users\Ates\Desktop\LaglessProxy.lnk
2013-10-07 02:44 - 2013-10-07 02:44 - 01367552 _____ C:\Users\Ates\Downloads\Chapter 5 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00584192 _____ C:\Users\Ates\Downloads\Chapter 3 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00559616 _____ C:\Users\Ates\Downloads\Chapter 4 Part 2 %282013%29.ppt
2013-10-07 02:44 - 2013-10-07 02:44 - 00301568 _____ C:\Users\Ates\Downloads\Chapter 4 part 1 %282013%29.ppt
2013-10-06 22:45 - 2013-09-29 17:21 - 987788256 _____ C:\windows\MEMORY.DMP
2013-10-06 22:45 - 2012-10-02 19:59 - 00000000 ____D C:\windows\Minidump
2013-10-06 03:45 - 2013-04-27 00:28 - 00552960 ___SH C:\Users\Ates\Desktop\Thumbs.db
2013-10-06 03:23 - 2013-09-08 22:30 - 00000000 ___RD C:\Users\Ates\Documents\HP Photo Creations
2013-10-06 03:23 - 2013-09-08 22:05 - 00000000 ____D C:\ProgramData\Visan
2013-10-06 03:23 - 2013-09-08 22:05 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-10-06 03:13 - 2012-10-15 17:23 - 00000000 ____D C:\Users\Ates\AppData\Roaming\TS3Client
2013-10-06 01:16 - 2012-10-15 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\TeamSpeak 3 Client
2013-10-06 00:38 - 2013-10-06 00:38 - 00054719 _____ C:\Users\Ates\Downloads\servers (2).zip
2013-10-06 00:27 - 2013-10-06 00:27 - 00000983 _____ C:\Users\Public\Desktop\WTFast.lnk
2013-10-06 00:27 - 2013-10-06 00:27 - 00000000 ____D C:\Program Files (x86)\WTFast
2013-10-06 00:23 - 2012-08-28 05:46 - 00000000 ___RD C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 00:06 - 2013-10-06 00:06 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (2).msi
2013-10-06 00:06 - 2013-10-06 00:06 - 04597248 _____ C:\Users\Ates\Downloads\pcap525_x86.msi
2013-10-06 00:06 - 2013-10-06 00:05 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64 (1).msi
2013-10-05 23:50 - 2013-02-23 23:33 - 00000000 ____D C:\Users\Ates\AppData\Local\SmoothpingElite
2013-10-05 23:49 - 2013-10-05 23:49 - 00004604 _____ C:\PBUninstaller.log
2013-10-05 23:49 - 2013-02-23 23:33 - 00000000 ____D C:\Program Files (x86)\Smoothping Elite
2013-10-05 23:45 - 2013-02-23 12:07 - 00000000 ____D C:\Users\Ates\AppData\Local\Lowerping
2013-10-05 23:43 - 2013-04-01 14:11 - 00000000 ____D C:\Users\Ates\AppData\Roaming\GameRanger
2013-10-05 23:41 - 2013-08-21 10:59 - 00000000 ____D C:\Users\Ates\AppData\Local\BattlePing
2013-10-05 23:39 - 2013-10-05 23:38 - 01912363 _____ C:\Users\Ates\Downloads\WinMTR-v092.zip
2013-10-05 23:39 - 2013-09-16 00:38 - 00004318 _____ C:\windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-10-05 23:01 - 2009-07-13 22:08 - 00032582 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-05 22:23 - 2013-10-05 22:23 - 01644848 _____ (                                                            ) C:\Users\Ates\Downloads\freecap_setup_eng.exe
2013-10-05 05:48 - 2013-08-28 22:05 - 00001586 _____ C:\windows\Sandboxie.ini
2013-10-05 05:42 - 2013-10-05 05:42 - 00003152 _____ C:\windows\System32\Tasks\{39288CD3-FEAA-4881-86E4-EFD40BF84C21}
2013-10-05 05:40 - 2013-10-05 05:40 - 04361633 _____ (                                                            ) C:\Users\Ates\Downloads\widecap_setup.en.1.5 (2).exe
2013-10-05 05:39 - 2013-10-05 05:39 - 06425088 _____ C:\Users\Ates\Downloads\pcap525_x64.msi
2013-10-05 05:39 - 2013-10-05 05:39 - 00928100 _____ C:\Users\Ates\Downloads\smoothping (1).zip
2013-10-05 05:18 - 2012-06-12 18:15 - 00002820 _____ C:\windows\System32\Tasks\ModeShift
2013-10-04 21:25 - 2012-08-30 22:07 - 00000000 ____D C:\Users\Ates\AppData\Roaming\SoftGrid Client
2013-10-03 10:59 - 2012-11-20 04:59 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-09-30 13:02 - 2013-09-30 13:02 - 00002452 _____ C:\windows\SysWOW64\APConfig.xml
2013-09-30 13:02 - 2013-09-30 13:02 - 00001738 _____ C:\windows\SysWOW64\EmailAVConfig.xml
2013-09-30 13:02 - 2013-09-30 13:02 - 00000502 _____ C:\windows\SysWOW64\HIPSConfig.xml
2013-09-30 13:02 - 2012-06-12 18:00 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-30 13:02 - 2012-06-12 18:00 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-30 13:01 - 2012-06-12 18:00 - 00003494 _____ C:\windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2013-09-30 13:01 - 2012-06-12 18:00 - 00003190 _____ C:\windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2013-09-30 12:51 - 2012-06-12 18:04 - 00003394 _____ C:\windows\System32\Tasks\MovieColorEnhancer
2013-09-30 12:51 - 2012-06-12 18:04 - 00003220 _____ C:\windows\System32\Tasks\Easy Software Manager Agent
2013-09-30 12:49 - 2012-06-12 18:04 - 00003502 _____ C:\windows\System32\Tasks\EasySpeedUpManager
2013-09-30 12:49 - 2012-06-12 18:04 - 00003448 _____ C:\windows\System32\Tasks\SmartSetting
2013-09-30 12:48 - 2012-06-12 18:04 - 00003212 _____ C:\windows\System32\Tasks\EasyDisplayMgr
2013-09-30 12:44 - 2012-06-12 18:06 - 00003216 _____ C:\windows\System32\Tasks\advSRS5
2013-09-30 12:44 - 2012-06-12 18:04 - 00003294 _____ C:\windows\System32\Tasks\EasyBatteryManager
2013-09-30 12:42 - 2012-06-12 18:14 - 00003320 _____ C:\windows\System32\Tasks\SamsungSupportCenter
2013-09-30 12:14 - 2012-06-12 18:17 - 00003150 _____ C:\windows\System32\Tasks\MirageAgent
2013-09-30 02:31 - 2013-09-13 09:34 - 00000000 ____D C:\windows\pss
2013-09-30 02:23 - 2012-10-28 12:03 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job
2013-09-30 02:23 - 2012-10-28 12:03 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job
2013-09-30 02:23 - 2012-08-28 05:56 - 00001026 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job
2013-09-30 02:23 - 2012-08-28 05:56 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job
2013-09-30 02:20 - 2013-09-30 01:21 - 00003330 _____ C:\windows\System32\Tasks\LaglessUI-Service
2013-09-30 02:20 - 2013-09-14 22:07 - 00003172 _____ C:\windows\System32\Tasks\Razer_Game_Booster_AutoUpdate
2013-09-30 02:20 - 2013-09-10 19:48 - 00003114 _____ C:\windows\System32\Tasks\YourFile DownloaderUpdate
2013-09-30 02:20 - 2012-10-28 12:03 - 00003910 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA
2013-09-30 02:20 - 2012-10-28 12:03 - 00003542 _____ C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core
2013-09-30 02:20 - 2012-09-18 00:12 - 00002952 _____ C:\windows\System32\Tasks\{E08E35BE-FAE1-4E03-99F9-1C7564CD9F5C}
2013-09-30 02:20 - 2012-09-02 22:52 - 00003500 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-Ates-PC-Ates
2013-09-30 02:20 - 2012-08-28 05:56 - 00004006 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA
2013-09-30 02:20 - 2012-08-28 05:56 - 00003610 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core
2013-09-30 02:00 - 2012-09-02 22:26 - 00000000 ____D C:\Users\Ates\AppData\Local\Adobe
2013-09-30 01:42 - 2013-09-27 11:41 - 00002850 _____ C:\autoupdate.log
2013-09-30 01:21 - 2013-09-30 01:21 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaglessProxy
2013-09-30 00:00 - 2013-09-30 00:00 - 00000020 _____ C:\windows\0÷%
2013-09-30 00:00 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\WinPatrol
2013-09-29 23:39 - 2013-09-29 23:39 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-09-29 23:39 - 2013-04-07 05:02 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-29 23:38 - 2013-09-29 23:38 - 00907304 _____ (BillP Studios) C:\Users\Ates\Downloads\wpsetup.exe
2013-09-29 23:25 - 2013-09-28 19:49 - 00000000 ____D C:\AdwCleaner
2013-09-29 21:07 - 2012-09-09 15:45 - 00000000 ____D C:\Users\Ates\AppData\Roaming\DAEMON Tools Lite
2013-09-29 21:07 - 2012-08-29 10:23 - 00000000 ____D C:\Users\Ates\Tracing
2013-09-29 21:05 - 2013-09-29 21:04 - 00000000 ____D C:\Program Files\CCleaner
2013-09-29 21:04 - 2013-09-29 21:04 - 00002770 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-09-29 21:03 - 2013-09-29 21:03 - 04429440 _____ (Piriform Ltd) C:\Users\Ates\Downloads\ccsetup404.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-09-29 21:03 - 2013-09-29 21:03 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\ProgramData\Oracle
2013-09-29 21:03 - 2013-09-29 21:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-29 21:03 - 2012-08-28 10:25 - 00868264 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-09-29 21:03 - 2012-08-28 10:25 - 00790440 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-09-29 21:02 - 2013-09-29 21:02 - 00913832 _____ (Oracle Corporation) C:\Users\Ates\Downloads\chromeinstall-7u40.exe
2013-09-29 21:01 - 2012-09-02 22:26 - 00000000 ____D C:\ProgramData\Adobe
2013-09-29 21:01 - 2012-09-02 22:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-29 20:56 - 2013-09-29 20:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ates\Downloads\revosetup.exe
2013-09-29 20:56 - 2013-09-29 20:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-09-29 20:51 - 2013-09-29 20:51 - 02637824 _____ (TODO: <Company name>) C:\Users\Ates\Downloads\Gorilla_Uninstaller_Download_File.exe
2013-09-29 17:21 - 2013-09-29 17:21 - 00000000 ____D C:\Users\Ates\AppData\Local\adawarebp
2013-09-29 11:51 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-09-29 01:05 - 2013-09-29 01:05 - 00000000 ____D C:\windows\ERUNT
2013-09-29 00:59 - 2013-09-29 00:59 - 01030305 _____ (Thisisu) C:\Users\Ates\Downloads\JRT.exe
2013-09-29 00:57 - 2013-09-29 00:57 - 01042066 _____ C:\Users\Ates\Downloads\AdwCleaner (1).exe
2013-09-29 00:38 - 2013-09-29 00:19 - 737013724 _____ C:\Users\Ates\Downloads\KO100-Client-Beta-2-Released-d.rar
2013-09-28 22:19 - 2013-09-28 22:19 - 00688992 ____R (Swearware) C:\Users\Ates\Downloads\dds.com
2013-09-28 20:17 - 2013-09-28 20:17 - 00001898 _____ C:\windows\system32\.crusader
2013-09-28 20:17 - 2013-09-28 20:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-28 20:08 - 2013-09-28 20:08 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Malwarebytes
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-28 19:54 - 2013-09-28 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-28 19:52 - 2012-12-14 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 19:48 - 2013-09-28 19:48 - 09879648 _____ (SurfRight B.V.) C:\Users\Ates\Downloads\HitmanPro_x64.exe
2013-09-28 19:47 - 2013-09-28 19:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ates\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-28 19:47 - 2013-09-28 19:47 - 01042066 _____ C:\Users\Ates\Downloads\adwcleaner.exe
2013-09-28 08:07 - 2013-09-29 00:23 - 678011494 _____ C:\Users\Ates\Downloads\Knight_Kingdom (1).rar
2013-09-27 11:44 - 2013-09-27 11:44 - 00000000 ____D C:\Users\Ates\AppData\Local\AAA_Internet_Publishing,_
2013-09-27 11:37 - 2013-09-27 11:37 - 04273808 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetupFR.3.0.1.12.exe
2013-09-26 22:40 - 2013-09-26 21:46 - 608749959 _____ C:\Users\Ates\Downloads\YataganOnline.rar
2013-09-26 21:48 - 2013-09-26 21:48 - 08711779 _____ C:\Users\Ates\Downloads\Manuel.zip
2013-09-26 12:43 - 2013-09-26 12:43 - 00007617 _____ C:\Users\Ates\AppData\Local\Resmon.ResmonCfg
2013-09-26 12:36 - 2013-09-26 12:36 - 00863610 _____ C:\Users\Ates\Downloads\amr501dm.rar
2013-09-24 07:08 - 2013-09-24 07:08 - 00771986 _____ C:\Users\Ates\Downloads\Outlook (2).zip
2013-09-23 04:30 - 2013-09-23 04:30 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29 (1).ppt
2013-09-23 04:26 - 2013-09-23 04:26 - 00583680 _____ C:\Users\Ates\Downloads\Descriptive Statistics %28Example Problems%29.ppt
2013-09-23 04:25 - 2013-09-23 04:25 - 00376832 _____ C:\Users\Ates\Downloads\Chapter 2 Part 3 %282013%29.ppt
2013-09-22 01:00 - 2013-09-22 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-09-20 22:18 - 2013-09-20 22:18 - 01475192 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetup.2.13.2.0 (1).exe
2013-09-20 11:21 - 2013-09-20 11:21 - 00000000 _____ C:\Users\Ates\agent.log
2013-09-20 11:21 - 2012-08-28 05:45 - 00000000 ____D C:\Users\Ates
2013-09-20 03:34 - 2013-09-20 03:34 - 01466856 _____ (Initex & AAA Internet Publishing                            ) C:\Users\Ates\Downloads\WTFastSetup.2.0.1.3.exe
2013-09-20 03:15 - 2013-09-17 13:53 - 00000000 ____D C:\Program Files (x86)\SmarttürkWebTV-V0.06
2013-09-20 03:15 - 2012-12-06 17:36 - 00000000 ____D C:\windows\SysWOW64\SysInfo
2013-09-20 03:15 - 2012-10-24 19:34 - 00000000 ____D C:\Users\Ates\AppData\Roaming\TeamViewer
2013-09-20 03:15 - 2012-10-01 15:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ventrilo
2013-09-20 03:15 - 2012-05-06 22:07 - 00000000 ____D C:\windows\MSetup
2013-09-20 03:15 - 2011-02-11 12:57 - 00000000 ____D C:\windows\Panther
2013-09-18 13:23 - 2013-09-18 13:21 - 00000000 ____D C:\Program Files (x86)\SexyKO
2013-09-18 02:05 - 2013-09-18 02:05 - 04512276 _____ C:\Users\Ates\Downloads\Outlook (1).zip
2013-09-17 13:54 - 2013-09-17 13:54 - 00000000 ____D C:\Users\Ates\AppData\Local\Geckofx
2013-09-17 13:53 - 2013-09-17 13:53 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmarttürkWebTV-V0.06
2013-09-17 13:53 - 2012-08-30 22:06 - 00774412 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-09-17 13:51 - 2013-09-17 13:50 - 22453185 _____ C:\Users\Ates\Downloads\Versiyon0.06.rar
2013-09-17 13:50 - 2013-09-17 13:50 - 00889416 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\dotNetFx40_Full_setup (1).exe
2013-09-16 22:41 - 2013-04-24 01:02 - 00000000 ____D C:\Program Files (x86)\NvidiaInspector
2013-09-16 22:41 - 2013-02-23 23:33 - 00000000 ____D C:\Users\Ates\Smoothping
2013-09-16 22:41 - 2012-10-02 19:44 - 00000000 ____D C:\Users\Ates\AppData\Local\gctmp
2013-09-16 22:41 - 2012-09-17 23:21 - 00000000 ____D C:\Program Files (x86)\Creative Element Power Tools
2013-09-16 22:27 - 2013-09-16 22:27 - 01027698 _____ C:\Users\Ates\Downloads\patch1011.zip
2013-09-16 22:27 - 2013-09-16 22:27 - 01027443 _____ C:\Users\Ates\Downloads\patch1010.zip
2013-09-16 22:26 - 2013-09-16 22:18 - 164766027 _____ C:\Users\Ates\Downloads\patch1005.zip
2013-09-16 22:14 - 2013-09-16 22:14 - 00000000 ____D C:\Users\Ates\Downloads\SexyKO v1000
2013-09-16 21:42 - 2013-09-15 23:49 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-16 12:14 - 2013-09-15 23:48 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus
2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-16 10:57 - 2013-09-16 10:57 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-09-16 10:57 - 2013-09-15 23:49 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-16 10:56 - 2013-09-15 23:48 - 00014456 _____ (GFI Software) C:\windows\system32\Drivers\gfibto.sys
2013-09-16 10:55 - 2013-09-16 10:55 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (4).exe
2013-09-16 10:52 - 2013-09-16 10:52 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Lavasoft
2013-09-16 10:51 - 2013-09-16 10:51 - 09368992 _____ (Lavasoft) C:\Users\Ates\Downloads\Lavasoft_Registry_Tuner_v.2.0.0.exe
2013-09-16 10:51 - 2013-09-16 10:51 - 00000000 ____D C:\Program Files\Lavasoft
2013-09-16 10:51 - 2012-09-09 17:24 - 00002030 _____ C:\0
2013-09-16 10:49 - 2013-09-16 10:49 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (3).exe
2013-09-16 10:45 - 2013-09-16 10:45 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (2).exe
2013-09-16 10:37 - 2013-09-16 10:37 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer (1).exe
2013-09-16 10:32 - 2013-09-16 00:38 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-16 10:27 - 2013-09-10 20:01 - 00003722 _____ C:\Users\Ates\Downloads\hs-smc2b.zip
2013-09-16 10:26 - 2013-05-16 03:38 - 00002967 _____ C:\Users\Ates\Downloads\APCS6.Act.7z
2013-09-16 07:47 - 2012-09-17 20:01 - 00000000 ____D C:\Program Files (x86)\ValentinaKoClient
2013-09-16 06:00 - 2013-08-28 21:46 - 00000000 ____D C:\Users\Ates\Documents\KlameKO
2013-09-16 00:38 - 2013-09-16 00:38 - 00000000 ____D C:\Users\Ates\AppData\Roaming\LavasoftStatistics
2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-15 23:49 - 2013-09-15 23:49 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-15 23:47 - 2013-09-15 23:47 - 05616264 _____ (Lavasoft Limited) C:\Users\Ates\Downloads\Adaware_Installer.exe
2013-09-15 06:23 - 2013-09-15 06:23 - 00000000 ____D C:\Users\Ates\Documents\fx
2013-09-15 03:59 - 2013-09-15 03:59 - 03203437 _____ (PingBetter) C:\Users\Ates\Downloads\PingBetterSetup3.1.0.1.exe
2013-09-15 03:56 - 2013-02-23 12:07 - 00000000 __SHD C:\Users\Ates\wc
2013-09-15 03:40 - 2013-09-15 03:39 - 14035465 _____ C:\Users\Ates\Downloads\pz_setup_1.1.6.zip
2013-09-15 03:27 - 2013-02-23 23:32 - 05725312 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SmoothpingElite.exe
2013-09-15 02:14 - 2013-02-22 11:24 - 430855765 _____ C:\Users\Ates\Downloads\yildizko.rar
2013-09-15 02:13 - 2013-08-22 23:22 - 585668566 _____ C:\Users\Ates\Downloads\bian-ko.net.rar
2013-09-15 02:12 - 2013-09-14 04:18 - 06982764 _____ C:\Users\Ates\Downloads\TrayhoperEditors-Pvp-Sehri.rar
2013-09-15 01:52 - 2013-03-14 00:07 - 00000027 _____ C:\Users\Ates\Downloads\Pedal.rar
2013-09-15 01:52 - 2013-02-22 09:56 - 375645617 _____ C:\Users\Ates\Downloads\KnightOnline (1).rar
2013-09-15 01:52 - 2013-01-24 19:17 - 677909864 _____ C:\Users\Ates\Downloads\Knight_Online.rar
2013-09-15 00:56 - 2013-02-24 02:47 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2013-09-15 00:56 - 2012-06-12 18:12 - 00000000 ____D C:\Program Files\Samsung
2013-09-15 00:56 - 2012-06-12 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-15 00:52 - 2013-09-15 00:52 - 00000000 ____D C:\Users\Ates\AppData\Local\Amazon
2013-09-15 00:52 - 2012-09-22 23:51 - 00000000 ____D C:\Program Files (x86)\AC Tool
2013-09-15 00:52 - 2012-06-12 18:02 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-09-14 23:23 - 2013-09-14 23:23 - 00000038 ___SH C:\Users\Ates\AppData\Local\30cb054b51a6e2f65d62f4.62716000
2013-09-14 23:23 - 2013-09-14 23:23 - 00000000 __SHD C:\Users\Ates\AppData\Local\icsxml
2013-09-14 23:23 - 2013-02-23 12:07 - 00000000 __SHD C:\Users\Ates\AppData\Roaming\wyUpdate AU
2013-09-14 23:20 - 2013-09-14 23:20 - 05341777 _____ (Lowerping) C:\Users\Ates\Downloads\Lowerping_1.4.exe
2013-09-14 22:06 - 2013-09-14 22:06 - 00000000 ____D C:\Users\Ates\Documents\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Users\Ates\AppData\Local\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\ProgramData\Razer
2013-09-14 22:05 - 2013-09-14 22:05 - 00000000 ____D C:\Program Files (x86)\Razer
2013-09-14 22:05 - 2013-09-14 22:04 - 23832608 _____ (Razer USA Ltd                                               ) C:\Users\Ates\Downloads\Game_Booster_v3.7.0.11.exe
2013-09-14 21:57 - 2012-10-01 15:39 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2013-09-14 21:57 - 2012-09-22 18:44 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jitbit Macro Recorder
2013-09-14 21:57 - 2012-09-17 17:15 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-14 21:48 - 2013-09-14 21:47 - 06872237 _____ C:\Users\Ates\Downloads\Cure.rar
2013-09-14 21:18 - 2013-09-14 21:18 - 00001291 _____ C:\Users\Ates\Downloads\Pingfix.rar
2013-09-14 18:35 - 2013-09-14 18:34 - 06091510 _____ C:\Users\Ates\Downloads\LaglessProxy1.1 (1).exe
2013-09-14 04:36 - 2013-09-14 04:36 - 00000000 ____D C:\Users\Ates\AppData\Local\Microsoft_Corporation
2013-09-14 04:36 - 2013-09-14 04:31 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-09-14 04:35 - 2013-09-14 04:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-09-14 04:30 - 2013-09-14 04:30 - 86525456 _____ (Microsoft Corporation) C:\Users\Ates\Downloads\SQLEXPR_x64_ENU.exe
2013-09-13 23:22 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-11 05:22 - 2013-08-20 11:04 - 00000000 ____D C:\Users\Ates\AppData\Local\NETGEARGenie
2013-09-11 05:19 - 2013-09-10 19:54 - 00000000 ____D C:\Users\Ates\AppData\Roaming\Open Download Manager
2013-09-10 20:14 - 2012-09-17 18:12 - 00000000 ____D C:\windows\SysWOW64\Extensions
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\modules
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\js
2013-09-10 19:54 - 2013-09-10 19:54 - 00000000 ____D C:\windows\SysWOW64\css
2013-09-10 19:50 - 2013-09-10 19:50 - 00000000 ____D C:\Users\Ates\AppData\Local\avgchrome
2013-09-10 19:47 - 2013-09-10 19:47 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup1.exe
2013-09-10 19:32 - 2013-09-10 19:32 - 00000000 ____D C:\ProgramData\KLC
2013-09-10 19:32 - 2013-09-10 19:31 - 04635015 _____ C:\Users\Ates\Downloads\smac27beta_setup.exe
2013-09-10 19:32 - 2013-09-10 19:15 - 00000000 ____D C:\Program Files (x86)\KLC
2013-09-10 19:26 - 2013-09-10 19:26 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup (1).exe
2013-09-10 19:26 - 2013-09-10 19:26 - 01300888 _____ (Koyote-Lab Inc.) C:\Users\Ates\Downloads\FuzeZipSetup-r140-w-bc.exe
2013-09-10 19:15 - 2013-09-10 19:15 - 04630617 _____ C:\Users\Ates\Downloads\smac20_setup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 03:33
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition.txt  :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Ates at 2013-10-09 11:16:15
Running from C:\Users\Ates\Desktop\Virus
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.110)
Adobe AIR (x32 Version: 3.4.0.2540)
Adobe Download Assistant (x32 Version: 1.2.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.168)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
AutoHotkey 1.1.09.02 (Version: 1.1.09.02)
AutoIt v3.3.8.1 (x32)
Axife Mouse Recorder DEMO 5.01 (x32)
Bandicam (x32)
Bandisoft MPEG-1 Decoder (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot (x32 Version: 2.2.0.82)
CCleaner (Version: 4.04)
cFosSpeed v5.00 (Version: 5.00)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Creative Element Power Tools (x32 Version: 3.0.6)
Creo Direct Version 2.0 Datecode [M010] (x32 Version: 2.0)
Creo Layout Version 2.0 Datecode [M010] (x32 Version: 2.0)
Creo Parametric Version 2.0 Datecode [M010] (x32 Version: 2.0)
Creo Platform 2.9 (x32 Version: 2.9.0)
Creo Simulate Version 2.0 Datecode [M010] (x32 Version: 2.0)
Creo Thumbnail Viewer 2.0 (Version: 30.12.130)
CyberLink Media Suite (x32 Version: 8.0.2227)
CyberLink MediaShow (x32 Version: 5.0.1130a)
CyberLink Power2Go (x32 Version: 6.1.4813b)
CyberLink PowerDirector (x32 Version: 8.0.4207)
CyberLink PowerDVD 10 (x32 Version: 10.0.3706.52)
CyberLink YouCam (x32 Version: 3.1.4417)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7)
Easy File Share (x32 Version: 1.2.4)
Easy Migration (x32 Version: 1.0)
Easy Settings (x32 Version: 1.1)
Easy Software Manager (x32 Version: 1.1.41.25)
Easy Support Center 1.0 (x32 Version: 1.1.49)
E-POP (x32 Version: 1.0.1)
ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)
ExpressCache (Version: 1.0.64)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Farm Frenzy (x32 Version: 2.2.0.82)
File Properties Changer (x32)
Google Chrome (HKCU Version: 29.0.1547.76)
HitmanPro 3.7 (Version: 3.7.7.205)
HP Deskjet 2510 series Basic Device Software (Version: 28.0.1313.0)
HP Deskjet 2510 series Help (x32 Version: 27.0.0)
HP Deskjet 2510 series Product Improvement Study (Version: 28.0.1313.0)
HP Deskjet 2510 series Setup Guide (x32 Version: 27.0.0)
HP Photo Creations (x32 Version: 1.0.0.12412)
HP Update (x32 Version: 5.003.003.001)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.0.0.0086)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 10.7.0.21)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
John Deere Drive Green (x32 Version: 2.2.0.82)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LaglessProxy (x32 Version: 1.0)
Lavasoft Registry Tuner (Version: 2.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Maple 16
Maple 16 (x32 Version: 16.0.0.0)
Mathematica Extras 9.0 (3824406) (Version: 9.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
ModeShift (x32 Version: 1.0)
MSI Afterburner 2.2.5 (x32 Version: 2.2.5)
MSI Kombustor 2.4.2 (x32)
NETGEAR Genie (x32 Version: 2.2.28.24.exe )
Norton Online Backup (x32 Version: 2.2.1.35)
NVIDIA Control Panel 296.01 (Version: 296.01)
NVIDIA Graphics Driver 296.01 (Version: 296.01)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA PhysX System Software 9.11.1111 (Version: 9.11.1111)
PasswordBox (x32 Version: 1.12.2.1665)
PDF Settings CS6 (x32 Version: 11.0)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Proxifier version 3.0 (x32 Version: 3.0)
PTC Quality Agent (x32 Version: 2.0.0.0)
Razer Game Booster (x32 Version: 3.7)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094)
RegCure Pro (x32 Version: 3.1.6.0)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Samsung Recovery Solution 5 (x32 Version: 5.0.2.3)
Sandboxie 4.04 (64-bit) (Version: 4.04)
Skype™ 6.1 (x32 Version: 6.1.129)
Smarttürk WebTV v0.05 (HKCU)
SmarttürkWebTV-V0.06 (HKCU)
Software Launcher (x32 Version: 1.0.2)
TeamSpeak 3 Client (HKCU Version: 3.0.13)
TeamViewer 8 (x32 Version: 8.0.16642)
TechPowerUp GPU-Z (x32)
TuneUp Utilities 2013 (x32 Version: 13.0.2020.14)
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2020.14)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
WildTangent Games (x32 Version: 1.0.1.5)
WildTangent ORB Game Console (x32)
Window Hide Tool 2.0 (x32)
WinPatrol (Version: 28.9.2013.1)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060) (Version: 9.0.0)
WTFast 3.0 Beta 12 (x32 Version: 3.0.1.12)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2013-05-16 03:24 - 2013-10-09 11:10 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {015D3F17-53C6-4E2A-830A-A11ED0CB9A70} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {079F7EE1-9851-4467-BB87-9F6D897C6E95} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2012-01-26] (SAMSUNG Electronics)
Task: {089009F1-D204-4F1B-85A6-EF892E8D1E62} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-02-08] (Samsung)
Task: {15531474-384B-4883-8CF7-E29199BA23F4} - \ParetoLogic Update Version3 No Task File
Task: {1E62BEA0-A29E-4FFA-9CAE-593DC1333987} - System32\Tasks\AdobeAAMUpdater-1.0-Ates-PC-Ates => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {27035E51-D742-4F9C-859D-E6DF67ABC549} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-02-12] (Samsung Electronics Co., Ltd.)
Task: {29D9F031-4FBE-4F81-B9F3-6E04D1025FA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {2A1525B8-2108-4A26-B6DE-5BAA3B4D56A2} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-03-04] (Samsung Electronics Co., Ltd.)
Task: {32EE1501-8168-4DC2-946A-4D3D126E70EE} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {35D9101D-C415-4E78-81FE-90FBC96FCA5B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {3A756C9A-2511-484D-80DA-A822CA80FF41} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28] (Facebook Inc.)
Task: {3B44B648-0F08-41AD-9C74-E14C6361CDC8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3C0C7C10-5C78-4D8E-B642-52B571403C27} - \ParetoLogic Registration3 No Task File
Task: {3D4393C7-5C62-470D-B0BF-DFBFFE268F53} - System32\Tasks\LaglessUI-Service => C:\Program Files (x86)\LaglessProxy\LaglessUI.service.exe [2013-05-27] ()
Task: {42F30F43-4634-46A6-8F0E-48CACCA2871E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()
Task: {609AABC5-6C51-4064-9B31-1E64AB34ED5E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {616758BC-AC16-415A-B099-64B4A4588628} - \DealPlyUpdate No Task File
Task: {61ECFC90-344E-4517-9836-44535CF9858B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {66842EAB-AD74-4AAF-AF41-F5D32393C623} - System32\Tasks\Google Updater and Installer => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {6E739ACB-F600-4067-AD90-950CE457A358} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {788F4D85-E1D1-4A01-9807-53EC9748B402} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-30] (Samsung Electronics)
Task: {841843B8-9A73-4ACE-8EE5-8FBDBC1572AD} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-03-04] (Samsung Electronics Co., Ltd.)
Task: {9664F92C-7E9C-4006-A167-62B5AD9CD8C9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {A7A99B5E-92BD-4C24-8D27-77307B08633D} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe
Task: {AF0CF219-366A-4896-9B64-341D156C4200} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-10-06] ()
Task: {C59B5924-49C7-49E2-843B-C526A7A55C06} - System32\Tasks\{E08E35BE-FAE1-4E03-99F9-1C7564CD9F5C} => C:\Program Files (x86)\Creation\Creation.exe
Task: {DC5BCC9C-ED85-4BA8-A8EB-2B8266BC99B5} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-12-19] (SEC)
Task: {DE9A76C6-533F-4D3F-9E15-22A8E9CAFC29} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-01-31] (Samsung Electronics Co., Ltd.)
Task: {E162314B-4926-4F46-BFC8-EB7442B5549B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28] (Facebook Inc.)
Task: {F60BEDD1-BA4D-4AF0-986F-58A7B2822A4F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-17] (SAMSUNG Electronics co., LTD.)
Task: {F7F3A05E-DA1C-4EA6-96C0-3DA74BC5EC72} - System32\Tasks\ModeShift => C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe [2012-02-01] (Samsung Electronics Co., Ltd.)
Task: {FD52530C-5C51-43E3-8E4B-737C43669145} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job => C:\Users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job => C:\Users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-17 21:39 - 2012-12-06 16:06 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-09-13 09:25 - 2013-09-13 09:25 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-09-15 23:53 - 2013-07-05 14:25 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-09-15 23:53 - 2013-07-05 14:25 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2013 11:12:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 11:00:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 10:56:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 09:30:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 08:45:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 07:52:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: KnightOnLine.exe, version: 4.26.13.1965, time stamp: 0x517f5efd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x056413d1
Faulting process id: 0x850
Faulting application start time: 0xKnightOnLine.exe0
Faulting application path: KnightOnLine.exe1
Faulting module path: KnightOnLine.exe2
Report Id: KnightOnLine.exe3
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: -1
   Snapshot Context: -1
   Execution Context: Coordinator
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: -1
   Snapshot Context: -1
   Execution Context: Coordinator
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 0
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 0
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\
 
 
System errors:
=============
Error: (10/09/2013 11:10:38 AM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility .NET. service terminated with the following error: 
%%2
 
Error: (10/09/2013 11:09:53 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/09/2013 11:09:49 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/09/2013 11:07:38 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/09/2013 11:01:15 AM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2013 10:58:55 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (10/09/2013 10:58:54 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (10/09/2013 10:58:30 AM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility .NET. service terminated with the following error: 
%%2
 
Error: (10/09/2013 10:56:27 AM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2013 10:55:23 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/09/2013 11:12:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 11:00:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 10:56:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 09:30:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 08:45:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2013 07:52:25 AM) (Source: Application Error)(User: )
Description: KnightOnLine.exe4.26.13.1965517f5efdunknown0.0.0.000000000c0000005056413d185001cec4fd004d397fC:\Program Files (x86)\KO100\KnightOnLine.exeunknown68c85a12-30f2-11e3-bd4b-c48508720163
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: -1
   Snapshot Context: -1
   Execution Context: Coordinator
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: -1
   Snapshot Context: -1
   Execution Context: Coordinator
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 0
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\
 
Error: (10/07/2013 08:56:45 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Check If Volume Is Supported by Provider
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: 0
   Execution Context: Coordinator
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volume Name: \\?\Volume{708908a6-dcbd-11e1-b2ce-806e6f6e6963}\
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-09 00:21:28.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-09 00:21:28.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-09 00:21:28.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-07 06:35:08.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 16355.11 MB
Available physical RAM: 14024.66 MB
Total Pagefile: 32708.41 MB
Available Pagefile: 30407.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:676.54 GB) (Free:519.16 GB) NTFS
Drive d: (2ndHDD) (Fixed) (Total:698.64 GB) (Free:698.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 5CF4F757)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=27)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7 GB) - (Type=73)
 
========================================================
Disk: 2 (Size: 699 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

There is something that I figured out now. When I say disable advanced firewall on adaware antivirus, I can connect to internet. I have been using the same antivirus programs for a while and did not have this issue before this virus activity. I have Kaspersy Internet Security 2013, adaware pro and MalwareBytes Anti-Malware. I also use WinPatrol in addition.

 

I also got little nervous and did AdwCleaner and RogueKiller. It does not really seem like it helped at all.

Link to post
Share on other sites

Please read and fully understand the following :-  P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

I did ask that you uninstall one of the two primary security systems, you must do that before we progress...  It is your choice which one to remove

 

 

Lavasoft Removal tool http://www.lavasoft.com/mylavasoft/support/supportcenter/faqs/how-to-uninstall

Kaspersky Removal tool http://support.kaspersky.com/common/service.aspx?el=1464

 

When that is complete re-boot and see if the connection is the same, Also let me see this log from Combofix:

 

C:Combofix.txt

 

Also let me see this file:

 

C:\QooBox\ComboFix-quarantined-files.txt

 

Kevin

Link to post
Share on other sites

ComboFix.txt  :

 

ComboFix 13-10-09.01 - Ates 09.10.2013  12:11:08.4.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16355.13737 [GMT -7:00]
Running from: c:\users\Ates\Desktop\Virus\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-09 to 2013-10-09  )))))))))))))))))))))))))))))))
.
.
2013-10-09 19:18 . 2013-10-09 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-09 19:08 . 2013-10-09 19:08 -------- d-----w- c:\users\Ates\AppData\Local\adawarebp
2013-10-09 19:04 . 2013-10-09 19:08 -------- d-----w- c:\programdata\boost_interprocess
2013-10-09 18:15 . 2013-10-09 18:15 -------- d-----w- C:\FRST
2013-10-09 15:45 . 2013-10-09 15:45 -------- d-----w- c:\users\Ates\AppData\Roaming\Proxifier
2013-10-09 15:44 . 2011-05-01 08:32 88816 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll
2013-10-09 15:44 . 2011-05-01 08:32 73968 ----a-w- c:\windows\system32\PrxerDrv.dll
2013-10-09 15:44 . 2011-05-01 08:32 67824 ----a-w- c:\windows\SysWow64\PrxerDrv.dll
2013-10-09 15:44 . 2011-05-01 08:32 55024 ----a-w- c:\windows\system32\PrxerNsp.dll
2013-10-09 15:44 . 2011-05-01 08:32 54000 ----a-w- c:\windows\SysWow64\PrxerNsp.dll
2013-10-09 15:44 . 2011-05-01 08:32 100592 ----a-w- c:\windows\system32\ProxifierShellExt.dll
2013-10-09 15:44 . 2013-10-09 15:44 -------- d-----w- c:\program files (x86)\Proxifier
2013-10-08 03:43 . 2013-10-09 12:43 -------- d-----w- c:\program files (x86)\KO100
2013-10-06 07:27 . 2013-02-01 14:39 72296 ----a-w- c:\windows\SysWow64\WTFastDrv.dll
2013-10-06 07:27 . 2013-02-01 14:39 79464 ----a-w- c:\windows\system32\WTFastDrv.dll
2013-10-06 07:27 . 2013-10-06 07:27 -------- d-----w- c:\program files (x86)\WTFast
2013-09-30 08:20 . 2013-10-09 14:36 -------- d-----w- c:\program files (x86)\LaglessProxy
2013-09-30 06:39 . 2013-09-30 06:39 -------- d-----w- c:\users\Ates\AppData\Roaming\WinPatrol
2013-09-30 06:39 . 2013-09-30 06:39 -------- d-----w- c:\program files (x86)\BillP Studios
2013-09-30 04:04 . 2013-09-30 04:05 -------- d-----w- c:\program files\CCleaner
2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\programdata\Oracle
2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-30 04:03 . 2013-09-30 04:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-30 04:03 . 2013-09-30 04:03 -------- d-----w- c:\program files (x86)\Java
2013-09-30 03:56 . 2013-09-30 03:56 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-09-29 08:05 . 2013-09-29 08:05 -------- d-----w- c:\windows\ERUNT
2013-09-29 03:08 . 2013-09-29 03:08 -------- d-----w- c:\program files\HitmanPro
2013-09-29 03:08 . 2013-09-29 03:17 -------- d-----w- c:\programdata\HitmanPro
2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\users\Ates\AppData\Roaming\Malwarebytes
2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-29 02:54 . 2013-09-29 02:54 -------- d-----w- c:\programdata\Malwarebytes
2013-09-29 02:54 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-29 02:49 . 2013-10-09 18:44 -------- d-----w- C:\AdwCleaner
2013-09-27 18:44 . 2013-09-27 18:44 -------- d-----w- c:\users\Ates\AppData\Local\AAA_Internet_Publishing,_
2013-09-24 18:11 . 2013-10-09 06:43 -------- d-----w- c:\program files (x86)\FlameKO
2013-09-18 20:21 . 2013-09-18 20:23 -------- d-----w- c:\program files (x86)\SexyKO
2013-09-17 20:54 . 2013-09-17 20:54 -------- d-----w- c:\users\Ates\AppData\Local\Geckofx
2013-09-17 20:53 . 2013-09-20 10:15 -------- d-----w- c:\program files (x86)\SmarttürkWebTV-V0.06
2013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-09-16 17:52 . 2013-09-16 17:52 -------- d-----w- c:\users\Ates\AppData\Roaming\Lavasoft
2013-09-16 17:51 . 2013-09-16 17:51 -------- d-----w- c:\program files\Lavasoft
2013-09-16 11:35 . 2013-05-23 15:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-09-16 07:38 . 2013-09-16 17:32 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-09-16 06:49 . 2013-10-09 19:06 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-09-16 06:49 . 2013-09-16 06:49 -------- d-----w- c:\programdata\Lavasoft
2013-09-16 06:49 . 2013-09-16 06:49 -------- d-----w- c:\programdata\Downloaded Installations
2013-09-16 06:49 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\Lavasoft
2013-09-16 06:48 . 2013-09-16 19:14 -------- d-----w- c:\users\Ates\AppData\Roaming\Ad-Aware Antivirus
2013-09-16 06:48 . 2013-09-16 17:56 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-09-15 11:00 . 2011-10-31 18:02 307200 ----a-w- c:\windows\SysWow64\pbproxy.dll
2013-09-15 07:52 . 2013-09-15 07:52 -------- d-----w- c:\users\Ates\AppData\Local\Amazon
2013-09-15 06:23 . 2013-09-15 06:23 -------- d-sh--w- c:\users\Ates\AppData\Local\icsxml
2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\users\Ates\AppData\Local\Razer
2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\programdata\Razer
2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\program files (x86)\Razer
2013-09-15 05:05 . 2013-09-15 05:05 -------- d-----w- c:\users\Ates\AppData\Local\Programs
2013-09-15 04:48 . 2012-11-23 01:42 -------- d-----w- c:\program files (x86)\Cure
2013-09-14 11:36 . 2013-09-14 11:36 -------- d-----w- c:\users\Ates\AppData\Local\Microsoft_Corporation
2013-09-14 11:34 . 2013-09-14 11:35 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-09-14 11:31 . 2013-09-14 11:36 -------- d-----w- c:\program files\Microsoft SQL Server
2013-09-13 11:05 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\mpengine.dll
2013-09-11 02:54 . 2013-09-11 12:19 -------- d-----w- c:\users\Ates\AppData\Roaming\Open Download Manager
2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\modules
2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\js
2013-09-11 02:54 . 2013-09-11 02:54 -------- d-----w- c:\windows\SysWow64\css
2013-09-11 02:50 . 2013-09-11 02:50 -------- d-----w- c:\users\Ates\AppData\Local\avgchrome
2013-09-11 02:47 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.002
2013-09-11 02:32 . 2013-09-11 02:32 -------- d-----w- c:\programdata\KLC
2013-09-11 02:32 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.001
2013-09-11 02:15 . 2013-09-11 02:32 -------- d-----w- c:\program files (x86)\KLC
2013-09-11 02:15 . 2004-08-04 10:56 431616 ----a-w- c:\windows\SysWow64\temp.000
2013-09-11 02:15 . 2002-12-20 19:02 1077336 ------w- c:\windows\SysWow64\mscomctl.ocx
2013-09-11 02:15 . 1999-12-07 14:00 61491 ----a-w- c:\windows\SysWow64\wbemdisp.TLB
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:18 . 2013-10-09 19:18 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B755AD91-425B-44B3-9FF5-FFDA2D512755}\offreg.dll
2013-09-30 04:03 . 2012-08-28 17:25 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-30 04:03 . 2012-08-28 17:25 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-20 18:04 . 2013-08-20 18:04 369168 ----a-w- c:\windows\system32\wpcap.dll
2013-08-20 18:04 . 2013-08-20 18:04 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2013-08-20 18:04 . 2013-08-20 18:04 106000 ----a-w- c:\windows\system32\packet.dll
2013-07-29 20:16 . 2012-06-08 18:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-09-24 441408]
"WTFast Tray"="c:\program files (x86)\WTFast\WTFast.exe" [2013-09-25 2483672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/13 11:11;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R4 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 Sendoriv1;Sendoriv1;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
R4 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job
- c:\users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 19:03]
.
2013-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job
- c:\users\Ates\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 19:03]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000Core.job
- c:\users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 12:56]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118131730-1538694497-4234192510-1000UA.job
- c:\users\Ates\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-28 12:56]
.
2013-10-09 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-10-06 10:23]
.
2013-09-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
2013-09-30 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
LSP: %SystemRoot%\system32\WTFastDrv.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{56B9FF1A-5330-4FC7-97E1-A1179CCD5D09}\A5978554C463839353C69727: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{72cabc40-64b2-46ed-8648-26d831761150} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnk - c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-{C547F361-5750-4CD1-9FB6-BC93827CB6C1} - c:\program files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}]
@Denied: (A 2 3) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\InProcServer32]
@="%SystemRoot%\\Explorer.exe"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\ProgID]
@="DAO.Client"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C8618CE4-B0B4-4D1D-8336-866A8B88B639}\TypeLib]
@="{C8618CE4-0624-7047-8336-6E676D6F7574}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Datafocus]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Mortice Kern Systems]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-09  12:19:34
ComboFix-quarantined-files.txt  2013-10-09 19:19
ComboFix2.txt  2013-10-09 18:14
.
Pre-Run: 557.424.799.744 bytes free
Post-Run: 557.327.679.488 bytes free
.
- - End Of File - - D40AFA76377049B1D6CC7D7875768DF2
 

 

ComboFix-Quarantined-flies.txt  :

 

2013-10-09 19:18:52 . 2013-10-09 19:18:52               80 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SBRegRebootCleaner.reg.dat
2013-10-09 18:14:24 . 2013-10-09 18:14:24                0 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-09 18:13:31 . 2013-10-09 19:18:42              180 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2013-10-09 18:13:31 . 2013-10-09 19:18:41              282 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{72cabc40-64b2-46ed-8648-26d831761150}.reg.dat
2013-10-09 18:13:31 . 2013-10-09 19:18:41              208 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2013-10-09 18:08:37 . 2013-10-09 18:08:37            1,172 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2013-10-09 18:08:37 . 2013-10-09 18:08:37            1,042 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2013-10-09 18:08:22 . 2013-10-09 19:16:42           16,655 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-09 17:57:44 . 2013-10-09 19:10:33              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-09-16 17:57:43 . 2013-10-06 07:04:06            1,868 ----a-w-  C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ad-Aware Antivirus.lnk.vir
 
Link to post
Share on other sites

Let me see logs from the following:

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Thank you....

Link to post
Share on other sites

Since i uninstalled adaware, the internet works for a while and then partially stops. It waits really long time and says resolving hosts or something. It sometimes opens the page after for a while and sometimes does not. When I disconnect and connect the internet, it starts working fine again. It all began right after I saw an warning message with WinPatrol. AmdInstaller something. I said reject and after like 10 minutes, my internet was gone. None of my antivirus programs could have found the virus.

 

FSS.txt  :

 

Farbar Service Scanner Version: 13-09-2013
Ran by Ates (administrator) on 09-10-2013 at 13:37:27
Running from "C:\Users\Ates\Desktop\Virus"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
Checkup.txt   :
 
 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (en-US) 
 TuneUp Utilities 2013   
 Java 7 Update 40  
 Adobe Flash Player 11.6.602.168  
 Adobe Reader XI  
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Run the following and post its logs;

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Link to post
Share on other sites

It says post is too long for OTL.txt so I am going to attach that one.

 

Extras.txt   :

 

OTL Extras logfile created on: 09.10.2013 14:53:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ates\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041F | Country: Turkey | Language: TRK | Date Format: dd.MM.yyyy
 
15,97 Gb Total Physical Memory | 13,64 Gb Available Physical Memory | 85,41% Memory free
31,94 Gb Paging File | 29,61 Gb Available in Paging File | 92,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676,54 Gb Total Space | 519,18 Gb Free Space | 76,74% Space Free | Partition Type: NTFS
Drive D: | 698,64 Gb Total Space | 698,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
 
Computer Name: ATES-PC | User Name: Ates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033AFA44-032C-422F-859C-C07870845F61}" = rport=445 | protocol=6 | dir=out | app=system | 
"{15E17B66-9423-45F8-8DC7-71745FB0C220}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{19755251-E772-42E8-A987-80CCC72B4F6C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CBF440E-8E28-441F-8F52-B71C4D35C2B1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{27F2E726-E6E6-4EF4-9CAA-C33A88597E08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2BA7038D-FB0F-4DEB-9964-76F8914A338D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{313DB46F-F8AC-4018-AAF7-B002359BDF8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{33926353-37E6-44A0-BCFA-3431CAF10FF2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35B2AD63-0FEF-4B30-820A-906FC8CEBAC1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{562D3548-1228-4453-9740-C81251AA1EF7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C0E86F3-AC9A-408C-8F67-77DE1044C904}" = rport=139 | protocol=6 | dir=out | app=system | 
"{66A16CE5-3C76-46DA-A564-1A76C165F432}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78CF4BA5-1E95-44BE-8B79-5270F99AD729}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B7543AC-6BE3-48D4-96A0-BE574B8E679C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96A6DCD7-2178-42AC-ACBC-4A127FE250E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A71FB99-B0D2-4704-AF2A-469D0FB0E227}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A1CE2871-64BC-4D67-AE24-206F8017A541}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BAC2BF6F-36E1-40CF-87F8-20FDC74C9107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7C81E25-E9BF-45E6-8FA2-F950028216E7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EBDF3AB5-299C-43A0-949C-5F90FF5C5121}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3EAB034-3415-4A43-B7B7-78BDE6035764}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073FE425-8520-43EA-B095-DCFF95394B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{095F6AC1-D5A6-4319-A7CF-AC6C226314A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0B902335-C244-401A-A44E-4EF6F34B8DCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BFFBC92-8108-4559-91EE-3BC82CEB3935}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0CC5B7C7-F799-471B-80DE-73C3A1A03F8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0F19F32E-D5DB-4260-80E9-0FF1EE1FDE1B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1B8756CB-F17F-4CE9-8E1F-7E195A16D035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D614D71-017F-4468-AD9D-304C4F68C763}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4e8c\hpdiagnosticcoreui.exe | 
"{1E1269F5-A3CC-476D-957C-288382717FC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21FC977E-B623-4EC9-8151-80E6A7013A90}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs590c\hpdiagnosticcoreui.exe | 
"{2766C795-016C-4AD1-9A13-612DEBE8166F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{2A3F5291-591F-41E7-89C9-141A69C3EF06}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{2A7A1B6A-17B7-4852-B824-13987B8719D8}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe | 
"{2A88CAB1-BDE9-46FE-9E8E-B5B64B9BBDBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32368C64-B743-496F-A025-69D5B4DC54E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3418FE7C-449D-4AA2-9886-7E79B3A4639C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{358AF7F2-3BEE-4618-8308-C8B57B3B0478}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{35E79F3F-9294-4326-9051-6C9A6A75E54D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{3A1A2242-D42D-4408-B8A0-90A183EDAFFA}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | 
"{419E2AC5-4507-4F86-921D-21726A1D9665}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{42E89487-1581-4A9B-919B-1AEC78464A86}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | 
"{43F51CE5-E1BF-4B1F-A652-C9329698F0A4}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4e8c\hpdiagnosticcoreui.exe | 
"{469B8720-EC9E-4466-BB41-2E2C2AFD2BBF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{48162F6C-6814-419A-890C-CD06E364BED7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{4D43436D-BE8B-42F8-9413-72FCD29F456F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{51126A91-EC8F-4303-B678-6B6EAA822611}" = dir=in | app=c:\users\ates\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{55B63DCA-1DFD-4592-B62C-F93BEC01C685}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{6904B65A-9CB6-40A8-A301-40E6AD2DFF82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{691AB4E3-AA22-44B2-89AE-D42B3FCA4696}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6C5FA9C3-EA82-446A-A750-8FDACE81ADF3}" = protocol=6 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4bfb\hpdiagnosticcoreui.exe | 
"{71BA7480-EA28-4418-9A9B-2154C0020C15}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{73033334-47A1-4279-9533-0B265668DE60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75328866-CAE8-465B-8C96-2268D4F60D53}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{799E97E6-4AC5-4D7E-BB1A-65BF2B3DEB4A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8C6B567F-C4E1-4632-9CE3-4E8BAF15A485}" = protocol=6 | dir=out | app=system | 
"{93136FD8-DA96-41CC-8242-27E84A538C3F}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs4bfb\hpdiagnosticcoreui.exe | 
"{95150049-F247-421B-ACC4-3CAA53076A1F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{96BF76C4-9E3F-4287-92A8-B9CB1ACF5CF1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{99BFE48F-B04B-4563-8EA9-CB42758E4218}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A34829F7-2497-4692-ACE8-4645DF4199C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A64E749C-EE4A-4E6E-BA4E-A53824CEB675}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AA95936D-3F33-4683-80D4-CE377A14470E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC1AB9E5-8E1F-4BED-977E-B4B5AB88965A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AC52EBD5-E133-4644-9F08-D73B0466DBF7}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe | 
"{AF506B51-C3F4-430F-9FC3-86EA965F628C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B65B10EB-902F-4CE4-A691-0213F11DD677}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{B702EE83-334C-48B1-A81B-A87977E2E16E}" = protocol=17 | dir=in | app=c:\users\ates\appdata\local\temp\7zs590c\hpdiagnosticcoreui.exe | 
"{BA15F9E0-7A82-4F13-88A3-94BB3C6F0FF5}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{BA2E4F22-81A3-4B01-85B7-C1FDC757E157}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{BD706A9D-A01D-4156-8AA2-FA7F30B68415}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{C1B16655-5C88-4435-AF9F-25BC7B4D875B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA215392-B7F3-4BCD-A3A5-76FD127F4CC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D49B0CD6-B14A-4B26-8951-B1A83536C4C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC120872-4902-4C95-BBF1-47049E769D0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{E0DEA635-FD82-4100-B19C-9ED084977879}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0EE962D-8634-4F48-A793-FE4FE622CF4F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | 
"{E304C3C5-E3ED-4122-B599-ABB5578B4D3B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{E633861C-3F16-4546-A2F8-3047AB90EE95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ECEFC0F7-74E8-491F-BF9F-011FD70D4C06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"TCP Query User{11B0D38A-BAC0-4D42-905C-DF9AB0FC7931}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"TCP Query User{218EE689-7893-4C2C-A3C8-0C381CF155F9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"UDP Query User{1B58425C-1693-42FE-83E6-6BD92293C7E0}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"UDP Query User{76CE5525-E5C5-45F1-A848-60CE2093A110}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{293CC68A-32BA-4BA4-84BD-0DCF6583566F}" = HP Deskjet 2510 series Basic Device Software
"{2BB2B804-51EA-4F3C-8402-290FAD6ABD39}" = Lavasoft Registry Tuner
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{3AE88993-61F5-44D9-8286-EE7EE2F2EF4A}" = Creo Thumbnail Viewer 2.0
"{4B3264AA-951A-4A6B-B837-125224261F12}" = HP Deskjet 2510 series Product Improvement Study
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1111
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache
"AutoHotkey" = AutoHotkey 1.1.09.02
"A-WIN-Extras 9.0.0 3824406_is1" = Mathematica Extras 9.0 (3824406)
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v5.00
"Elantech" = ETDWare PS/2-X64 10.7.14.12_WHQL
"HitmanPro37" = HitmanPro 3.7
"Maple 16" = Maple 16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"M-WIN-L 9.0.0 3825060_is1" = Wolfram Mathematica 9 (M-WIN-L 9.0.0 3825060)
"Sandboxie" = Sandboxie 4.04 (64-bit)
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.4.2
"{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1" = WTFast 3.0 Beta 12
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}" = HP Deskjet 2510 series Help
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{287D1D31-F936-4848-8760-4446C689AAFF}" = ModeShift
"{3C982C81-3DCB-41D4-A95F-34B2A4DF174D}" = PTC Quality Agent
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{FF3AE578-C715-4E32-A7D7-8F8258CB0E9A}" = Creo Platform 2.9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.5
"AutoItv3" = AutoIt v3.3.8.1
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Creative Element Power Tools" = Creative Element Power Tools
"Creo Direct Version 2.0 Datecode [M010]" = Creo Direct Version 2.0 Datecode [M010]
"Creo Layout Version 2.0 Datecode [M010]" = Creo Layout Version 2.0 Datecode [M010]
"Creo Parametric Version 2.0 Datecode [M010]" = Creo Parametric Version 2.0 Datecode [M010]
"Creo Simulate Version 2.0 Datecode [M010]" = Creo Simulate Version 2.0 Datecode [M010]
"DAEMON Tools Lite" = DAEMON Tools Lite
"File Properties Changer" = File Properties Changer
"Game Console - WildGames" = WildTangent ORB Game Console
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LaglessProxy" = LaglessProxy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maple 16" = Maple 16
"NETGEAR Genie" = NETGEAR Genie
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PasswordBox" = PasswordBox
"Proxifier_is1" = Proxifier version 3.0
"Razer Game Booster_is1" = Razer Game Booster
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer 8" = TeamViewer 8
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.3
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Window Hide Tool_is1" = Window Hide Tool 2.0
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2118131730-1538694497-4234192510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smarttürk WebTV v0.05" = Smarttürk WebTV v0.05
"SmarttürkWebTV-V0.06" = SmarttürkWebTV-V0.06
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2013 15:09:47 | Computer Name = Ates-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.10.2013 15:07:14 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 09.10.2013 15:08:05 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7023
Description = The AMD External Events Utility .NET. service terminated with the 
following error:   %%2
 
Error - 09.10.2013 15:08:14 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.10.2013 15:08:20 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 09.10.2013 15:08:41 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.10.2013 15:08:42 | Computer Name = Ates-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.10.2013 15:15:56 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 09.10.2013 15:18:17 | Computer Name = Ates-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >
 

OTL.Txt

Link to post
Share on other sites

Disable WinPatrol

- Right Click the 'Scotty Dog' icon in the system tray

- Click Options

- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts

-Click the X to end program.

- Right Click the 'Scotty Dog' icon in the system tray again

- Click Exit Program

WinPatrol is now disabled and will not start at bootup.

 

Next,

 

Disable teatimer and leave off for now (If used).

 

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

 

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

 

Next,

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLDRV:[b]64bit:[/b] - [2013.09.16 10:56:03 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)DRV:[b]64bit:[/b] - [2013.05.23 08:39:23 | 000,041,032 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)[2012.09.09 13:42:09 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}CHR - homepage: http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=139A6410B4878EB0C0DC125236A9E6E2CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - Extension: Lavasoft NewTab = C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\O3 - HKLM\..\Toolbar: (no name) - {72cabc40-64b2-46ed-8648-26d831761150} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:[b]64bit:[/b] - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not foundO4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)[2013.10.09 11:02:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2013.10.09 11:02:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2013.10.09 11:02:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2013.10.09 10:55:45 | 000,000,000 | ---D | C] -- C:\Qoobox[2013.09.16 10:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection[2013.09.16 10:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner[2013.09.16 10:52:55 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Lavasoft[2013.09.16 10:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft[2013.09.16 10:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft[2013.09.16 04:35:09 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\windows\SysNative\drivers\gfiark.sys[2013.09.16 00:38:00 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\LavasoftStatistics[2013.09.16 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus[2013.09.15 23:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft[2013.09.15 23:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus[2013.09.15 23:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft[2013.09.15 23:48:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys[2013.09.15 23:48:07 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus[2013.09.30 00:00:31 | 000,000,020 | ---- | M] () -- C:\windows\0÷%[2013.09.16 10:56:03 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys[2013.09.16 10:51:51 | 000,002,030 | ---- | M] () -- C:\0[2013.10.09 11:02:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013.10.09 11:02:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013.10.09 11:02:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2013.10.09 11:02:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013.10.09 11:02:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013.09.16 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT][Resethosts][Reboot]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

When the system reboots run Malwarebytes Quick scan.

 

Post those two logs, let me know if there are any remaining issues/concerns...
 

Link to post
Share on other sites

Log from OTL  :

 

All processes killed
========== OTL ==========
Service gfibto stopped successfully!
Service gfibto deleted successfully!
C:\Windows\SysNative\drivers\gfibto.sys moved successfully.
Service gfiark stopped successfully!
Service gfiark deleted successfully!
C:\Windows\SysNative\drivers\gfiark.sys moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\404 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully.
C:\Users\Ates\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully.
Use Chrome's Settings page to change the HomePage.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\img\CVS folder moved successfully.
C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\img folder moved successfully.
C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\CVS folder moved successfully.
C:\Users\Ates\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{72cabc40-64b2-46ed-8648-26d831761150} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cabc40-64b2-46ed-8648-26d831761150}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming\Microsoft folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData\Roaming folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Ates folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\ProgramData\Ad-Aware Browsing Protection folder moved successfully.
C:\Program Files (x86)\Toolbar Cleaner folder moved successfully.
C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\History folder moved successfully.
C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\Backups\09.16.2013,21-45-32 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner\Backups folder moved successfully.
C:\Users\Ates\AppData\Roaming\Lavasoft\Lavasoft Registry Tuner folder moved successfully.
C:\Users\Ates\AppData\Roaming\Lavasoft folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\Lavasoft Registry Tuner folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft folder moved successfully.
C:\Program Files\Lavasoft\Lavasoft Registry Tuner\Styles folder moved successfully.
C:\Program Files\Lavasoft\Lavasoft Registry Tuner folder moved successfully.
C:\Program Files\Lavasoft folder moved successfully.
File C:\windows\SysNative\drivers\gfiark.sys not found.
C:\Users\Ates\AppData\Roaming\LavasoftStatistics folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T184451.614828PID1940 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T182627.630428PID1940 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T181038.020429PID2020 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T175830.020429PID1932 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T175511.330831PID936 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T162849.722264PID2356 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131009T154356.095232PID1952 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131007T054535.204432PID2040 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T212631.770828PID1944 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T080655.535921PID3616 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T080601.692828PID1956 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T072412.412027PID1940 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T070757.565432PID1296 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T070351.443228PID2008 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T065645.419832PID1680 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T064558.318427PID1652 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131006T054426.959627PID1284 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131005T230039.521228PID1360 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20131005T044404.051629PID1640 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200849.928427PID1352 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200248.663226PID1316 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T200001.600826PID1352 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T195023.756826PID1116 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T194734.632026PID1312 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T194022.226425PID1312 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T193255.897227PID1400 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T191942.912827PID1352 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T095234.897227PID1312 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T092318.741226PID1444 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T084239.224827PID1480 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T070721.942428PID1480 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T063031.022027PID1312 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T021215.678826PID1388 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T020807.505628PID2096 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130930T002138.783232PID2120 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T184936.129629PID2084 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T080421.427628PID1644 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T063330.881627PID1352 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T052546.504029PID2080 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T040744.017834PID2260 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T034408.444826PID1448 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T033400.351226PID1432 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T031834.052844PID1724 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T030749.193627PID1312 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130929T025339.443228PID1288 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T183221.583628PID1364 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T124535.265234PID1004 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130928T003027.006427PID1280 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130927T184141.787644PID1088 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T062819.647626PID1360 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T061602.704855PID2176 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130917T044122.178027PID1356 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T191316.580431PID444 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T180640.739628PID1352 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T175932.022027PID892 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T103047.247441PID2340 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs\20130916T073759.808768PID9688 folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus\Logs folder moved successfully.
C:\ProgramData\Ad-Aware Antivirus folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Rules folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Quarantine folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Logs folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\History folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\FW History folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Events folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware\Downloads folder moved successfully.
C:\ProgramData\Lavasoft\AntiMalware folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully.
C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar folder moved successfully.
C:\Program Files (x86)\Lavasoft folder moved successfully.
File C:\windows\SysNative\drivers\gfibto.sys not found.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T190632.406751PID3632 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184900.431937PID5916 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184900.333932PID424 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184504.636649PID3888 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T184504.387049PID3240 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T182633.180636PID3516 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T182632.884236PID3596 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T175841.561248PID4236 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T175840.905846PID3728 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162852.001268PID3872 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162850.318465PID3020 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162314.834189PID3908 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T162314.778186PID360 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T154401.690641PID3848 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131009T154401.349040PID3560 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131007T054545.003448PID3596 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131007T054544.582248PID2180 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T212638.037038PID1240 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T212637.491037PID1816 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T072418.843438PID1780 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T072418.297437PID1984 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070911.036759PID1840 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070910.178758PID4988 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070406.056252PID3916 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T070405.479051PID1896 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065945.913221PID5132 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065807.458574PID2716 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T065806.881373PID4640 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T064716.566964PID2804 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T064716.036563PID5196 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T061411.537175PID1968 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131006T061411.459175PID2536 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131005T231058.819649PID7036 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131005T231057.914848PID5976 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131001T094952.798667PID8164 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20131001T094952.670659PID2244 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T201015.411775PID3904 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T201015.006175PID5940 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T192614.562314PID5468 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T192613.423512PID5320 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T095714.597791PID6900 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T095714.098591PID6760 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T084445.477495PID6164 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T084445.025094PID7016 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T071119.122044PID5792 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T071045.488384PID6384 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T064125.425336PID6420 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T064125.296329PID2296 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T035145.236216PID7688 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T023039.198894PID4720 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130930T023039.105889PID6876 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T190000.023947PID11556 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T061808.348120PID6424 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T061808.251114PID4352 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T055254.164529PID3012 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T055254.039729PID3960 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T040823.890702PID6072 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T040820.209096PID5632 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T033443.468500PID5092 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T033434.857285PID5728 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T032040.986415PID7204 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130929T032040.768014PID8168 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T183422.568336PID6892 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T183420.165932PID6300 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T124553.392466PID1572 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T124553.142866PID1544 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T093614.156201PID7496 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T093613.937801PID7684 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T072751.719887PID5792 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T072751.666884PID2372 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T003222.462228PID7080 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130928T003222.275028PID7048 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130927T200634.443762PID4520 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130927T200634.240962PID7772 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130924T201114.066548PID5572 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130924T201113.948541PID9476 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130922T190000.013932PID10100 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T063015.278228PID2344 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T063014.779028PID7164 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T061654.581146PID5724 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T061653.863545PID5696 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T060853.232887PID1268 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055727.670753PID9168 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055727.608352PID3116 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055657.135252PID4128 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055657.088452PID8348 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055629.627541PID1392 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T055629.549540PID9456 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054216.140303PID9536 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054216.093502PID6156 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054203.669638PID4796 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054203.638438PID7904 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054138.015946PID7868 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T054137.906746PID3936 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T044143.905664PID5984 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130917T044143.827664PID5928 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191554.745443PID1660 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191554.729843PID1716 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191343.662079PID1568 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T191343.537279PID1540 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T180658.473658PID5524 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T180658.208457PID5472 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175959.089473PID5852 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175954.893866PID5132 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175602.552526PID6572 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T175132.135975PID5784 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T174944.771834PID5712 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T174540.633871PID6808 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T103058.136259PID3580 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T103057.761859PID3692 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T073800.487807PID8352 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T073758.954720PID3312 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs\20130916T064805.216488PID7716 folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Windows\0÷% moved successfully.
File C:\windows\SysNative\drivers\gfibto.sys not found.
C:\0 moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
Folder C:\Users\Ates\AppData\Roaming\Ad-Aware Antivirus\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ates\Desktop\cmd.bat deleted successfully.
C:\Users\Ates\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ates
->Temp folder emptied: 308736 bytes
->Temporary Internet Files folder emptied: 393661 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 354483930 bytes
->Flash cache emptied: 739 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 339,00 mb
 
Restore point Set: OTL Restore Point
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10092013_191824
 
Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!
C:\Users\Ates\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Log from malwarebytes  :
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.09.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ates :: ATES-PC [administrator]
 
Protection: Enabled
 
09.10.2013 19:23:35
mbam-log-2013-10-09 (19-23-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203842
Time elapsed: 3 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

OK, do the following:

 

From the Run Dialogue box type services.msc hit enter, in the new window check these entries are running and set to automatic:

DHCP Client

DNS Client

 

As an administrator from the cmd prompt type and Enter each of these cmds :-

 

Go to Start > All Programs > Accessories > Right click on "Command Prompt" select "Run As Administrator"

 

Run the following commands hit the enter key after each one:

 

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

ipconfig /flushdns

ipconfig /release

ipconfig /renew

ipconfig /registerdns

 

Then reboot.

 

If the issue still remains set your system up for a "Clean Boot" and see if that makes a difference, for the instructions from this link:

 

http://support.microsoft.com/kb/929135

 

Expand the section specific to your OS...

 

Kevin

Link to post
Share on other sites

The Internet is comoletely gone after the clean boot. Also the Mouse does not work since I did it. I the mouse pad. What I have also figured out recently is that, the Internet actually works all the time. I can use Skype and other programs that require internet but I can not surf after being connected to Internet like 20 min. I need to disconnect and connect it to be able to surf another 20 min

Link to post
Share on other sites

Well, I found a way to use my mouse and internet on Clean Boot. I disabled everything except microsoft products but there is something called samsung device configuration. I can not disable that one, If I disable it, the internet and my mouse will not work. I disabled everything else tho. Only Kaspersky(I can not disable it via msconfig) is running. I believe that the problem is still exists. It is so weird because I can not use Google Chrome or IE. It would act like I have no internet connection but I could keep Skyping with my friends.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.