Jump to content

Malwarebytes Malicious Website


Recommended Posts

I installed Malwarebytes Antimalware a few days ago.Sometimes it gives below warning.
 
 
 
Malicious website blocked
 
C:windows/system32/scvhost.exe
 
inbound
 
port: 21320 (or 1521 or 9064)
 
ip: (some ip from china or netherlands)

 

 

 
In logs i found these.
 

Protection, Malicious Website Protection, IP, 60.173.8.205, 8088, Inbound, C:\Windows\System32\svchost.exe,
 
Protection, Malicious Website Protection, IP, 31.184.192.165, 1003, Inbound, C:\Windows\System32\svchost.exe
 
Protection, Malicious Website Protection, IP, 94.102.63.238, 5900, Inbound, C:\Windows\System32\svchost.exe

 

 

 
 
Does that mean my pc is infected?
 
I couldn't copy paste the logs because it said too long so i attached them.
 
 
 

FRST.txt

Addition.txt

Link to post
Share on other sites

Welcome to the forum. Lets take a look.....

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 18.08.2014

Scan Time: 01:35:00

Logfile: Malwarebytes log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.17.06

Rootkit Database: v2014.08.16.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: UGLMRT

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 289481

Time Elapsed: 15 min, 45 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 


RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : UGLMRT [Admin rights]

Mode : Scan -- Date : 08/18/2014  02:12:05

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 25 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | NameServer : 195.46.39.39,195.46.39.40  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | NameServer : 195.46.39.39,195.46.39.40  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | NameServer : 195.46.39.39,195.46.39.40  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A} | DhcpNameServer : 62.248.80.164 176.240.150.229  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤

[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\DeepFrz @ Unknown (\SystemRoot\System32\Drivers\DeepFrz.sys)

 

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] mj6cc7ua.default : user_pref("browser.startup.homepage", "https://www.google.com/?hl=en"); -> FOUND

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 9261eaf1f247e5425171b8ccab55d543

[bSP] 2defb2ac7b789cf39bb34190872c04f9 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB

Error reading LL1 MBR! ([32] The request is not supported. )

User = LL2 ... OK

 

 

============================================

RKreport_DEL_08142014_225029.log - RKreport_SCN_08142014_141258.log - RKreport_SCN_08142014_215517.log - RKreport_SCN_08142014_224626.log

RKreport_SCN_08142014_231910.log - RKreport_SCN_08152014_000128.log - RKreport_SCN_08152014_001758.log

Link to post
Share on other sites

Lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

First time i run combofix avira blocked something then after finished combofix gave an error.But i included the first log too.It is named combofix-1.txt

 

Before starting combofix for the second time i uninstalled avira and MalwareBytes and deleted combofix then downloaded it again.This time it run smooth.Logs of second scan is named combofix-2.txt

 

TDSSkiller generated two logs i attached them too.

 

Thanks for everything.

TDSSKiller.3.0.0.40_18.08.2014_03.40.48_log.txt

TDSSKiller.3.0.0.40_18.08.2014_03.51.59_log.txt

combofix-1.txt

combofix-2.txt

Link to post
Share on other sites

It's come to my attension that you have AutoKMS on the system:
 

Task: {F10F9EB3-031C-4C30-9399-A1BFD64626EA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

 

AutoKMS is used to by-pass activation for Microsoft Office:

http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=HackTool:Win32/AutoKMS

The foruns piracy policy:
https://forums.malwarebytes.org/index.php?/topic/97700-piracy/

MrC

Link to post
Share on other sites

I deactivated deepreeze and uninstalled office completely.However i couldn't find Autokms in search.I am pasting new combofix logs.My tdsskiller and previous combofix logs are attached in my previous post.My previous combofix scan gave an error perhaps it is important?

 

ComboFix 14-08-17.01 - UGLMRT 18.08.2014  18:19:13.3.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1254.90.1033.18.4009.2001 [GMT 3:00]
Running from: c:\users\UGLMRT\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-18 to 2014-08-18  )))))))))))))))))))))))))))))))
.
.
2014-08-18 15:24 . 2014-08-18 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 15:50 . 2014-08-17 15:57 -------- d-----w- C:\FRST
2014-08-14 18:36 . 2014-08-14 18:36 -------- d-----w- c:\windows\ERUNT
2014-08-14 12:53 . 2014-08-14 12:53 -------- d-----w- c:\users\UGLMRT\AppData\Local\CrashDumps
2014-08-14 12:52 . 2014-08-14 13:03 -------- d-----w- C:\MGtools
2014-08-14 12:39 . 2014-08-14 12:50 -------- d-----w- c:\programdata\HitmanPro
2014-08-14 11:17 . 2014-08-14 11:17 -------- d-----w- c:\programdata\Malwarebytes
2014-08-14 11:07 . 2014-08-14 21:13 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-14 11:07 . 2014-08-14 11:07 -------- d-----w- c:\programdata\RogueKiller
2014-08-14 10:26 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 10:26 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 10:26 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 10:26 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 10:26 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 10:26 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 10:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-14 10:20 . 2014-08-14 10:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-14 10:20 . 2014-08-14 10:20 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-14 10:20 . 2014-08-14 10:20 -------- d-----w- c:\program files (x86)\Java
2014-08-14 10:14 . 2014-08-14 10:14 -------- d-----w- c:\program files\CCleaner
2014-08-14 09:50 . 2014-08-14 09:50 -------- d-----w- c:\users\UGLMRT\AppData\Roaming\Tific
2014-08-12 20:45 . 2014-08-14 09:58 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-08-12 20:04 . 2014-08-14 09:59 -------- d-----w- c:\programdata\Norton
2014-07-28 16:10 . 2014-07-28 16:10 16848439 ------w- C:\Persi0.sys
2014-07-28 15:34 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A16093A-67FD-496C-A0CC-D6C27944D576}\mpengine.dll
2014-07-28 15:00 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-28 15:00 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-28 15:00 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-28 15:00 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-28 15:00 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-28 15:00 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-28 15:00 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-28 14:43 . 2014-08-15 22:47 -------- d-----w- c:\windows\AutoKMS
2014-07-28 14:42 . 2014-08-15 22:37 151552 ----a-w- c:\windows\KMSEmulator.exe
2014-07-28 14:26 . 2014-07-28 14:26 -------- d-----w- c:\windows\PCHEALTH
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-14 21:07 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 13:03 . 2014-08-14 12:52 228363 ----a-w- C:\MGlogs.zip
2014-08-14 11:36 . 2014-01-05 10:53 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-14 10:32 . 2013-12-28 12:43 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-29 14:48 . 2014-06-29 14:48 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-29 48752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-06-23 2327248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files (x86)\AveaConnectionManager\Avea_Launcher.exe [2013-12-29 789048]
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2014-6-24 48848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys;c:\windows\SYSNATIVE\drivers\rstescu.sys [x]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys;c:\windows\SYSNATIVE\drivers\rstescu1.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DeepFrz;DeepFrz; [x]
S0 DfDiskLo;DfDiskLo; [x]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys;c:\windows\SYSNATIVE\Drivers\FBIOSDRV.sys [x]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys;c:\windows\SYSNATIVE\drivers\rstfltr.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\AveaConnectionManager\WTGService.exe;c:\program files (x86)\AveaConnectionManager\WTGService.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys;c:\windows\SYSNATIVE\DRIVERS\FUJ02E3.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 22:50 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 12:14]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-20 11663464]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-03-30 1935120]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-25 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-01-11 200552]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 62.248.80.164 176.240.150.229
TCP: Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A}: NameServer = 195.46.39.39,195.46.39.40
FF - ProfilePath - c:\users\UGLMRT\AppData\Roaming\Mozilla\Firefox\Profiles\mj6cc7ua.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?hl=en
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1260785603-2470821697-567209194-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1260785603-2470821697-567209194-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-1260785603-2470821697-567209194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-18  18:25:54
ComboFix-quarantined-files.txt  2014-08-18 15:25
ComboFix2.txt  2014-08-18 01:45
ComboFix3.txt  2014-08-18 01:26
.
Pre-Run: 455.127.379.968 bytes free
Post-Run: 454.836.158.464 bytes free
.
- - End Of File - - B145A21CA6D2341F35660E583B237BF3
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by UGLMRT (administrator) on UGLMRT-PC on 18-08-2014 18:40:32
Running from C:\Users\UGLMRT\Desktop
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
() C:\Program Files (x86)\AveaConnectionManager\Avea_Launcher.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2011-04-20] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-03-30] (Intel® Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [200552 2011-01-11] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6311424 2010-10-07] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-23] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\AveaConnectionManager\Avea_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk /k:C * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4A21E138C603CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.248.80.164 176.240.150.229
Tcpip\..\Interfaces\{26295F24-21C6-4F99-AC75-458790CCAC1A}: [NameServer]195.46.39.39,195.46.39.40
 
FireFox:
========
FF ProfilePath: C:\Users\UGLMRT\AppData\Roaming\Mozilla\Firefox\Profiles\mj6cc7ua.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\UGLMRT\AppData\Roaming\Mozilla\Firefox\Profiles\mj6cc7ua.default\Extensions\abs@avira.com [2014-08-16]
FF Extension: Magic Actions for YouTube™ - C:\Users\UGLMRT\AppData\Roaming\Mozilla\Firefox\Profiles\mj6cc7ua.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-03-17]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/intl/en/"
CHR DefaultSearchKeyword: google.com.tr
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Magic Actions for YouTube™) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-01-15]
CHR Extension: (SmallringFX MetalSliver Theme) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\amoaokkohdcekgomnddkdfocbifmiafo [2014-01-04]
CHR Extension: (High Contrast) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-01-04]
CHR Extension: (Custom Google™ Background) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepibmfmhopgkplegmkjgifmhabbjadg [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
CHR Extension: (Click&Clean App) - C:\Users\UGLMRT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-01-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-24] (Comodo Security Solutions, Inc.)
R2 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1444864 2013-11-29] (Faronics Corporation) [File not signed]
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-23] (Comodo Security Solutions, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-03-30] ()
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [331776 2010-10-07] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 WTGService; C:\Program Files (x86)\AveaConnectionManager\WTGService.exe [342584 2013-02-12] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider) [File not signed]
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [216592 2013-11-29] (Faronics Corporation)
R0 DfDiskLo; C:\Windows\System32\Drivers\DfDiskLo.sys [39184 2013-11-29] (Faronics Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [607256 2011-03-25] (Intel Corporation)
S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [607256 2011-03-25] (Intel Corporation)
R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [22552 2011-03-25] (Intel Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [123520 2013-12-29] (ZTE Incorporated)
S3 ZTEusbnet; C:\Windows\SysWOW64\DRIVERS\ZTEusbnet.sys [137728 2013-12-29] (ZTE Corporation)
S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [123520 2013-12-29] (ZTE Incorporated)
S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [123520 2013-12-29] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 18:39 - 2014-08-18 18:40 - 02101760 _____ (Farbar) C:\Users\UGLMRT\Desktop\FRST64.exe
2014-08-18 18:25 - 2014-08-18 18:25 - 00015174 _____ () C:\ComboFix.txt
2014-08-18 18:16 - 2014-08-18 18:17 - 05572035 ____R (Swearware) C:\Users\UGLMRT\Desktop\ComboFix.exe
2014-08-18 04:10 - 2014-08-18 18:25 - 00000000 ____D () C:\Qoobox
2014-08-18 04:10 - 2014-08-18 04:23 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 04:10 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-18 04:10 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-18 04:10 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-18 04:10 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-18 04:10 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-18 04:10 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-18 04:10 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-18 04:10 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-18 03:58 - 2014-08-18 18:26 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (5)
2014-08-18 03:40 - 2014-08-18 03:40 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\UGLMRT\Desktop\tdsskiller (1).exe
2014-08-17 18:53 - 2014-08-17 18:54 - 00029863 _____ () C:\Users\UGLMRT\Desktop\Addition.txt
2014-08-17 18:50 - 2014-08-18 18:41 - 00013017 _____ () C:\Users\UGLMRT\Desktop\FRST.txt
2014-08-17 18:50 - 2014-08-18 18:40 - 00000000 ____D () C:\FRST
2014-08-16 01:39 - 2014-08-16 01:42 - 151472736 _____ () C:\Users\UGLMRT\Downloads\avira_free_antivirus_en.exe
2014-08-16 01:36 - 2014-08-16 01:37 - 00262144 _____ () C:\Windows\Minidump\081614-23134-01.dmp
2014-08-16 01:36 - 2014-08-16 01:36 - 541850850 _____ () C:\Windows\MEMORY.DMP
2014-08-15 00:10 - 2014-08-18 03:52 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (4)
2014-08-14 23:42 - 2014-08-14 23:42 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (3)
2014-08-14 23:28 - 2014-08-15 00:28 - 00000991 _____ () C:\Users\UGLMRT\Desktop\New Text Document.txt
2014-08-14 22:22 - 2014-08-14 22:22 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (2)
2014-08-14 21:36 - 2014-08-14 21:36 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 21:35 - 2014-08-14 21:35 - 01016261 _____ (Thisisu) C:\Users\UGLMRT\Desktop\JRT.exe
2014-08-14 16:05 - 2014-08-14 16:03 - 00228363 _____ () C:\Users\UGLMRT\Desktop\MGlogs.zip
2014-08-14 16:04 - 2014-08-14 16:04 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder
2014-08-14 15:53 - 2014-08-14 15:53 - 00000000 ____D () C:\Users\UGLMRT\AppData\Local\CrashDumps
2014-08-14 15:52 - 2014-08-14 16:03 - 00228363 _____ () C:\MGlogs.zip
2014-08-14 15:52 - 2014-08-14 16:03 - 00000000 ____D () C:\MGtools
2014-08-14 15:51 - 2014-08-14 13:59 - 01990574 _____ () C:\MGtools.exe
2014-08-14 15:49 - 2014-08-14 15:49 - 00000696 _____ () C:\Users\UGLMRT\Desktop\HitmanPro_20140814_1548.txt
2014-08-14 15:39 - 2014-08-14 15:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 14:36 - 2014-08-18 18:32 - 00158776 _____ () C:\Windows\PFRO.log
2014-08-14 14:17 - 2014-08-14 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 14:14 - 2014-08-14 14:14 - 00004531 _____ () C:\Users\UGLMRT\Desktop\1RKreport_SCN_08142014_141258.log
2014-08-14 14:07 - 2014-08-15 00:13 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 14:07 - 2014-08-14 14:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 13:59 - 2014-08-14 13:59 - 01990574 _____ () C:\Users\UGLMRT\Desktop\MGtools.exe
2014-08-14 13:58 - 2014-08-14 13:59 - 01990574 _____ () C:\Users\UGLMRT\Downloads\MGtools.exe
2014-08-14 13:57 - 2014-08-14 13:58 - 11188736 _____ (SurfRight B.V.) C:\Users\UGLMRT\Desktop\HitmanPro_x64.exe
2014-08-14 13:56 - 2014-08-14 13:56 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\UGLMRT\Downloads\mb.exe
2014-08-14 13:55 - 2014-08-14 13:55 - 05392984 _____ () C:\Users\UGLMRT\Desktop\RogueKillerX64.exe
2014-08-14 13:54 - 2014-08-14 13:54 - 00016810 _____ () C:\Users\UGLMRT\Desktop\roguekiller,2.html
2014-08-14 13:49 - 2014-08-18 18:32 - 00001960 _____ () C:\Windows\setupact.log
2014-08-14 13:49 - 2014-08-14 13:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 13:28 - 2014-08-14 13:29 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\UGLMRT\Desktop\tdsskiller.exe
2014-08-14 13:28 - 2014-08-14 13:28 - 00016882 _____ () C:\Users\UGLMRT\Desktop\kaspersky_tdsskiller,1.html
2014-08-14 13:27 - 2014-08-14 13:29 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\UGLMRT\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-08-14 13:26 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 13:26 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 13:26 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 13:26 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 13:26 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 13:26 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 13:25 - 2014-08-01 02:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 13:25 - 2014-08-01 02:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 13:25 - 2014-07-25 17:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 13:25 - 2014-07-25 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 13:25 - 2014-07-25 17:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 13:25 - 2014-07-25 16:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 13:25 - 2014-07-25 16:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 13:25 - 2014-07-25 16:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 13:25 - 2014-07-25 16:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 13:25 - 2014-07-25 16:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 13:25 - 2014-07-25 16:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 13:25 - 2014-07-25 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 13:25 - 2014-07-25 16:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 13:25 - 2014-07-25 16:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 13:25 - 2014-07-25 16:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 13:25 - 2014-07-25 16:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 13:25 - 2014-07-25 16:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 13:25 - 2014-07-25 15:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 13:25 - 2014-07-25 15:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 13:25 - 2014-07-25 15:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 13:25 - 2014-07-25 15:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 13:25 - 2014-07-25 15:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 13:25 - 2014-07-25 15:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 13:25 - 2014-07-25 15:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 13:25 - 2014-07-25 15:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 13:25 - 2014-07-25 15:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 13:25 - 2014-07-25 15:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 13:25 - 2014-07-25 15:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 13:25 - 2014-07-25 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 13:25 - 2014-07-25 15:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 13:25 - 2014-07-25 15:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 13:25 - 2014-07-25 15:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 13:25 - 2014-07-25 15:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 13:25 - 2014-07-25 15:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 13:25 - 2014-07-25 15:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 13:25 - 2014-07-25 15:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 13:25 - 2014-07-25 14:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 13:25 - 2014-07-25 14:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 13:25 - 2014-07-25 14:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 13:25 - 2014-07-25 14:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 13:25 - 2014-07-25 14:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 13:25 - 2014-07-25 14:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 13:25 - 2014-07-25 14:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 13:25 - 2014-07-25 14:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 13:25 - 2014-07-25 14:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 13:25 - 2014-07-25 14:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 13:25 - 2014-07-25 14:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 13:25 - 2014-07-25 14:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 13:25 - 2014-07-25 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 13:25 - 2014-07-25 14:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 13:25 - 2014-07-25 13:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 13:25 - 2014-07-25 13:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 13:25 - 2014-07-25 13:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 13:25 - 2014-07-25 13:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 13:25 - 2014-07-25 13:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 13:25 - 2014-07-25 13:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 13:25 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 13:25 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 13:24 - 2014-08-07 05:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 13:24 - 2014-08-07 05:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 13:24 - 2014-07-16 06:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 13:24 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 13:24 - 2014-07-16 05:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 13:24 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 13:24 - 2014-07-16 05:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 13:24 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 13:24 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 13:24 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 13:24 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 13:24 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 13:24 - 2014-07-09 05:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 13:24 - 2014-07-09 05:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 13:24 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 13:24 - 2014-07-09 04:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 13:24 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 13:24 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 13:24 - 2014-07-09 04:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 13:24 - 2014-07-09 01:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 13:24 - 2014-07-09 01:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 13:24 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 13:24 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 13:24 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 13:24 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 13:24 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 13:24 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 13:24 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 13:24 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 13:24 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 13:24 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 13:21 - 2014-08-14 13:21 - 00918440 _____ (Oracle Corporation) C:\Users\UGLMRT\Downloads\chromeinstall-7u67.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 13:20 - 2014-08-14 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 13:20 - 2014-08-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-14 13:14 - 2014-08-14 13:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-14 13:14 - 2014-08-14 13:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-14 13:14 - 2014-08-14 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-14 13:14 - 2014-08-14 13:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 13:13 - 2014-08-14 13:13 - 04813544 _____ (Piriform Ltd) C:\Users\UGLMRT\Downloads\ccsetup416.exe
2014-08-14 12:56 - 2014-08-14 12:56 - 00910992 _____ (Symantec Corporation) C:\Users\UGLMRT\Downloads\AutoDetectPkg (1).exe
2014-08-14 12:52 - 2014-08-14 12:52 - 00910992 _____ (Symantec Corporation) C:\Users\UGLMRT\Downloads\AutoDetectPkg.exe
2014-08-14 12:50 - 2014-08-14 12:50 - 00000000 ____D () C:\Users\UGLMRT\AppData\Roaming\Tific
2014-08-12 23:04 - 2014-08-14 12:59 - 00000000 ____D () C:\ProgramData\Norton
2014-07-28 19:10 - 2014-08-18 18:36 - 16848688 _____ () C:\Persi0.sys
2014-07-28 18:42 - 2014-07-28 18:42 - 00000044 _____ () C:\Users\UGLMRT\Downloads\New Text Document.txt
2014-07-28 18:36 - 2014-07-28 18:37 - 06433055 _____ (http://winmerge.org ) C:\Users\UGLMRT\Downloads\WinMerge-2.14.0-Setup.exe
2014-07-28 18:01 - 2014-06-05 17:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-28 18:01 - 2014-06-05 17:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-28 18:01 - 2014-06-05 17:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-28 18:01 - 2014-05-30 11:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-28 18:01 - 2014-05-30 10:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-28 18:01 - 2014-05-30 09:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-28 18:00 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-28 18:00 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-28 18:00 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-28 18:00 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-28 17:57 - 2014-07-28 17:58 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 17:43 - 2014-08-16 01:47 - 00000000 ____D () C:\Windows\AutoKMS
2014-07-28 17:42 - 2014-08-16 01:37 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-07-28 17:26 - 2014-07-28 17:26 - 00000000 ____D () C:\Windows\PCHEALTH
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 18:41 - 2014-08-17 18:50 - 00013017 _____ () C:\Users\UGLMRT\Desktop\FRST.txt
2014-08-18 18:40 - 2014-08-18 18:39 - 02101760 _____ (Farbar) C:\Users\UGLMRT\Desktop\FRST64.exe
2014-08-18 18:40 - 2014-08-17 18:50 - 00000000 ____D () C:\FRST
2014-08-18 18:39 - 2013-12-28 14:16 - 01738143 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 18:36 - 2014-07-28 19:10 - 16848688 _____ () C:\Persi0.sys
2014-08-18 18:34 - 2013-12-28 15:14 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 18:33 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 18:32 - 2014-08-14 14:36 - 00158776 _____ () C:\Windows\PFRO.log
2014-08-18 18:32 - 2014-08-14 13:49 - 00001960 _____ () C:\Windows\setupact.log
2014-08-18 18:26 - 2014-08-18 03:58 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (5)
2014-08-18 18:25 - 2014-08-18 18:25 - 00015174 _____ () C:\ComboFix.txt
2014-08-18 18:25 - 2014-08-18 04:10 - 00000000 ____D () C:\Qoobox
2014-08-18 18:24 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-18 18:19 - 2009-07-14 07:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:19 - 2009-07-14 07:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:17 - 2014-08-18 18:16 - 05572035 ____R (Swearware) C:\Users\UGLMRT\Desktop\ComboFix.exe
2014-08-18 16:27 - 2013-12-28 14:19 - 00107264 _____ () C:\Users\UGLMRT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 16:26 - 2009-07-14 07:45 - 00404568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 16:24 - 2014-06-11 00:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 16:24 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-18 16:23 - 2009-07-14 08:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-18 16:22 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-18 16:22 - 2009-07-14 05:34 - 00000387 _____ () C:\Windows\win.ini
2014-08-18 04:47 - 2013-12-28 15:14 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 04:26 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-08-18 04:23 - 2014-08-18 04:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-18 03:52 - 2014-08-15 00:10 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (4)
2014-08-18 03:40 - 2014-08-18 03:40 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\UGLMRT\Desktop\tdsskiller (1).exe
2014-08-17 18:54 - 2014-08-17 18:53 - 00029863 _____ () C:\Users\UGLMRT\Desktop\Addition.txt
2014-08-16 01:51 - 2013-12-28 15:15 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 01:47 - 2014-07-28 17:43 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-16 01:42 - 2014-08-16 01:39 - 151472736 _____ () C:\Users\UGLMRT\Downloads\avira_free_antivirus_en.exe
2014-08-16 01:37 - 2014-08-16 01:36 - 00262144 _____ () C:\Windows\Minidump\081614-23134-01.dmp
2014-08-16 01:37 - 2014-07-28 17:42 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-08-16 01:36 - 2014-08-16 01:36 - 541850850 _____ () C:\Windows\MEMORY.DMP
2014-08-16 01:36 - 2014-06-26 18:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 00:28 - 2014-08-14 23:28 - 00000991 _____ () C:\Users\UGLMRT\Desktop\New Text Document.txt
2014-08-15 00:13 - 2014-08-14 14:07 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 23:42 - 2014-08-14 23:42 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (3)
2014-08-14 22:22 - 2014-08-14 22:22 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder (2)
2014-08-14 21:36 - 2014-08-14 21:36 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 21:35 - 2014-08-14 21:35 - 01016261 _____ (Thisisu) C:\Users\UGLMRT\Desktop\JRT.exe
2014-08-14 16:04 - 2014-08-14 16:04 - 00000000 ____D () C:\Users\UGLMRT\Desktop\New folder
2014-08-14 16:03 - 2014-08-14 16:05 - 00228363 _____ () C:\Users\UGLMRT\Desktop\MGlogs.zip
2014-08-14 16:03 - 2014-08-14 15:52 - 00228363 _____ () C:\MGlogs.zip
2014-08-14 16:03 - 2014-08-14 15:52 - 00000000 ____D () C:\MGtools
2014-08-14 15:53 - 2014-08-14 15:53 - 00000000 ____D () C:\Users\UGLMRT\AppData\Local\CrashDumps
2014-08-14 15:50 - 2014-08-14 15:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 15:49 - 2014-08-14 15:49 - 00000696 _____ () C:\Users\UGLMRT\Desktop\HitmanPro_20140814_1548.txt
2014-08-14 14:17 - 2014-08-14 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 14:14 - 2014-08-14 14:14 - 00004531 _____ () C:\Users\UGLMRT\Desktop\1RKreport_SCN_08142014_141258.log
2014-08-14 14:07 - 2014-08-14 14:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 13:59 - 2014-08-14 15:51 - 01990574 _____ () C:\MGtools.exe
2014-08-14 13:59 - 2014-08-14 13:59 - 01990574 _____ () C:\Users\UGLMRT\Desktop\MGtools.exe
2014-08-14 13:59 - 2014-08-14 13:58 - 01990574 _____ () C:\Users\UGLMRT\Downloads\MGtools.exe
2014-08-14 13:58 - 2014-08-14 13:57 - 11188736 _____ (SurfRight B.V.) C:\Users\UGLMRT\Desktop\HitmanPro_x64.exe
2014-08-14 13:56 - 2014-08-14 13:56 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\UGLMRT\Downloads\mb.exe
2014-08-14 13:55 - 2014-08-14 13:55 - 05392984 _____ () C:\Users\UGLMRT\Desktop\RogueKillerX64.exe
2014-08-14 13:54 - 2014-08-14 13:54 - 00016810 _____ () C:\Users\UGLMRT\Desktop\roguekiller,2.html
2014-08-14 13:49 - 2014-08-14 13:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-14 13:47 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 13:34 - 2013-12-28 15:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 13:32 - 2013-12-28 15:43 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 13:29 - 2014-08-14 13:28 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\UGLMRT\Desktop\tdsskiller.exe
2014-08-14 13:29 - 2014-08-14 13:27 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\UGLMRT\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-08-14 13:28 - 2014-08-14 13:28 - 00016882 _____ () C:\Users\UGLMRT\Desktop\kaspersky_tdsskiller,1.html
2014-08-14 13:25 - 2014-04-29 18:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 13:21 - 2014-08-14 13:21 - 00918440 _____ (Oracle Corporation) C:\Users\UGLMRT\Downloads\chromeinstall-7u67.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-14 13:20 - 2014-08-14 13:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-14 13:20 - 2014-08-14 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-14 13:20 - 2014-08-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-14 13:20 - 2013-12-28 15:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-14 13:15 - 2013-12-29 00:11 - 00000000 ____D () C:\Windows\panther
2014-08-14 13:14 - 2014-08-14 13:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-14 13:14 - 2014-08-14 13:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-14 13:14 - 2014-08-14 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-14 13:14 - 2014-08-14 13:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-14 13:13 - 2014-08-14 13:13 - 04813544 _____ (Piriform Ltd) C:\Users\UGLMRT\Downloads\ccsetup416.exe
2014-08-14 12:59 - 2014-08-12 23:04 - 00000000 ____D () C:\ProgramData\Norton
2014-08-14 12:56 - 2014-08-14 12:56 - 00910992 _____ (Symantec Corporation) C:\Users\UGLMRT\Downloads\AutoDetectPkg (1).exe
2014-08-14 12:52 - 2014-08-14 12:52 - 00910992 _____ (Symantec Corporation) C:\Users\UGLMRT\Downloads\AutoDetectPkg.exe
2014-08-14 12:50 - 2014-08-14 12:50 - 00000000 ____D () C:\Users\UGLMRT\AppData\Roaming\Tific
2014-08-12 23:11 - 2009-07-14 08:13 - 00781590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 22:53 - 2009-07-14 08:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-12 22:27 - 2013-12-29 19:19 - 00000000 ____D () C:\temp
2014-08-07 05:06 - 2014-08-14 13:24 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:01 - 2014-08-14 13:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 02:41 - 2014-08-14 13:25 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 02:16 - 2014-08-14 13:25 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-28 19:07 - 2009-07-14 08:38 - 00067584 ____S () C:\Windows\bootstet.dat
2014-07-28 19:05 - 2014-05-20 10:32 - 00003084 _____ () C:\Windows\System32\Tasks\thunderbird
2014-07-28 18:57 - 2013-12-28 16:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 18:57 - 2013-12-28 16:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 18:56 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-28 18:56 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-28 18:42 - 2014-07-28 18:42 - 00000044 _____ () C:\Users\UGLMRT\Downloads\New Text Document.txt
2014-07-28 18:37 - 2014-07-28 18:36 - 06433055 _____ (http://winmerge.org ) C:\Users\UGLMRT\Downloads\WinMerge-2.14.0-Setup.exe
2014-07-28 18:37 - 2013-12-28 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-28 17:58 - 2014-07-28 17:57 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 17:44 - 2014-06-11 00:57 - 00000000 ____D () C:\Users\UGLMRT\Documents\Outlook Dosyaları
2014-07-28 17:26 - 2014-07-28 17:26 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-25 17:52 - 2014-08-14 13:25 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 17:02 - 2014-08-14 13:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 17:01 - 2014-08-14 13:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 16:51 - 2014-08-14 13:25 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 16:30 - 2014-08-14 13:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 16:28 - 2014-08-14 13:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 16:28 - 2014-08-14 13:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 16:25 - 2014-08-14 13:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 16:25 - 2014-08-14 13:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 16:11 - 2014-08-14 13:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 16:10 - 2014-08-14 13:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 16:04 - 2014-08-14 13:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 16:03 - 2014-08-14 13:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 16:00 - 2014-08-14 13:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 16:00 - 2014-08-14 13:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 15:59 - 2014-08-14 13:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 15:47 - 2014-08-14 13:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 15:40 - 2014-08-14 13:25 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 15:34 - 2014-08-14 13:25 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 15:34 - 2014-08-14 13:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 15:33 - 2014-08-14 13:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 15:30 - 2014-08-14 13:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 15:28 - 2014-08-14 13:25 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 15:28 - 2014-08-14 13:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 15:21 - 2014-08-14 13:25 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 15:19 - 2014-08-14 13:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 15:18 - 2014-08-14 13:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 15:17 - 2014-08-14 13:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 15:17 - 2014-08-14 13:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 15:12 - 2014-08-14 13:25 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 15:10 - 2014-08-14 13:25 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 15:10 - 2014-08-14 13:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 15:08 - 2014-08-14 13:25 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 15:06 - 2014-08-14 13:25 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 14:52 - 2014-08-14 13:25 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 14:47 - 2014-08-14 13:25 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 14:43 - 2014-08-14 13:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 14:42 - 2014-08-14 13:25 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 14:39 - 2014-08-14 13:25 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 14:39 - 2014-08-14 13:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 14:36 - 2014-08-14 13:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 14:34 - 2014-08-14 13:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 14:29 - 2014-08-14 13:25 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 14:23 - 2014-08-14 13:25 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 14:13 - 2014-08-14 13:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 14:07 - 2014-08-14 13:25 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 14:07 - 2014-08-14 13:25 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 14:03 - 2014-08-14 13:25 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 13:52 - 2014-08-14 13:25 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 13:26 - 2014-08-14 13:25 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 13:17 - 2014-08-14 13:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 13:09 - 2014-08-14 13:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 13:05 - 2014-08-14 13:25 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 13:00 - 2014-08-14 13:25 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
Files to move or delete:
====================
C:\ProgramData\cis2693.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-29 19:55
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by UGLMRT at 2014-08-18 18:41:43
Running from C:\Users\UGLMRT\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avea Connection Manager (HKLM-x32\...\AveaConnectionManager) (Version: 3.0 - Avea Connection Manager)
Brain Workshop 4.8.4 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52019.0 - Sonix)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.20.212 - Şirketinizin Adı) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.001 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.001 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.3.0.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.3.0.0 - FUJITSU LIMITED) Hidden
GeekBuddy (HKLM\...\{B1339E23-51C9-4025-A047-20C3A8DA2CCC}) (Version: 4.13.108 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® PROSet/Kablosuz WiFi Yazılımı (HKLM\...\{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}) (Version: 14.01.0000 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.2.1.0 - FUJITSU LIMITED)
LifeBook Application Panel (Version: 8.2.1.0 - FUJITSU LIMITED) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.4.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.4.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.024 - FUJITSU LIMITED)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-07-2014 15:55:03 Windows Update
28-07-2014 13:24:55 Removed Microsoft Office Professional 2010
28-07-2014 14:23:04 Installed Microsoft Office Professional Plus 2010
28-07-2014 14:56:33 Installed Java 7 Update 65
28-07-2014 15:31:08 Windows Update
14-08-2014 10:19:29 Installed Java 7 Update 67
14-08-2014 10:25:23 Windows Update
18-08-2014 01:11:01 ComboFix created restore point
18-08-2014 13:19:48 Removed Microsoft Office Professional Plus 2010
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2014-08-18 04:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4D3FF40D-544C-42FB-8A74-987D1C7D363B} - System32\Tasks\thunderbird => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Task: {B43F2013-F541-4282-BB5F-62D968439FEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DE44AAB1-EF96-4932-9059-58524B1C4981} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: {E52E8AA3-15B5-44F3-A829-CA8D910AFD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-28] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-15 04:16 - 2011-04-15 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-30 08:15 - 2011-03-30 08:15 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-12-29 22:54 - 2013-02-12 12:20 - 00789048 ____N () C:\Program Files (x86)\AveaConnectionManager\Avea_Launcher.exe
2014-08-16 01:51 - 2014-08-07 06:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 01:51 - 2014-08-07 06:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 01:51 - 2014-08-07 06:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 01:51 - 2014-08-07 06:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 01:51 - 2014-08-07 06:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2014 06:33:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 06:12:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:17:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:33:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:19:46 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT AUTHORITY)
Description: AvShadow0x3fa
 
Error: (08/18/2014 04:18:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:01:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 03:45:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 03:35:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/18/2014 06:35:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (08/18/2014 06:24:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/18/2014 06:21:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/18/2014 04:43:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/18/2014 04:41:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/18/2014 04:32:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error: 
%%1069
 
Error: (08/18/2014 04:32:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/18/2014 04:32:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (08/18/2014 04:17:28 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/18/2014 04:17:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 06:33:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 06:12:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:26:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:17:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:33:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:19:46 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT AUTHORITY)
Description: AvShadow0x3fa
 
Error: (08/18/2014 04:18:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 04:01:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 03:45:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/18/2014 03:35:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-18 04:17:00.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-18 04:17:00.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4008.67 MB
Available physical RAM: 1796.88 MB
Total Pagefile: 8015.52 MB
Available Pagefile: 5560.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:423.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5289EC1F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=========================

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last:

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.