Jump to content

Recommended Posts

I get an error that I can not surf the internet via Google Chrome or Int.Explorer

"The proxy server isn't responding

 

  • Check your proxy settings 127.0.0.1:8800.
  • Go to Tools > Internet Options > Connections. If you are on a LAN, click “LAN settings”. Make sure your firewall settings aren’t blocking your web access. Ask your system administrator for help.
  • Make sure your firewall settings aren’t blocking your web access.
  • Ask your system administrator for help."
 

I have run FRST

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Thank you and I am sorry. I missed that part here are the malware results. I actually couldn't understand how zoek works. What can I do? Can I start it from the beginning?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22.10.2014
Scan Time: 13:21:26
Logfile: malwarescan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.22.08
Rootkit Database: v2014.10.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304766
Time Elapsed: 23 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe, 2608, Delete-on-Reboot, [99275cbbe696989eb3c11b006c994fb1]
PUP.Optional.PortalSepeti, C:\Windows\System32\config\systemprofile\AppData\Roaming\ntsvc\ntsvc.exe, 2524, Delete-on-Reboot, [5070a671d0ac60d691a445f0729128d8]

Modules: 5
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\msvcp110.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\msvcr110.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],

Registry Keys: 29
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [c3fd48cfea92c86e6cf69314d2302ad6],
PUP.Optional.Delta.A, HKLM\SOFTWARE\delta-homesSoftware, Quarantined, [b40c9c7b3e3e50e6b7d7280306fddd23],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\qone8Software, Quarantined, [20a0a0773d3f1b1ba1e44c2aa85c1be5],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\RocketTab, Quarantined, [4a76987f17652b0b23ade73c9c6758a8],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\supWindowsProtectManger, Quarantined, [b10fc15686f6979f7e3c7ab7996a758b],
PUP.Optional.Tuto4PC.A, HKLM\SOFTWARE\T4pc, Quarantined, [4977f324acd0ba7ced828d9d8b78bf41],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [d9e744d37903f93dd96f400a2ad98878],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [fac6b364a3d954e2ddf5de993fc560a0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, Quarantined, [be024ec903796ec8bc6b9294a360a65a],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [20a0ee2983f980b6b99f62c415eedb25],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, Quarantined, [833dd245d4a8c571d7ed42ee2fd4827e],
PUP.Optional.SerialTrunc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SerialTrunc, Quarantined, [b30dfb1ccfad7eb86e18143f4cb78977],
PUP.Optional.PortalSepeti, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SED, Quarantined, [5070a671d0ac60d691a445f0729128d8],
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER, Quarantined, [af11ae6981fbfc3af2065dd7c142ac54],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [4f71e631f58780b65733f239aa591de3],
PUP.Optional.FreeHDSportTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FreeHD-Sport TV V9.0, Quarantined, [0bb54acd562693a30f78b49c15eeb14f],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [a61a7b9c166641f5028acda0fb090af6],
PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, Quarantined, [645c0314097385b1e6387b13758fcd33],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Quarantined, [dde34dca07758bab765c1b0862a10000],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [e9d758bfbebefb3b5c179df203015fa1],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [b40c41d6f884191ddab02a01b1524cb4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [4f71e82f4f2d67cf8fe8aad6d72df907],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [cbf5ed2a3a4246f04e1d30200201eb15],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [b30d2aedf38976c01725b6b626dedb25],
PUP.Optional.Conduit.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\conduit.com, Quarantined, [c00004136d0f44f2284e90017d8717e9],
PUP.Optional.Qone8, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [823eab6c90ec69cdd4fde69164a048b8],
PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Quarantined, [7d43a374dca045f1e2b834fb3dc67f81],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [fac6c45388f463d3be1fe68b6f9530d0],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [932dba5d1864b38390337fb1f90a728e],

Registry Values: 8
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_tr_89, Quarantined, [fac629ee0d6ff145b0195ce6699a7b85],
PUP.Optional.Tuto4PC.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|t4pc_en_4, Quarantined, [ecd4cc4bf18b3bfb34392208ed16758b],
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\extensions\faststartff@gmail.com, Quarantined, [299766b1dca059dd6be72f5ceb199c64]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, Quarantined, [be024ec903796ec8bc6b9294a360a65a]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, tt4u, Quarantined, [20a0ee2983f980b6b99f62c415eedb25]
PUP.Optional.PortalSepeti, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SED|ImagePath, C:\Windows\system32\config\systemprofile\AppData\Roaming\ntsvc\ntsvc.exe, Quarantined, [5070a671d0ac60d691a445f0729128d8]
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER|ImagePath, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service, Quarantined, [af11ae6981fbfc3af2065dd7c142ac54]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0W1O1J1N1JtGyEtHyDtGtA, Quarantined, [b30d2aedf38976c01725b6b626dedb25]

Registry Data: 0
(No malicious items detected)

Folders: 40
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [2b95cf48314b191d71f4a0650003ff01],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [2b95cf48314b191d71f4a0650003ff01],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, Quarantined, [8a363dda3943a69055b34eb841c236ca],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, Quarantined, [8a363dda3943a69055b34eb841c236ca],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, Quarantined, [8a363dda3943a69055b34eb841c236ca],
PUP.Optional.SystemSpeedup, C:\Users\Pc\AppData\Roaming\systweak\ssd, Quarantined, [e2de7b9ce99348ee6802729634cfe21e],
PUP.Optional.SupTab.A, C:\Program Files\SupTab, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Users\Pc\AppData\Roaming\SupTab, Quarantined, [b70924f387f5cd692eac709d40c32ed2],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads, Quarantined, [8c34ef28afcd89ad5ff021f6f013d52b],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Data, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.GoPhoto.A, C:\Program Files\Gophoto.it, Quarantined, [18a834e3adcf47efe1fa0a109d66d12f],

Files: 159
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe, Delete-on-Reboot, [99275cbbe696989eb3c11b006c994fb1],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads\PastaLeadsService.exe, Quarantined, [744c41d6027a5fd70ea7843fb64b9c64],
PUP.Optional.IEPluginService.A, C:\Program Files\SupTab\RSHP.exe, Quarantined, [7b45d245a9d3a492e6b5e09ee819b848],
PUP.Optional.Skytech.A, C:\Program Files\SupTab\SpAPPSv64.dll, Quarantined, [e7d9ac6b1b6144f2fe792d6ead54dd23],
PUP.Optional.Amonetize, C:\Users\Pc\AppData\Local\Temp\Academic Writing For Graduate  Downloader__3687_i1307534808_il3293899.exe, Quarantined, [6a5618ff9fdd67cfee722894bf424bb5],
PUP.Optional.Amonetize, C:\Users\Pc\AppData\Local\Temp\awhA8D3.tmp, Quarantined, [1aa6dc3b6d0f2610665d38749b66b947],
PUP.Optional.Goobzo, C:\Users\Pc\AppData\Local\Temp\Install_32649\DCytdieamo_amodu_setup.exe, Quarantined, [e8d8ab6c8fed57df4efbc5fc8c7547b9],
PUP.Optional.Goobzo, C:\Users\Pc\AppData\Local\Installer\Installsm_10596\DCytdieamo_amodu_setup.exe, Quarantined, [f5cb789f82fa84b29faa3091ef127c84],
PUP.Optional.IdleCrawler.A, C:\Windows\System32\Tasks\Idle-#-Crawler Runner, Quarantined, [f1cf65b2d5a7b48222d6150b798a639d],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [c4fc6bac1e5e8caa597b8a9904ff7789],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, Quarantined, [2b95cb4cdf9d1026bd17f62df80b827e],
PUP.Optional.Delta.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml, Quarantined, [6b556bacb0cc11255cd747eeb350837d],
PUP.Optional.Qone8.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\qone8.xml, Quarantined, [15ab987fdd9fbb7be1a31f576d978d73],
PUP.Optional.PastaLeads, C:\Windows\System32\Tasks\PastaQuotes, Quarantined, [655bc453dca0eb4b09f9325f3aca9967],
PUP.Optional.PortalSepeti, C:\Windows\System32\config\systemprofile\AppData\Roaming\ntsvc\ntsvc.exe, Delete-on-Reboot, [5070a671d0ac60d691a445f0729128d8],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [2b95cf48314b191d71f4a0650003ff01],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-07[20-26-54-639].log, Quarantined, [8a363dda3943a69055b34eb841c236ca],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-12[20-43-49-766].log, Quarantined, [8a363dda3943a69055b34eb841c236ca],
PUP.Optional.SystemSpeedup, C:\Users\Pc\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [e2de7b9ce99348ee6802729634cfe21e],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\ient.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\install.data, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\uninstall.exe, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\WebDataJs, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\data.html, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE.html, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE8.html, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\main.css, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\ver.txt, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\arrow.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo_hover.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_logo.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo2.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\google_trends.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon128.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon16.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon48.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\loading.gif, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\logo32.ico, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather\0.png, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\common.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ga.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ie8.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery.autocomplete.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\js.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\library.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\xagainit.js, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [d4eca770344852e44792a6677291ab55],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads\HtmlAgilityPack.dll, Quarantined, [8c34ef28afcd89ad5ff021f6f013d52b],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads\Microsoft.Win32.TaskScheduler.dll, Quarantined, [8c34ef28afcd89ad5ff021f6f013d52b],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads\Newtonsoft.Json.dll, Quarantined, [8c34ef28afcd89ad5ff021f6f013d52b],
PUP.Optional.PastaLeads.A, C:\Program Files\pastaleads\RestSharp.dll, Quarantined, [8c34ef28afcd89ad5ff021f6f013d52b],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\msvcp110.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\msvcr110.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome_100_percent.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome_child.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\content_resources.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\d3dcompiler_46.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\debug.log, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\First Run, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\icudt.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\libEGL.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\libGLESv2.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\metro_driver.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl64.exe, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl_irt_x86_32.nexe, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\nacl_irt_x86_64.nexe, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\resources.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hi.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\am.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ar.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\bg.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\bn.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ca.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\cs.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\da.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\de.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\el.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\en-GB.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\en-US.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\es-419.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\es.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\et.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fa.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fi.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fil.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\fr.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\gu.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\he.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hr.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\hu.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\id.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\it.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ja.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\kn.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ko.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\lt.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\lv.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ml.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\mr.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ms.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\nb.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\nl.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pl.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pt-BR.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\pt-PT.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ro.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ru.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sk.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sl.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sr.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sv.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\sw.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\ta.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\te.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\th.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\tr.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\uk.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\vi.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\zh-CN.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\locales\zh-TW.pak, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\manifest.json, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\7z.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\CmlProc.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\InSes.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\NavSupp.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll, Delete-on-Reboot, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.IdleCrawler.A, C:\Users\Pc\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll, Quarantined, [d0f07c9be894fc3abb6173a50003748c],
PUP.Optional.GoPhoto.A, C:\Program Files\Gophoto.it\gophotoit16.crx, Quarantined, [18a834e3adcf47efe1fa0a109d66d12f],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi, here are the zoek results: But I think it is too long so I try to post seperately:

 

Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Pc on 22.10.2014 at 16:25:54,45.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pc\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-22-195447.log    904 bytes

==== System Restore Info ======================

22.10.2014 16:30:35 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

 clear.fi SDK- Movie 2  
 clear.fi SDK - MVP 2  
???? ??? Windows Live  
???? Windows Live  
????? Windows Live  
?????? ??????? ?? Windows Live  
??????? ??????????? ??? Windows Live  
???????? ?????????? Windows Live  
??????????? ?? Windows Live  
32 Bit HP CIO Components Installer  
Acer Backup Manager  
Acer Crystal Eye Webcam  
Acer ePower Management  
Acer eRecovery Management  
Acer Games  
Acer Registration  
Acer ScreenSaver  
Acer Updater  
Adobe AIR  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Reader XI (11.0.09) - Turkish  
Adobe Shockwave Player 11.6  
Agatha Christie - Death on the Nile  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
avast Free Antivirus  
Backup Manager V3  
Bejeweled 3  
Bonjour  
Broadcom Card Reader Driver Installer  
Broadcom NetLink Controller  
BufferChm  
C4600  
Cambridge TOEFL® Prep  
Chuzzle Deluxe  
clear.fi Media  
clear.fi Photo  
Codecs for Windows 7 Pack 4.0.5  
CoreAAC  
Curse at Twilight  
CyberLink MediaEspresso  
D3DX10  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition  
Destinations  
DeviceDiscovery  
Evernote v. 4.5.2  
FATE  
Final Drive: Nitro  
FLV Media Player version 1.3  
FLV Player  
Fotogalerija Windows Live  
Galeria de Fotografias do Windows Live  
Galer¡a fotogr fica de Windows Live  
Galeria fotogr…fica del Windows Live  
Galeria fotografii uslugi Windows Live  
Galerie de photos Windows Live  
Galerie foto Windows Live  
Game Channels  
GOM Player  
GOM Video Converter  
Google Chrome  
Google Drive  
Google Update Helper  
GPBaseService2  
HP Customer Participation Program 13.0  
HP Imaging Device Functions 13.0  
HP LaserJet Professional P1100-P1560-P1600 Series  
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5  
HP Print Projects 1.0  
HP Smart Web Printing 4.5  
HP Solution Center 13.0  
HP Update  
HPPhotoGadget  
hpPrintProjects  
HPProductAssistant  
hpWLPGInstaller  
Identity Card  
Idle-#-Crawler  
Insaniquarium Deluxe  
Intel® Control Center  
Intel® Management Engine Components  
Intel® OpenCL CPU Runtime  
Intel® Processor Graphics  
Intel® Rapid Storage Technology  
Intel© Trusted Connect Service Client  
Internet-based TOEFL  
Internet Explorer i‡in Yandex.Bar 6.7  
Itibiti RTC  
iTunes  
Java 8 Update 25  
Java Auto Updater  
Java SE Development Kit 8 Update 25  
Jewel Match 3  
Jewel Quest Mysteries: The Seventh Gate Collector's Edition  
John Deere Drive Green  
Junk Mail filter update  
Launch Manager  
Longman iBT  
Malwarebytes Anti-Malware version 2.0.3.1025  
MarketResearch  
Mesh Runtime  
Microsoft .NET Framework 4.5.1  
Microsoft .NET Framework 4.5.1 (TRK)  
Microsoft .NET Framework 4.5.1 (Trk‡e)  
Microsoft Access MUI (English) 2013  
Microsoft Access Setup Metadata MUI (English) 2013  
Microsoft Application Error Reporting  
Microsoft DCF MUI (English) 2013  
Microsoft Excel MUI (English) 2013  
Microsoft Groove MUI (English) 2013  
Microsoft InfoPath MUI (English) 2013  
Microsoft Lync MUI (English) 2013  
Microsoft Office 2010  
Microsoft Office 2013 Yazm Denetleme Ara‡lar - Trk‡e  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office OSM MUI (English) 2013  
Microsoft Office OSM UX MUI (English) 2013  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Professional Plus 2013  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Proofing (English) 2013  
Microsoft Office Proofing Tools 2013 - English  
Microsoft Office Proofing Tools 2013 - Espa¤ol  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office ScreenTip Language 2013 - Trk‡e  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared MUI (English) 2013  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2013  
Microsoft Office Word MUI (English) 2010  
Microsoft OneNote MUI (English) 2013  
Microsoft Outlook MUI (English) 2013  
Microsoft PowerPoint MUI (English) 2013  
Microsoft Publisher MUI (English) 2013  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Word MUI (English) 2013  
More Games from Acer Games  
Mozilla Firefox 32.0.1 (x86 tr)  
Mozilla Maintenance Service  
MSVCRT  
MyWinLocker 4  
MyWinLocker Suite  
newsXpresso  
Norton Online Backup  
NTI Media Maker 9  
Octoshape Streaming Services  
Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais  
Penguins  
Plants vs. Zombies - Game of the Year  
Poczta uslugi Windows Live  
Podstawowe programy Windows Live  
Polar Bowler  
Posta Windows Live  
Practice Test 1 for the TOEFL© iBT - English Version 1.0  
PS_AIO_05_C4600_Software_Min  
Qualcomm Atheros Direct Connect  
Qualcomm Atheros WiFi Driver Installation  
QuickTime 7  
Raccolta foto di Windows Live  
Realtek High Definition Audio Driver  
Scan  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition  
Shared C Run-time for x86  
Shredder  
Skype Click to Call  
Skypet 6.20  
Slingo Deluxe  
SmartWebPrinting  
SolutionCenter  
Status  
swMSM  
Tiny Download Manager (remove only)  
TOEFL Official Guide 2.05.0012  
Toolbox  
Torchlight  
TrayApp  
Update for Microsoft Excel 2013 (KB2889941) 32-Bit Edition  
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition  
Update for Microsoft Lync 2013 (KB2889929) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881004) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881012) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2889927) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2889940) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2889942) 32-Bit Edition  
Update for Microsoft OneDrive for Business (KB3000731) 32-Bit Edition  
Update for Microsoft OneNote 2013 (KB2883059) 32-Bit Edition  
Update for Microsoft Outlook 2013 (KB2986204) 32-Bit Edition  
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition  
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition  
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition  
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition  
Update for Microsoft Word 2013 (KB2889939) 32-Bit Edition  
Update Installer for WildTangent Games App  
Virtual Villagers 4 - The Tree of Life  
VzDownloadManager  
WebReg  
Wedding Dash  
Welcome Center  
Windows Live ???  
Windows Live ????  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Fotogal‚ria  
Windows Live Fotogalerie  
Windows Live Fotogalleri  
Windows Live Foto§raf Galerisi  
Windows Live Fot¢t r  
Windows Live Galeria de Fotos  
Windows Live Galerija fotografija  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Mail  
Windows Live Mesh  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live Temel Par‡alar  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Windows Liven asennusty”kalu  
Windows Liven s„hk”posti  
Windows Liven valokuvavalikoima  
Windows Media Player Firefox Plugin  
WinRAR 4.20 (32-bit)  

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\NTServer\service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\Pc\AppData\Local\DM\TinyDM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Pc\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - [DsiWMIService] - Dritek WMI Service - C:\Program Files\Launch Manager\dsiwmis.exe
R2 - [ePowerSvc] - ePower Service - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
R2 - [GREGService] - GREGService - C:\Program Files\Acer\Registration\GREGsvc.exe
R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
R2 - [Live Updater Service] - Live Updater Service - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [NOBU] - Norton Online Backup - "C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
R2 - [NTServiceSystem] - NTServiceSystem - C:\Windows\system32\NTServer\service.exe
R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Servisi - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [WMPNetworkSvc] - Windows Media Player Ağ Paylaşımı Hizmeti - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Güncelleme Hizmeti (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
S2 - [iePluginServices] - IePlugin Services - C:\ProgramData\IePluginServices\PluginService.exe -service
S2 - [LiveUpdateSvc] - LiveUpdate - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe"
S2 - [MBAMService] - MBAMService - "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe"
S2 - [skypeUpdate] - Skype Updater - "C:\Program Files\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Yazılım Koruması - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Uygulama Katmanı Ağ Geçidi Hizmeti - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ Sistem Uygulaması - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\system32\IntelCpHeciSvc.exe
S3 - [DCDhcpService] - DCDhcpService - "C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe"
S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - "C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe"
S3 - [Fax] - Faks - C:\Windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppIntegrationService] - GamesAppIntegrationService - "C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe"
S3 - [GamesAppService] - GamesAppService - "C:\Program Files\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Güncelleme Hizmeti (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Dağıtılmış İşlem Düzenleyicisi - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office  Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [RpcLocator] - Uzaktan Yordam Çağrısı (RPC) Konumlandırıcısı - C:\Windows\system32\locator.exe
S3 - [sNMPTRAP] - SNMP Yakalama - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modül Yükleyicisi - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Sanal Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Birim Gölge Kopyası - C:\Windows\system32\vssvc.exe
S3 - [wbengine] - Blok Düzeyinde Yedekleme Altyapı Hizmeti - "C:\Windows\system32\wbengine.exe"
S3 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET Durum Hizmeti - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginServices deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573

---- Lines smartbar removed from prefs.js ----
user_pref("extensions.smartbar.admin", false);
user_pref("extensions.smartbar.aflt", "orgnl");
user_pref("extensions.smartbar.appId", "{C5E5951A-4ADD-4402-8A8E-EF97DCB9D8EC}");
user_pref("extensions.smartbar.autoRvrt", "false");
user_pref("extensions.smartbar.dfltLng", "");
user_pref("extensions.smartbar.dfltSrch", true);
user_pref("extensions.smartbar.dnsErr", true);
user_pref("extensions.smartbar.excTlbr", false);
user_pref("extensions.smartbar.hmpg", true);
user_pref("extensions.smartbar.hmpgUrl", "http://search.creativetoolbars.com/?src=hp&id=smartbar&g=");
user_pref("extensions.smartbar.hpOld0", "");
user_pref("extensions.smartbar.id", "7869e72d000000000000446d57a6b8fb");
user_pref("extensions.smartbar.instlDay", "16001");
user_pref("extensions.smartbar.instlRef", "");
user_pref("extensions.smartbar.kw_url", "http://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
user_pref("extensions.smartbar.newTab", true);
user_pref("extensions.smartbar.newTabUrl", "http://search.creativetoolbars.com/?src=nt&id=smartbar&g=");
user_pref("extensions.smartbar.prdct", "smartbar");
user_pref("extensions.smartbar.prtnrId", "bechiro");
user_pref("extensions.smartbar.rvrt", "false");
user_pref("extensions.smartbar.smplGrp", "mm");
user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");
user_pref("extensions.smartbar.tlbrId", "smartbar");
user_pref("extensions.smartbar.tlbrSrchUrl", "http://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
user_pref("extensions.smartbar.vrsn", "1.8.8.12");
user_pref("extensions.smartbar.vrsnTs", "1.8.8.1221:07:27");
user_pref("extensions.smartbar.vrsni", "1.8.8.12");
---- Lines SerialTrunc removed from prefs.js ----
user_pref("extensions.SerialTrunc.aul", "1398105347548");
user_pref("extensions.SerialTrunc.irl", true);
user_pref("extensions.SerialTrunc.is", "EF21DDTR");
user_pref("extensions.SerialTrunc.ug", "444936CA-699B-4CB4-81E8-77AC379D9719");
---- Lines delta removed from prefs.js ----
user_pref("yasearch.static.http://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.enginename", "delta-homes");
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

user__1647_.backup
prefs__1647_.backup

==== Deleting Files \ Folders ======================

C:\Users\Pc\daemonprocess.txt deleted
C:\Users\Pc\.android deleted
C:\Program Files\Conduit deleted
C:\Program Files\globalUpdate deleted
C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\extensions.sqlite deleted
C:\install.exe deleted
C:\Users\Pc\AppData\Roaming\ExpressFiles deleted
C:\Users\Pc\AppData\Roaming\systweak deleted
C:\Users\Pc\MetricCollection.dll deleted
C:\PROGRA~2\ProductData deleted
C:\Users\Pc\AppData\Local\globalUpdate deleted
C:\Users\Pc\AppData\Local\Mobogenie deleted
C:\Users\Pc\AppData\Local\cache deleted
C:\Users\Pc\AppData\Local\Installer deleted
C:\Users\Pc\AppData\Local\CrashRpt deleted
C:\Users\Pc\AppData\LocalLow\Conduit deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\system32\Tasks\Express FilesUpdate deleted
C:\Windows\system32\tasks\YTDownloader deleted
C:\Windows\system32\tasks\YTDownloaderUpd deleted
C:\Windows\system32\tasks\SMupdate1 deleted
C:\Windows\system32\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\Windows\system32\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted
C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deleted
C:\Windows\system32\tasks\Installer_sm deleted
C:\Windows\system32\roboot.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Pc\KVYHqfFSiaFwrmQ.exe deleted
"C:\Windows\Installer\d157c8.msi" deleted

Link to post
Share on other sites

This is the rest of it:

 

==== System Specs ======================

Windows: Windows 7 Starter Edition Service Pack 1 (Build 7601)
Memory (RAM): 1879 MB
CPU Info: Intel® Celeron® CPU B815 @ 1.60GHz
CPU Speed: 1618,6 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5B125 Wireless Network Adapter | Broadcom NetLink Gigabit Ethernet
CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Mouse Present
Hard Disks: C:  280,0GB
Hard Disks - Free: C:  183,8GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | 05/11/12 | ACRSYS - 1
Time Zone: Doğu Standart Saati
Motherboard *: Acer EA50_HC_HR
Country: Trkiye
Language: TRK

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17358
Mozilla Firefox version: 32.0.1 (x86 tr)
Google Chrome version: 38.0.2125.104
Adobe Reader version: 11.0.9.29
Sun Java version: 1.8.0_25 (32-bit)
Flash Player version: 15.0.0.152
Shockwave Player version: 11.6.7r637

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Pc\AppData\Local\Temp ====
====== Java Cache =====
2014-10-17 04:17:44    30810F09A3FCC03EC583120B033700BC    282329    ----a-w-    C:\Users\Pc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-705bb8e7
2014-10-17 04:17:36    67911F367EC150BDC8F2CB46397F0925    845    ----a-w-    C:\Users\Pc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-7d0d5a41
2014-10-17 04:17:43    67911F367EC150BDC8F2CB46397F0925    845    ----a-w-    C:\Users\Pc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-63bccc71
2014-09-29 21:19:48    B0A91374D55B0868EB80C1B625B35407    437    ----a-w-    C:\Users\Pc\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
====== C:\Windows\system32 =====
2014-10-17 05:09:02    742BD1F196FEFC94A6379BA039D3CD00    96680    ----a-w-    C:\Windows\System32\WindowsAccessBridge.dll
2014-10-15 16:06:55    348289FDF17FB4A1F23091F9463642D6    2379264    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-15 16:06:46    37C395C075E6FA66623C82DE50A8FAED    372736    ----a-w-    C:\Windows\System32\rastls.dll
2014-10-15 16:06:45    DF59F2510EDABBF216FA837D5D964106    51200    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-10-15 16:06:45    97F2F82BF0B4AF86A85FFDD78DFDC87D    60416    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-10-15 16:06:45    8C8B6144B47FE37724590CA832ED26CA    108032    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-10-15 16:06:44    B74B348D13134D67B4F68ADDDC76A447    43008    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-10-15 16:06:44    B5B1C277E46A5B0E2FC63E5FC5624CE5    365056    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-10-15 16:06:44    AA103FEAD721863B86A1B1260948E662    112128    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-10-15 16:06:44    8F390C7AA11DF00FC3EF86FA72A939D2    646144    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-15 16:06:43    DF4BA130BD41F29A894E026E456B8481    454656    ----a-w-    C:\Windows\System32\vbscript.dll
2014-10-15 16:06:43    CEA291F4C62ECBE1565EC4B37D9AF088    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-10-15 16:06:43    7AE80F921027CF88CB9D0433088A3E55    1810944    ----a-w-    C:\Windows\System32\wininet.dll
2014-10-15 16:06:42    410BECCA3354D471E45344F0754CC0E4    243200    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-10-15 16:06:41    8E8E6E7B4CC27B92F40F74E29C1F6290    1068032    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-10-15 16:06:41    201EAFA3F17BE4990999C28657212D8E    69632    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-10-15 16:06:41    158690737381C49120165A7F3F5D13EB    440320    ----a-w-    C:\Windows\System32\ieui.dll
2014-10-15 16:06:40    6D4DD5706C297234F457B9D9018C493F    61952    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-10-15 16:06:40    55A400FDB21D157E947A0EE65AEDB1B3    2187264    ----a-w-    C:\Windows\System32\iertutil.dll
2014-10-15 16:06:38    BD66BA5A924DCC8392CFAEB67131A246    597504    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-10-15 16:06:37    D03EB7605435FE24ADE670661A932651    4201472    ----a-w-    C:\Windows\System32\jscript9.dll
2014-10-15 16:06:36    F91E55DA404B834648A3B0A2477C10DB    17484800    ----a-w-    C:\Windows\System32\mshtml.dll
2014-10-15 16:06:34    AF31CC5BAEB4916C0AF9AB062CFE8DA2    677888    ----a-w-    C:\Windows\System32\ie4uinit.exe
2014-10-15 16:06:34    604C67F58747D6A333EA641BCCC2C842    32768    ----a-w-    C:\Windows\System32\iernonce.dll
2014-10-15 16:06:34    3065FF6794A7FDC882F0DA8B6230AB6E    1190400    ----a-w-    C:\Windows\System32\urlmon.dll
2014-10-15 16:06:33    FBE852643EDEB9D6D6502AFE6017CD64    678400    ----a-w-    C:\Windows\System32\ieapfltr.dll
2014-10-15 16:06:33    D78C4DB153874DB7AC6AA6A03BE38B66    331448    ----a-w-    C:\Windows\System32\iedkcs32.dll
2014-10-15 16:06:32    B89F5D2B3D3BC730FAB93CFCD931742F    607744    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-10-15 16:06:32    58EC068116BCE16A94B1B2C429A35E41    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-10-15 16:06:31    8FAA1E45198C4ECEC691326B7F5E71C5    61952    ----a-w-    C:\Windows\System32\iesetup.dll
2014-10-15 16:06:31    835807E2AC0A8FA15B9A2EA80E2D5169    2017280    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-10-15 16:06:31    2409C41081D657A3FABE3659BB989AFB    164864    ----a-w-    C:\Windows\System32\msrating.dll
2014-10-15 16:06:30    EF94FA1F3D90520CCA4AE65D639A9E62    11807232    ----a-w-    C:\Windows\System32\ieframe.dll
2014-10-15 16:02:11    A139A5E6B34F136405B030EA04595A20    156824    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-15 16:02:11    8580484193CE0A0788830FBAB97CF13B    1131664    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-15 16:02:10    D5D5BBF6AA45D820BAA0BD1303B8AAF6    81560    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-15 15:58:01    3ABACF6D4EBEA5EF3014FEFA1D8FF5F8    3221504    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-15 15:58:01    0DBD0B4D4766CADEB8C30242A0611395    1051136    ----a-w-    C:\Windows\System32\mstsc.exe
2014-10-15 15:57:59    FD67683FBA9B2C4BB551780BD8846F64    157696    ----a-w-    C:\Windows\System32\winsta.dll
2014-10-15 15:57:59    E05E31F7BF577228E27CFFCA5B54ABBD    523264    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-15 15:57:58    B4203FC65D4C0D7A0B7A02AFD13472BB    130048    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-10-15 15:57:58    97896EE4254176CFDD9010B5B243B89F    131584    ----a-w-    C:\Windows\System32\aaclient.dll
2014-10-15 15:57:57    DB1D6751689B4A7EE2439C64F2ADF1C9    17408    ----a-w-    C:\Windows\System32\credssp.dll
2014-10-15 15:57:57    13829161C1297F4170A5546430147BBD    65536    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-10-15 15:57:26    3888D02CE6413C2A06D903DE1C778BF5    2363904    ----a-w-    C:\Windows\System32\msi.dll
2014-10-15 15:57:11    C120855C1133DF8FFD5E0C04A7E70B67    67072    ----a-w-    C:\Windows\System32\packager.dll
2014-10-15 15:57:03    2C5D7D6C3C3E998306F0BFD7FF7114B9    744960    ----a-w-    C:\Windows\System32\blackbox.dll
2014-10-15 15:57:02    C1140AAB50F59C68394CE4C4046A9A8D    988160    ----a-w-    C:\Windows\System32\drmv2clt.dll
2014-10-15 15:57:01    089236B6EC2E6C52A1864B79A09D7690    617984    ----a-w-    C:\Windows\System32\wmdrmsdk.dll
2014-10-15 15:57:00    152FCD9B979D70FDB703A28152B634EA    11411456    ----a-w-    C:\Windows\System32\wmp.dll
2014-10-15 15:56:59    F50F1EBD832CA070E1717C2044806ECF    3208704    ----a-w-    C:\Windows\System32\mf.dll
2014-10-15 15:56:58    D31FB78F37F075FA9605D7ED9B2070D2    409272    ----a-w-    C:\Windows\System32\ci.dll
2014-10-15 15:56:58    9153F819C855EBD72417DAE7C176CF50    442880    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-15 15:56:58    1858EF9B8A1E334AC1262D664367F451    406016    ----a-w-    C:\Windows\System32\drmmgrtn.dll
2014-10-15 15:56:57    776DBF61BA3E8FA64FFA052559A29174    195584    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-15 15:56:57    6C939F58628CFE7889CD5EDF3A1D703D    521384    ----a-w-    C:\Windows\System32\winload.exe
2014-10-15 15:56:56    FDA08BEB01B0B0E372088DC21CBA73F3    3970488    ----a-w-    C:\Windows\System32\ntkrnlpa.exe
2014-10-15 15:56:56    E365C7B3EBB96451D3C9DF6B6B6900C2    179200    ----a-w-    C:\Windows\System32\wintrust.dll
2014-10-15 15:56:56    754A432C9FA070905CF07E85DAF97D51    275968    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-15 15:56:56    623E143F2DF17C0106A9988F5D7DC878    143872    ----a-w-    C:\Windows\System32\cryptsvc.dll
2014-10-15 15:56:56    18F1BBB37F1BC76332B5C1B5FA5ED310    455752    ----a-w-    C:\Windows\System32\winresume.exe
2014-10-15 15:56:55    F8028D69DE63F180623D4444A39BAB3E    489984    ----a-w-    C:\Windows\System32\evr.dll
2014-10-15 15:56:55    B18B9BD51C8D86596110B9ABD138B92F    3914680    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-10-15 15:56:55    5C3BA07E215B4F693E7D78D6F4980D98    1329664    ----a-w-    C:\Windows\System32\quartz.dll
2014-10-15 15:56:54    6BB12A7CA8779D96334B258548B071F5    1005056    ----a-w-    C:\Windows\System32\cryptui.dll
2014-10-15 15:56:54    454BF1E3B844306E764ADC0EA7B6E64C    1174528    ----a-w-    C:\Windows\System32\crypt32.dll
2014-10-15 15:56:54    3A55D53687F16D9EF5BF307BBFEFCD9C    157184    ----a-w-    C:\Windows\System32\pcasvc.dll
2014-10-15 15:56:53    8C147D67D4E75882DA88206DF098229A    354816    ----a-w-    C:\Windows\System32\mfplat.dll
2014-10-15 15:56:53    77F95AE51E834BAFE903912F7EBE825B    374784    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-15 15:56:53    6B07EE9C7668D2C704563DA838026828    81408    ----a-w-    C:\Windows\System32\cryptsp.dll
2014-10-15 15:56:51    9F2A49EE7FF68670E8ADE541A2CF213B    100864    ----a-w-    C:\Windows\System32\audiodg.exe
2014-10-15 15:56:51    9A34927D722AD16841263636A4BF069B    473600    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-15 15:56:51    534177269B23D1999DD1FCA50A396611    504320    ----a-w-    C:\Windows\System32\msscp.dll
2014-10-15 15:56:50    89B6FA43B68A373B304DFB8F6776B255    27648    ----a-w-    C:\Windows\System32\appidsvc.dll
2014-10-15 15:56:50    60FBCF033FF42A40C916C01A962A8802    50176    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-10-15 15:56:50    4BA17820B97F1CAED69E5BE5F1BC7C96    265216    ----a-w-    C:\Windows\System32\msnetobj.dll
2014-10-15 15:56:50    20257A0BFB824B49055A6EEC29C72C03    103424    ----a-w-    C:\Windows\System32\mfps.dll
2014-10-15 15:56:49    4F1FCBB6A312825B9A84F813E5093AE9    50688    ----a-w-    C:\Windows\System32\appidapi.dll
2014-10-15 15:56:49    11ED8C24997BFA49EAEAB53DC8272C01    96768    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2014-10-15 15:56:48    9C7892227B0E32FE25E01DADAACA8FEA    50176    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2014-10-15 15:56:47    D17954CA6343F43B62637F51996B4E95    23040    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-10-15 15:56:45    4FB95EB5D1FB1F02C850D26C35B0DE2B    16896    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2014-10-15 15:56:42    E637A7187CAFB3EEEED0540CBEF27C8B    8192    ----a-w-    C:\Windows\System32\spwmp.dll
2014-10-15 15:56:42    73AC4B12E706CD7D0447976507E50DBE    4096    ----a-w-    C:\Windows\System32\msdxm.ocx
2014-10-15 15:56:42    73AC4B12E706CD7D0447976507E50DBE    4096    ----a-w-    C:\Windows\System32\dxmasf.dll
2014-10-15 15:56:42    52096F5F476733F2E2725CF346FF373B    2048    ----a-w-    C:\Windows\System32\mferror.dll
2014-10-15 15:56:41    A7DD5C1F29877A473265D4B98B3495ED    12625408    ----a-w-    C:\Windows\System32\wmploc.DLL
====== C:\Windows\system32\drivers =====
2014-10-22 17:21:05    8E2E9CCD873ABF180F48BCAEEEBE347D    114904    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-22 17:20:39    E89B115E1DD297DCB694B22CFA90BF61    75480    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-22 17:20:39    D2DED3C333A5D9CB3F4C244B0F0DD877    23256    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-22 17:20:39    7A6526C8BD114DB7CA8930AB22D52A0B    51928    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-15 15:57:58    CD9214A6AE17D188D17C3CF8CB9CC693    184320    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-10-15 15:57:56    6C5139E4283249518F7743D7043775B3    31232    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 15:56:57    344D1FA0438A967F1A2BAA42C86D6E19    593920    ----a-w-    C:\Windows\System32\drivers\PEAuth.sys
2014-10-15 15:56:46    E499E422412EF37576092A52648DB2B4    50176    ----a-w-    C:\Windows\System32\drivers\appid.sys
2014-10-09 01:54:43    D41D8CD98F00B204E9800998ECF8427E    0    ---ha-w-    C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
====== C:\Windows\Tasks ======
2014-10-17 04:36:04    C6C59A33A31F6A6EF11996471760DA5D    3148    ----a-w-    C:\Windows\system32\Tasks\{EACDB5B2-E5E1-4882-A281-561C56C645D3}
2014-10-17 04:15:34    4B3F5094A77F7AE2C35637D63B583073    3136    ----a-w-    C:\Windows\system32\Tasks\{935B6C48-71A3-4CDD-B2FE-A9110FB4E17F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-17 05:09:08    --------    d-----w-    C:\Program Files\Common Files\Java
2014-10-16 18:47:55    --------    d-----w-    C:\Program Files\Verizon
======= C: =====
====== C:\Users\Pc\AppData\Roaming ======
2014-10-17 05:09:02    --------    d-----w-    C:\Users\Pc\AppData\Locallow\Oracle
2014-09-26 03:38:15    --------    d-----w-    C:\Users\Pc\AppData\Roaming\uTorrent
====== C:\Users\Pc ======
2014-10-22 19:36:54    33398D340008A0577507FCA7FD443622    19828376    ----a-w-    C:\Users\Pc\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-22 19:07:17    6C340404402FA16B703FBC503C0FBF19    1103360    ----a-w-    C:\Users\Pc\Downloads\FRST.exe
2014-10-22 17:17:55    33398D340008A0577507FCA7FD443622    19828376    ----a-w-    C:\Users\Pc\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 16:39:01    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 16:37:52    BE672F07319C7E1C5C1BE4EB385B16A0    880272    ----a-w-    C:\Users\Pc\Downloads\ChromeSetup.exe
2014-10-17 16:09:41    717CCD9C43E95BC3FB296DF529EF0850    1054912    ----a-w-    C:\Users\Pc\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-17 05:08:17    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 05:06:40    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-10-16 18:48:03    8B62CDFB19C154C60D2FDFB7A2C60740    1044    ----a-w-    C:\Users\Pc\Request.xml
2014-10-16 18:48:03    30C4FACF9285B466F69C56AC2282BDB0    31    ----a-w-    C:\Users\Pc\response.xml
2014-10-16 18:47:56    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager
2014-10-16 18:47:03    826037DB63FFB6FF3173007A6F6FDE48    1977752    ----a-w-    C:\Users\Pc\Downloads\vzdownloadmanager.exe
2014-10-05 16:06:13    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

====== C: exe-files ==
2014-10-22 16:38:43    EC87C870FC286178E461C1D917567DCE    41081424    ----a-w-    C:\Program Files\Google\Update\Install\{AA255F1F-562D-4B6F-ACC1-914A966A45D0}\38.0.2125.104_chrome_installer.exe
2014-10-22 16:38:42    EC87C870FC286178E461C1D917567DCE    41081424    ----a-w-    C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-18 15:47:39    821E577AB0B119278BD1940FEF224DDA    51080    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-18 15:47:39    4067DC9EA0640485F1CF395427FD5E9B    51080    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-18 15:47:39    27DC334376EE08A0962E6367E23D3CBA    880272    ----a-w-    C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-18 15:47:33    26E37D5EAC3F1CF66587183AB348168C    114568    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-18 15:47:33    047556104954A72A2222FFF169166EEE    285064    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-18 15:47:32    976D5F35A058340DA2C160CEC4063C4B    230792    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-18 15:47:32    51508F0C2476177E50C31B0BBFBF1BDB    107912    ----atw-    C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-18 15:47:18    27DC334376EE08A0962E6367E23D3CBA    880272    ----a-w-    C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-17 23:48:47    EEB94D703CCBC5FA58E625DF2F4D5778    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IYYUGOX.exe
2014-10-17 23:48:47    C2E66A5BEC03529DC7BC20EDE9EEF127    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$INYLZA8.exe
2014-10-17 23:48:47    4080CAE91591AD2660A5A6C1870833F9    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IFX2E6N.exe
2014-10-17 23:48:47    3CB0D3F5040C0626701573B7B4194C46    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IFAGKFM.exe
2014-10-17 23:48:47    331AF1C024AD574AA993C40DAE49C5B9    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IJYFC48.exe
2014-10-17 23:48:47    2F09FB399799CF8A9D8B2E88B7A3A5D4    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IBCMOGI.exe
2014-10-17 23:48:24    BF638406C7C855D04A8F30DFD6644AAA    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$ICYYNTJ.exe
2014-10-17 23:48:23    7D7DAD2084280CF9DE8BB6178449E1C7    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IBBYL81.exe
2014-10-17 23:48:23    54FABBD8423286DA33140E540C91DA44    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$IP5B5T7.exe
2014-10-17 23:48:23    507492B79A812D3F0144BB3C12DD3971    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$I4YBRY6.exe
2014-10-17 05:08:19    AA3520FB0133A56BEE1DB34D74DBEF64    0    ----a-we    C:\ProgramData\Oracle\Java\javapath\java.exe
2014-10-17 05:08:19    75D477E868CA51EC1B09D730570F322B    0    ----a-we    C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-10-17 05:08:19    691D49FB44EDE9788288CABE4F7E0DAF    0    ----a-we    C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-10-17 05:08:06    DC197DCE6325CBAC905DE0D0E3BA3E8E    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe
2014-10-17 05:08:06    67F763B09F4BC8689E6FA9761E068D74    159656    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe
2014-10-17 05:08:06    57E1F756FAA787623DFCD2C1B2AACC68    51112    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe
2014-10-17 05:08:06    33D2AF53E209DA3E2BA939EB89801DC0    16296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-10-17 05:08:06    29E65AC6AFD8A0A9CAA361FF6F7B4886    16296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe
2014-10-17 05:08:06    28FC00F89631B0F6E1E9CA386FADD566    16296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe
2014-10-17 05:08:05    E3E6B18458FFB07CB24D7A0BA77C9FDF    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe
2014-10-17 05:08:05    7AB1F1B3FB6C3DACA34EA2F988CDF5AC    16296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe
2014-10-17 05:08:05    75EE99C7F0038C746D82C76221ECA4EF    16296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe
2014-10-17 05:08:04    A458E2535E46151690E53E2A03FAA711    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe
2014-10-17 05:08:04    9BFAEF308D50779F6B255CB7BA7DCA5A    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe
2014-10-17 05:08:04    4367C05B0CF5553E71B34F51003D0615    76200    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-10-17 05:08:04    4109C4DB4BD48F5BF8115C7523A6B6F8    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\klist.exe
2014-10-17 05:08:04    26C7F32186B1F0364CD06EA69227A79D    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe
2014-10-17 05:08:03    B719E0F43166037DF46B5CFBE60A5118    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe
2014-10-17 05:08:03    75D477E868CA51EC1B09D730570F322B    176552    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe
2014-10-17 05:08:03    691D49FB44EDE9788288CABE4F7E0DAF    272296    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe
2014-10-17 05:08:02    BB8C890E3E6372F2720709262BD42BF4    30632    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe
2014-10-17 05:08:02    AA3520FB0133A56BEE1DB34D74DBEF64    176552    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\java.exe
2014-10-17 05:08:02    74713E9C1B01B152DDD3A1A3519A3647    15784    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe
2014-10-17 05:08:02    70E67429D2C011FD0419AF899A8D0D70    68520    ----a-w-    C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe
2014-10-17 05:06:12    3BBCE2D3B2ED9E1B30C523C4F23F83C5    216968    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\lib\visualvm\platform\lib\nbexec64.exe
2014-10-17 05:06:09    818655099B9EF65EA5925BD950DE1596    158600    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\lib\visualvm\platform\lib\nbexec.exe
2014-10-17 05:06:02    EB5F38C6D6CD49725568FC3D2451909E    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\tnameserv.exe
2014-10-17 05:06:02    B76493C384552AA80A4512F6FA214D74    159624    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\unpack200.exe
2014-10-17 05:06:02    030693AD7B08BCB2DD4854EF140373E1    51080    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\ssvagent.exe
2014-10-17 05:06:01    EC8CBD6A7198E24429A672898FE8C479    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\pack200.exe
2014-10-17 05:06:01    D17BB433CEB158AE2239DEA370FA6799    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\orbd.exe
2014-10-17 05:06:01    C17CA630DD20E2DB4A8B8CA2E3202E89    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\rmid.exe
2014-10-17 05:06:01    C084CF60B933AD46A889D442312877A8    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\servertool.exe
2014-10-17 05:06:01    BC9003B228593A4EC195871AC119DB03    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\policytool.exe
2014-10-17 05:06:01    49BAF09D5741E3226A50B7EE1CED587C    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\rmiregistry.exe
2014-10-17 05:06:00    C5AA0D361DA6B97CDD448F346899FBED    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\kinit.exe
2014-10-17 05:06:00    9FDA1F4A37CC4FF77FCA43219D5DBCEE    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\keytool.exe
2014-10-17 05:06:00    9D9410169CDF4BB22DE5AD09E8C4987E    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\ktab.exe
2014-10-17 05:06:00    6E3EFE275397D5537AAF38A2CE600FA5    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\klist.exe
2014-10-17 05:05:59    9B941CF7D2846052836F9CEC6F32E207    76168    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\jp2launcher.exe
2014-10-17 05:05:59    6151C7FFA1E874B2E370069A7FD78370    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\jjs.exe
2014-10-17 05:05:58    E2FD3B1FEC0B550494F5C1E6B2AEE34D    272264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\javaws.exe
2014-10-17 05:05:58    50568EBD41E5897EFFF4B81DDEBACC39    176520    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\javaw.exe
2014-10-17 05:05:57    97CDFB865C5D79DE8C42977AEAA96D15    68488    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\javacpl.exe
2014-10-17 05:05:57    78100DA699E257C8921B5A2623D4C030    176520    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\java.exe
2014-10-17 05:05:56    59D6C9D922C9AD81D7F4D827B1C67D50    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\java-rmi.exe
2014-10-17 05:05:56    15606B8AB0B7759332945AC4EBCC8AA7    30600    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\bin\jabswitch.exe
2014-10-17 05:05:51    EB23B05581C92A97CE2A9D03F36CF8C6    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\xjc.exe
2014-10-17 05:05:51    C647B84298366F22EA072F99427A9F6D    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\tnameserv.exe
2014-10-17 05:05:51    76EF1461E958412B9A152EDDB01427B2    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\servertool.exe
2014-10-17 05:05:51    6BBB0B5CA524758C6EC7465E7246A183    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\wsgen.exe
2014-10-17 05:05:51    57AA1C3085CFC5F5EB88C201FC7B47CB    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\wsimport.exe
2014-10-17 05:05:51    4F2E9EE12BAD9C27582EB49CBE98F687    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\serialver.exe
2014-10-17 05:05:51    35B76035CE22D6E4EFC46423FB32F9E1    159624    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\unpack200.exe
2014-10-17 05:05:50    F5982D8BA6BA546784DB4A734E167AD8    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\orbd.exe
2014-10-17 05:05:50    DCC981165946C803E4E18070469FA263    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\rmiregistry.exe
2014-10-17 05:05:50    C3738540CEEA929A0BD66FA5A8459A2E    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\ktab.exe
2014-10-17 05:05:50    A5BECD15C41B6BB4331975B62DE5EBD5    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\native2ascii.exe
2014-10-17 05:05:50    7B07F3F333CB6C28D4F87ACEE1AA31AC    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\schemagen.exe
2014-10-17 05:05:50    5D8D3EBD1500D1A599B90C22994B67E2    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\rmic.exe
2014-10-17 05:05:50    391FBAB0619EE975B530ACCEA0695EB2    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\pack200.exe
2014-10-17 05:05:50    16D516175E4F350CEF8588A7C236433A    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\policytool.exe
2014-10-17 05:05:50    028C74F82CA73155540EBF3AB80C3DE9    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\rmid.exe
2014-10-17 05:05:49    E5C3B79F22701DF3D37D6F9BDBF9FFBA    197000    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jvisualvm.exe
2014-10-17 05:05:49    DB02E3CF7777362185E7DD4637032B02    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jstat.exe
2014-10-17 05:05:49    649AC5958766F9DB448A4A4230952A0D    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\klist.exe
2014-10-17 05:05:49    5322ADFC871E6BAD25F60951A6A77D46    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\kinit.exe
2014-10-17 05:05:49    1F90CD350B4EE7728AF271E31FBF49F3    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\keytool.exe
2014-10-17 05:05:49    0AEE486B579A4EE7AF19440C8A9D9FC2    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jstatd.exe
2014-10-17 05:05:48    E019C5EB1951769344C53ADB6FDD47B4    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jrunscript.exe
2014-10-17 05:05:48    C3CAF99AD21AAA1A21C5E62DC3254468    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jsadebugd.exe
2014-10-17 05:05:48    8550739977003063ADF3379F78C93C14    318344    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jmc.exe
2014-10-17 05:05:48    7E09026E5EDA23D91DB36DE6572DAB94    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jstack.exe
2014-10-17 05:05:48    576531AB838A2EEE7943AADFDD4CBA4C    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jps.exe
2014-10-17 05:05:48    1C3F74B20290FB43D0931D45F2F38706    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jmap.exe
2014-10-17 05:05:47    BEBCD7324791406F99B6316688D0C532    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jconsole.exe
2014-10-17 05:05:47    9E4AE45BED11C85BE33C225419E937A2    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jcmd.exe
2014-10-17 05:05:47    8138FA30D514BBB81F12267516D5CFA8    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jhat.exe
2014-10-17 05:05:47    71DF5E6BA576BAB28180259CEEBDAE81    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jinfo.exe
2014-10-17 05:05:47    664146E2A48C0BE5EDD864F50813F078    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jdb.exe
2014-10-17 05:05:47    546E5F8119BBD0F768EBB1719DCB11E0    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jjs.exe
2014-10-17 05:05:47    3D9E46D5420F40705DF1A96398C5254B    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jdeps.exe
2014-10-17 05:05:46    E702C076A1D899B248F8D70DA0111A56    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javah.exe
2014-10-17 05:05:46    DEBFC693C9B11723F2F2C59DF958A664    272264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javaws.exe
2014-10-17 05:05:46    96F60D6300269C21FACA66038A4A99EE    176520    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javaw.exe
2014-10-17 05:05:46    5A6F4AE63D0509CE7FF2F0FA0AED8E18    80776    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javapackager.exe
2014-10-17 05:05:46    292FF007CD0EC5A9E3E8618E4ACB79B1    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javap.exe
2014-10-17 05:05:45    D57E1E94860AF4AA6EA82393579DD72B    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javac.exe
2014-10-17 05:05:45    ABBD8F7F9B2821A5650E6867F4F8A03C    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javadoc.exe
2014-10-17 05:05:45    426E3E41984496433ED6D0B8C69ECE73    80776    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\javafxpackager.exe
2014-10-17 05:05:45    058C8B08DEB227FDB447DD80B0939EBC    176520    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\java.exe
2014-10-17 05:05:44    B12BA3757660A99222B3A03E7CD047FB    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jarsigner.exe
2014-10-17 05:05:44    801B76EC87440F3AADD077372CD2DAA4    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\java-rmi.exe
2014-10-17 05:05:44    08AF315BF1BF72E19325220CEA8D5E58    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jar.exe
2014-10-17 05:05:43    8A1CF5D169D4B68C90D530FDE27FEF63    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\idlj.exe
2014-10-17 05:05:43    27985AF67F45106669E8D36E16FA4C2E    30600    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\jabswitch.exe
2014-10-17 05:05:43    1BF86A0FBD24D35BFB1E8D5E70E8B3CE    15752    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\extcheck.exe
2014-10-17 05:05:42    D4A5073F1B9A8FF9CB32B61247AEC434    16264    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\bin\appletviewer.exe
2014-10-17 05:01:56    D73EC953268159495AB1793DAC9D674F    164902816    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$R4YBRY6.exe
2014-10-17 05:00:08    462542FFEFD3B7822932A0F0D840E355    177856928    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RP5B5T7.exe
2014-10-17 04:49:20    3A582BF6FD39DC6A52AAF316126B40BA    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RBCMOGI.exe
2014-10-17 04:35:49    3A582BF6FD39DC6A52AAF316126B40BA    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RJYFC48.exe
2014-10-17 04:33:53    3A582BF6FD39DC6A52AAF316126B40BA    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RFAGKFM.exe
2014-10-17 04:27:46    3A582BF6FD39DC6A52AAF316126B40BA    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RFX2E6N.exe
2014-10-17 04:23:38    44933ED144874569EB5A43B613CBE88A    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RCYYNTJ.exe
2014-10-17 04:18:53    0B1E768DDBA789AB42489F385A8C54EC    937896    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RBBYL81.exe
2014-10-17 04:14:46    3A582BF6FD39DC6A52AAF316126B40BA    638888    ----a-w-    C:\$Recycle.Bin\S-1-5-21-241018434-2942457574-2001896560-1000\$RYYUGOX.exe
2014-10-17 01:09:52    C3FAB9393D1A3B16118257A530331440    54432    ----a-w-    C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
2014-10-17 01:09:52    C3FAB9393D1A3B16118257A530331440    54432    ----a-w-    C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
2014-10-17 01:09:52    AE1FA46A9C96112D5F88B6E7083EE093    96768    ----a-w-    C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
2014-10-17 01:09:52    894EF368D9A56BEC0201E70E5DDA5861    59392    ----a-w-    C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe
2014-10-17 01:09:52    21163B4A9356447287244A3CC0337916    130208    ----a-w-    C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
2014-10-16 18:47:56    56D58EA0DC66FC5477156F540D9E4AFF    140232    ----a-w-    C:\Program Files\Verizon\VzDownloadManager\VzDownloadManager_Uninst.exe
=== C: other files ==
2014-10-22 18:57:01    0E0E441C967910FBA3FB86525E98AC6C    98    ----a-w-    C:\Users\Pc\AppData\Local\Temp\uttA68D.tmp.bat
2014-10-17 05:08:07    CE44A9D4918DCDC7CCCF5503BF4D7A3D    14130    ----a-w-    C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-10-17 05:06:03    CE44A9D4918DCDC7CCCF5503BF4D7A3D    14130    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\jre\lib\deploy\ffjcext.zip
2014-10-17 05:05:52    3BB6B13DC8C5EEA7136ECD1FD97C5BB0    5025524    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\javafx-src.zip
2014-10-17 05:05:51    EADACDA8143EEF2B6B4D980951E3DD2F    1387    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\dblook.bat
2014-10-17 05:05:51    DF3D54E32E15A19252ABC233C15E89AD    1284    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\setNetworkClientCP.bat
2014-10-17 05:05:51    A5C4E1441A3C4FFC212894B48927F2E4    2426    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\derby_common.bat
2014-10-17 05:05:51    A40B148E94D379D685C5680E9C2237F2    1389    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\sysinfo.bat
2014-10-17 05:05:51    9C163DC5EE82C1406B972C91C3AF6C48    1397    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\startNetworkServer.bat
2014-10-17 05:05:51    8B60A818AFAF28D6990ED8DBC38C7629    1273    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\setNetworkServerCP.bat
2014-10-17 05:05:51    80F3240EC26153182653BC231E91D195    1403    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\stopNetworkServer.bat
2014-10-17 05:05:51    354BAED360255170A65BD8165F022FD3    1278    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\setEmbeddedCP.bat
2014-10-17 05:05:51    23CDC9E9ADF8A10F40DD845397036C94    1379    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\ij.bat
2014-10-17 05:05:51    1384CD0AF6BBD83C2F01BD56E30309DC    1413    ----a-w-    C:\Program Files\Java\jdk1.8.0_25\db\bin\NetworkServerControl.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-241018434-2942457574-2001896560-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Tiny download manager"="C:\Users\Pc\AppData\Local\DM\TinyDM.exe /M"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"Norton Online Backup"="C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe"
"BackupManagerTray"="C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Tiny download manager"="C:\Users\Pc\AppData\Local\DM\TinyDM.exe /M"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\SupTab\\SEARCH~1.DLL"

==== Startup Folders ======================

2014-01-29 18:53:12    2073    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21.10.2014 23:07]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05.10.2014 12:02]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\DeviceDetector" [C:\Program Files\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\system32\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\IHSelfDeleteTASK" [CMD]
"C:\Windows\system32\tasks\IHUninstallTrackingTASK" [CMD]
"C:\Windows\system32\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"]
"C:\Windows\system32\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"]
"C:\Windows\system32\tasks\{1C41CC0C-DCF2-49E4-9F06-B91F2D5E7E51}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.117&LastError=404]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"shortcutff@gmail.com"="C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\extensions\shortcutff@gmail.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [29.01.2014 14:55]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573
40AAE0A1A4F664828DF5A95875AEA1C8    - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll -    Google Update
E7006BB5611298DBDD03FE3519C19AC2    - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll -    Java Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18    - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.250.18
64C4ADE063A9C93D3BAE09922AD90C27    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
64C4ADE063A9C93D3BAE09922AD90C27    - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -    Adobe Acrobat
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
6B34823748BD3C10EB2816858025AFE9    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.5
6B34823748BD3C10EB2816858025AFE9    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.5
64A0D594BCC06DB71B22E7E7EB8869BE    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.5
64A0D594BCC06DB71B22E7E7EB8869BE    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.5
DA80F202C1247CCEB3A92BB2BB30B412    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.5
DA80F202C1247CCEB3A92BB2BB30B412    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.5
893BF7D2261C56C24F813405D9D018E0    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -    Silverlight Plug-In
B5371D2C9017EEE216B5361D600B3543    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
DDC4B753983AF90EEDA7360C16D4D39A    - C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npoctoshape.dll -    Octoshape Streaming Services
D6ED6EB98E759460AD8C66DE23070132    - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
F4B733EB0355B72F99B66F5577CBA4D7    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -    QuickTime Plug-in 6.1c
1BFD18699636B8F1AA26675BA43D2F8F    - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll -    Shockwave for Director / Shockwave for Director
0A1FF0B674E2F268799442A434A63BB3    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
99F97C9FE748C37528C338A423577FCB    - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll -    Microsoft® Windows Media Player Firefox Plugin
8DA2ED6B04EA33F2EAE8BA883F903729    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ainbkicbloikcngphmjfpjdemblcojdd - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02.07.2014 18:30]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

avast Online Security - Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\Pc\AppData\Local\Bromium\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Chromium\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true},"ntp":{"shown_sections":64,"shown_page":1024}}

C:\Users\Pc\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Nichrome\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Xpom\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Yandex\Internet\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\go]
@="http://gorsel.yandex.com.tr/yandsearch?win=113&clid=2083127&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ha]
@="http://haber.yandex.com.tr/yandsearch?win=113&clid=2083127&rpt=nnews2&grhow=clutop&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\vi]
@="http://video.yandex.com.tr/#search?win=113&clid=2083127&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.com.tr/yandsearch?win=113&clid=2083127&text=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{7DC0055E-1C76-479B-9C92-9D2459569A1F} portalsepeti  Url="http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=JET2&uid=132775_34605056_230351807_3219913727_7869E72D&tm=1358612755"
{85AD0033-1151-461F-8152-9CA484DA6824} Yandex  Url="http://yandex.com.tr/yandsearch?win=113&clid=2083124&text={searchTerms}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\shortcutff@gmail.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Pc\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Pc\Desktop\Tiny download manager.lnk - C:\Users\Pc\AppData\Local\DM\TinyDM.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\Users\Public\Desktop\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\Users\Public\Desktop\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\VzDownloadManager.lnk - C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe VzDownloadManager

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files\Java\jdk1.8.0_25\bin\jmc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Programını Kaldır.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Lync Recording Manager.lnk - C:\Windows\Installer\{91150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\Uninstall.lnk - C:\Program Files\Verizon\VzDownloadManager\VzDownloadManager_Uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager\VzDownloadManager.lnk - C:\Program Files\Verizon\VzDownloadManager\VzDownloadManagerUI.exe VzDownloadManager

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Video Converter.lnk - C:\Program Files\GRETECH\GOMVideoConverter\GomVC.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1402161921&from=tt4u&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1EC1ZLHS4ZLHS4
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1402161921&from=tt4u&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1EC1ZLHS4ZLHS4
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1402161921&from=tt4u&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1EC1ZLHS4ZLHS4
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1402161921&from=tt4u&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXF1EC1ZLHS4ZLHS4
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== shortcuts After Repair ======================

C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

==== Empty IE Cache ======================

C:\Users\Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Pc\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\yasearch-xb\packages\{86c270c9-76aa-423b-9548-da3ae1c9c9f1}\modules\common\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=327 folders=63 8645346 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pc\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pc\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 22.10.2014 at 17:10:31,04 ======================
 

Link to post
Share on other sites

Ok, improvement should be noticeable...

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Link to post
Share on other sites

Ok here are the results for JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Starter x86
Ran by Pc on 22.10.2014 at 19:27:57,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update serialtrunc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ScanTack_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ScanTack_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateScanTack_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateScanTack_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SerialTrunc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSerialTrunc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSerialTrunc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSerialTrunc_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{C93F72A2-2162-4BBA-A07A-F13663C297A6}



~~~ Files

Successfully disinfected: [shortcut] C:\Users\Pc\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [shortcut] C:\Users\Pc\AppData\Roaming\microsoft\windows\start menu\Programs\Mozilla Firefox.lnk
Successfully disinfected: [shortcut] C:\Users\Pc\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\flvplayer"



~~~ FireFox

Successfully deleted: [File] C:\Users\Pc\AppData\Roaming\mozilla\firefox\profiles\jf8dwtno.default-1381697050573\user.js
Emptied folder: C:\Users\Pc\AppData\Roaming\mozilla\firefox\profiles\jf8dwtno.default-1381697050573\minidumps [43 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.10.2014 at 19:31:35,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Ok, next round incoming.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

Link to post
Share on other sites

Contents of Adwcleaner:

 

# AdwCleaner v4.001 - Rapor olusturuldu 22/10/2014 tarihinde 20:04:35
# DB v
# Guncellendi 20/10/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Starter Service Pack 1 (32 bits)
# Kullanici adi : Pc - Pc-Bilgisayar
# Adwcleaner konumu : C:\Users\Pc\Downloads\AdwCleaner.exe
# Tarama turu : Temizle

***** [ Servisler ] *****

[#] Servis Silindi : sbmntr

***** [ Dosyalar / Klasorler ] *****

Klasor Silindi : C:\ProgramData\pastaleads

***** [ Görevler ] *****

Görev Silindi : Express FilesUpdate
Görev Silindi : RocketTab Update Task
Görev Silindi : RocketTab
Görev Silindi : SMupdate1
Görev Silindi : YTDownloader

***** [ Kisayollar ] *****


***** [ Registry ] *****

Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKCU\Software\anchorfree
Registry Key Silindi : HKCU\Software\ExpressFiles
Registry Key Silindi : HKCU\Software\GlobalUpdate
Registry Key Silindi : HKCU\Software\lollipop
Registry Key Silindi : HKCU\Software\performersoft llc
Registry Key Silindi : HKCU\Software\systweak
Registry Key Silindi : HKCU\Software\Tutorials
Registry Key Silindi : HKCU\Software\AppDataLow\Software\Conduit
Registry Key Silindi : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Registry Key Silindi : HKCU\Software\AppDataLow\Software\SmartBar
Registry Key Silindi : HKLM\SOFTWARE\Conduit
Registry Key Silindi : HKLM\SOFTWARE\ExpressFiles
Registry Key Silindi : HKLM\SOFTWARE\GlobalUpdate
Registry Key Silindi : HKLM\SOFTWARE\NpApp
Registry Key Silindi : HKLM\SOFTWARE\systweak
Registry Key Silindi : HKLM\SOFTWARE\Tutorials
Registry Key Silindi : HKLM\SOFTWARE\Wpm

***** [ Tarayicilar ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.1 (x86 tr)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [4237 octets] - [22/10/2014 19:50:28]
AdwCleaner[s0].txt - [4155 octets] - [22/10/2014 20:04:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4215 octets] ##########
 

Link to post
Share on other sites

OK, now let's have a fresh look.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Ok, frst results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
Ran by Pc (administrator) on Pc-Bilgisayar on 23-10-2014 11:10:12
Running from C:\Users\Pc\Downloads
Loaded Profiles: Pc &  (Available profiles: Pc)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Türkçe (Türkiye)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\System32\NTServer\service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(http://www.tinydm.com/) C:\Users\Pc\AppData\Local\DM\TinyDM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [suiteTray] => C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [backupManagerTray] => C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10889832 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-241018434-2942457574-2001896560-1000\...\Run: [Tiny download manager] => C:\Users\Pc\AppData\Local\DM\TinyDM.exe [289752 2014-08-15] (http://www.tinydm.com/)
HKU\S-1-5-21-241018434-2942457574-2001896560-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-241018434-2942457574-2001896560-1000\...\MountPoints2: {c4077863-1e22-11e3-ac78-dc0ea1b99823} - E:\SETUP.EXE
HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Tiny download manager] => C:\Users\Pc\AppData\Local\DM\TinyDM.exe [289752 2014-08-15] (http://www.tinydm.com/)
HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-241018434-2942457574-2001896560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c4077863-1e22-11e3-ac78-dc0ea1b99823} - E:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.portalsepeti.com?oem=JET2&uid=132775_34605056_230351807_3219913727_7869E72D&tm=1358612755
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - 2DF8EFEE922D2198BC4C9BC9C1ACCD2B URL = http://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=113&clid=2083124&text={searchTerms}
SearchScopes: HKCU - 5828ADC52EF6A94F83982E4F8529A415 URL = http://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q={searchTerms}
SearchScopes: HKCU - AFCADA1B2C126E735B28C604E55D16D3 URL = http://gorsel.yandex.com.tr/yandsearch?win=113&clid=2083124&text={searchTerms}
SearchScopes: HKCU - F24D9272907AF5D67976A15AF1BE2FF6 URL = http://video.yandex.com.tr/#search?win=113&clid=2083124&text={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {7DC0055E-1C76-479B-9C92-9D2459569A1F} URL = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=JET2&uid=132775_34605056_230351807_3219913727_7869E72D&tm=1358612755
SearchScopes: HKCU - {85AD0033-1151-461F-8152-9CA484DA6824} URL = http://yandex.com.tr/yandsearch?win=113&clid=2083124&text={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yandex.Bar - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll ()
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKCU - Yandex.Bar - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll ()
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF NetworkProxy: "http", "proxy2.gazi.edu.tr"
FF NetworkProxy: "http_port", 2001
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Pc\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pc\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\gorsel.yandex.com.tr-221240.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\haber.yandex.com.tr-221240.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\video.yandex.com.tr-221240.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\yandex.com.tr-221240.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\yqs-barff-yagorsel.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\yqs-barff-yahaber.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\yqs-barff-yandex.xml
FF SearchPlugin: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\searchplugins\yqs-barff-yavideo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! Online Security) - C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-02]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-23] (Intel Corporation)
S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-01-18] (Atheros Communication Inc.) [File not signed]
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [738688 2012-02-07] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-02-06] (Acer Incorporated)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NTServiceSystem; C:\Windows\system32\NTServer\service.exe [91232 2012-12-27] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 GamesAppIntegrationService; "C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
S3 GamesAppService; "C:\Program Files\WildTangent Games\App\GamesAppService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-02] ()
R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [60968 2011-11-04] (Broadcom Corporation)
R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [17960 2011-11-04] (Broadcom Corporation)
R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [43560 2011-09-02] (Broadcom Corporation)
R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [47104 2012-05-04] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2012-05-16] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2012-05-16] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2012-05-16] (Egis Technology Inc.)
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [15360 2012-02-07] (NTI Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-09-13] (AnchorFree Inc)
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [14848 2012-02-07] (NTI Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-13] (StdLib)
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 11:10 - 2014-10-23 11:12 - 00026118 _____ () C:\Users\Pc\Downloads\FRST.txt
2014-10-22 20:09 - 2014-10-22 20:09 - 00004295 _____ () C:\Users\Pc\Desktop\AdwCleaner[s0].txt
2014-10-22 19:50 - 2014-10-22 20:04 - 00000000 ____D () C:\AdwCleaner
2014-10-22 19:49 - 2014-10-22 19:49 - 01962496 _____ () C:\Users\Pc\Downloads\AdwCleaner.exe
2014-10-22 19:39 - 2014-10-22 19:39 - 00796616 _____ ( ) C:\Users\Pc\Downloads\Free_Download_Setup.exe
2014-10-22 19:31 - 2014-10-22 19:31 - 00003628 _____ () C:\Users\Pc\Desktop\JRT.txt
2014-10-22 19:27 - 2014-10-22 19:27 - 01706144 _____ (Thisisu) C:\Users\Pc\Downloads\JRT.exe
2014-10-22 19:27 - 2014-10-22 19:27 - 00000000 ____D () C:\Windows\ERUNT
2014-10-22 17:07 - 2014-10-22 16:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-22 16:30 - 2014-10-22 15:54 - 00000904 _____ () C:\zoek-results2014-10-22-195447.log
2014-10-22 16:25 - 2014-10-22 16:25 - 01290752 _____ () C:\Users\Pc\Downloads\zoek.exe
2014-10-22 15:50 - 2014-10-22 17:10 - 00085291 _____ () C:\zoek-results.log
2014-10-22 15:43 - 2014-10-22 17:09 - 00000000 ____D () C:\zoek_backup
2014-10-22 15:41 - 2014-10-22 15:41 - 00034712 _____ () C:\Users\Pc\Desktop\malwarescan.txt
2014-10-22 15:36 - 2014-10-22 15:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Pc\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-22 15:10 - 2014-10-22 15:12 - 00038853 _____ () C:\Users\Pc\Desktop\Addition.txt
2014-10-22 15:08 - 2014-10-23 11:10 - 00000000 ____D () C:\FRST
2014-10-22 15:08 - 2014-10-22 15:12 - 00049389 _____ () C:\Users\Pc\Desktop\FRST.txt
2014-10-22 15:07 - 2014-10-22 15:07 - 01103360 _____ (Farbar) C:\Users\Pc\Downloads\FRST.exe
2014-10-22 13:21 - 2014-10-23 10:58 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 13:20 - 2014-10-22 15:38 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 13:20 - 2014-10-22 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 13:20 - 2014-10-22 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 13:20 - 2014-10-22 13:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 13:20 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 13:20 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 13:20 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 13:17 - 2014-10-22 13:18 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Pc\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 12:39 - 2014-10-22 12:39 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-22 12:39 - 2014-10-22 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-22 12:37 - 2014-10-22 12:37 - 00880272 _____ (Google Inc.) C:\Users\Pc\Downloads\ChromeSetup.exe
2014-10-22 12:20 - 2014-10-22 12:20 - 00040806 _____ () C:\Users\Pc\Downloads\BTM2014_1843816.pdf-
2014-10-21 21:04 - 2014-10-21 21:04 - 00008504 _____ () C:\Users\Pc\Desktop\Book1.xlsx
2014-10-21 19:49 - 2014-10-22 22:22 - 00000000 ____D () C:\Users\Pc\Desktop\statical exams
2014-10-17 21:25 - 2014-10-17 21:25 - 00308736 _____ () C:\Users\Pc\Downloads\e224o2008.ppt
2014-10-17 20:25 - 2014-10-17 20:26 - 00884224 _____ () C:\Users\Pc\Downloads\Chapter5.ppt
2014-10-17 18:53 - 2014-10-17 18:54 - 05031846 _____ () C:\Users\Pc\Downloads\0_Fwd_ AFPCNS Notes_140904.zip
2014-10-17 12:09 - 2014-10-17 12:09 - 01054912 _____ (Adobe) C:\Users\Pc\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-17 01:09 - 2014-10-17 01:09 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-17 01:09 - 2014-10-17 01:08 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-17 01:08 - 2014-10-17 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 01:06 - 2014-10-17 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-10-16 14:48 - 2014-10-16 14:48 - 00001044 _____ () C:\Users\Pc\Request.xml
2014-10-16 14:48 - 2014-10-16 14:48 - 00000031 _____ () C:\Users\Pc\response.xml
2014-10-16 14:47 - 2014-10-16 14:47 - 01977752 _____ () C:\Users\Pc\Downloads\vzdownloadmanager.exe
2014-10-16 14:47 - 2014-10-16 14:47 - 00001169 _____ () C:\Users\Public\Desktop\VzDownloadManager.lnk
2014-10-16 14:47 - 2014-10-16 14:47 - 00000420 _____ () C:\Users\Pc\Install-VzDownloadManager.log
2014-10-16 14:47 - 2014-10-16 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VzDownloadManager
2014-10-16 14:47 - 2014-10-16 14:47 - 00000000 ____D () C:\Program Files\Verizon
2014-10-16 14:46 - 2014-10-16 14:46 - 00350234 _____ () C:\Users\Pc\Desktop\Verizon FIOS Settings.html
2014-10-15 12:06 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 12:06 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 12:06 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 12:06 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 12:06 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 12:06 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 12:06 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 12:06 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 12:06 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 12:06 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 12:06 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 12:06 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 12:06 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 12:06 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 12:06 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 12:06 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 12:06 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 12:06 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 12:06 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 12:06 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 12:06 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 12:06 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 12:06 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 12:06 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 12:06 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 12:06 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 12:06 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 12:06 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 12:06 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 12:06 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 12:06 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 12:06 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 12:02 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:02 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:02 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 11:58 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 11:58 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 11:57 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 11:57 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 11:57 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 11:57 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 11:57 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 11:57 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 11:57 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 11:57 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 11:57 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 11:57 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 11:57 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 11:57 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 11:57 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 11:57 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 11:57 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 11:56 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 11:56 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 11:56 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 11:56 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 11:56 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 11:56 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 11:56 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 11:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 11:56 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 11:56 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 11:56 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 11:56 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 11:56 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 11:56 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 11:56 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 11:56 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 11:56 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 11:56 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 11:56 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 11:56 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-13 22:09 - 2014-10-13 22:10 - 07159778 _____ () C:\Users\Pc\Downloads\kamudabilkent_anket_erhansirt (1).xlsx
2014-10-13 21:46 - 2014-10-13 22:02 - 07159778 _____ () C:\Users\Pc\Downloads\kamudabilkent_anket_erhansirt.xlsx
2014-10-13 19:56 - 2014-10-13 19:56 - 00498819 _____ () C:\Users\Pc\Downloads\KİTAP -Canan.rar
2014-10-10 19:05 - 2014-10-10 19:06 - 00000000 ____D () C:\Users\Pc\Desktop\MERT
2014-10-09 10:30 - 2014-10-09 10:30 - 00248320 _____ () C:\Users\Pc\Downloads\Lecture13_Technology.ppt
2014-10-08 21:54 - 2014-10-08 21:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-10-06 23:08 - 2014-10-06 23:08 - 00612770 _____ () C:\Users\Pc\Downloads\6221.JPEG
2014-10-06 22:19 - 2014-10-06 22:19 - 00895120 _____ (Google Inc.) C:\Users\Pc\Downloads\googledrivesync (1).exe
2014-10-05 12:06 - 2014-10-05 12:06 - 00001964 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-10-05 12:06 - 2014-10-05 12:06 - 00001962 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-10-05 12:06 - 2014-10-05 12:06 - 00001952 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-10-05 12:06 - 2014-10-05 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-05 11:59 - 2014-10-05 11:59 - 00895120 _____ (Google Inc.) C:\Users\Pc\Downloads\googledrivesync.exe
2014-10-05 00:13 - 2014-10-14 11:18 - 00000000 ____D () C:\Users\Pc\Desktop\english sources
2014-10-01 13:47 - 2014-10-01 13:48 - 00046080 _____ () C:\Users\Pc\Downloads\3855,2grupxls.xls
2014-09-30 18:29 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:34 - 2014-09-30 12:34 - 00000000 ____D () C:\Users\Pc\Desktop\hukuk
2014-09-25 23:38 - 2014-10-22 14:57 - 00000000 ____D () C:\Users\Pc\AppData\Roaming\uTorrent
2014-09-24 16:56 - 2014-09-24 16:56 - 00000000 ____D () C:\Users\Pc\Desktop\sefika-kurs
2014-09-24 16:04 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 11:10 - 2012-05-26 23:44 - 01734477 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 11:05 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 11:05 - 2009-07-14 00:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 10:58 - 2013-04-21 17:39 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 10:58 - 2012-09-14 17:44 - 00000000 ____D () C:\Users\Pc\AppData\Roaming\Skype
2014-10-23 10:58 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 10:57 - 2014-09-14 20:40 - 00006909 _____ () C:\Windows\setupact.log
2014-10-22 23:52 - 2013-04-21 17:39 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 23:50 - 2012-09-28 16:41 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 20:05 - 2014-09-14 20:40 - 00066782 _____ () C:\Windows\PFRO.log
2014-10-22 19:31 - 2013-02-02 16:28 - 00001041 _____ () C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-22 19:31 - 2012-09-01 12:26 - 00001401 _____ () C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-22 17:09 - 2014-06-03 14:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-22 16:48 - 2012-09-01 12:24 - 00000000 ____D () C:\Users\Pc
2014-10-22 16:48 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-22 16:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-22 12:38 - 2013-04-21 17:39 - 00000000 ____D () C:\Program Files\Google
2014-10-22 12:35 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-22 11:09 - 2014-03-29 16:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-21 23:07 - 2012-05-16 14:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-21 23:07 - 2012-05-16 14:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-20 23:17 - 2014-09-08 23:33 - 00000000 ____D () C:\Users\Pc\Desktop\sais-classes
2014-10-20 01:33 - 2013-04-16 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 01:32 - 2014-09-03 00:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 01:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-10-17 12:10 - 2012-09-16 17:23 - 00000000 ____D () C:\Users\Pc\AppData\Local\Adobe
2014-10-17 01:07 - 2013-12-28 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 01:07 - 2013-03-09 05:25 - 00000000 ____D () C:\Program Files\Java
2014-10-16 21:10 - 2012-05-16 14:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-10-16 01:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 00:30 - 2014-06-07 19:05 - 00114264 _____ () C:\Users\Pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-16 00:30 - 2009-07-14 00:33 - 00438584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 00:26 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-16 00:11 - 2013-08-17 15:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 00:11 - 2009-07-13 22:04 - 00000647 _____ () C:\Windows\win.ini
2014-10-15 23:56 - 2012-10-09 14:33 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 20:39 - 2013-09-28 15:36 - 00000000 ____D () C:\Users\Pc\Documents\gezi parkı
2014-10-12 13:33 - 2013-09-15 13:05 - 00000000 ____D () C:\Users\Pc\Desktop\toefl
2014-10-12 13:32 - 2012-09-23 12:51 - 00000000 ____D () C:\Users\Pc\Desktop\çeşitli makaleler
2014-10-12 13:32 - 2012-09-23 12:47 - 00000000 ____D () C:\Users\Pc\Documents\diğer
2014-10-12 13:31 - 2012-09-23 14:40 - 00000000 ____D () C:\Users\Pc\Documents\Sirt_Erhan_YTYA_Application
2014-10-12 13:26 - 2012-09-23 14:46 - 00000000 ____D () C:\Users\Pc\Documents\şahsi-özgeçmişler
2014-10-12 13:22 - 2014-07-07 16:24 - 00000000 ____D () C:\Users\Pc\Desktop\sais
2014-10-12 13:21 - 2014-02-13 13:07 - 00000000 ____D () C:\Users\Pc\Desktop\bilgi edinme ülkeler
2014-10-12 13:15 - 2013-10-11 13:54 - 00000000 ____D () C:\Users\Pc\Desktop\doktora
2014-10-10 19:07 - 2012-05-27 00:37 - 00656682 _____ () C:\Windows\system32\perfh01F.dat
2014-10-10 19:07 - 2012-05-27 00:37 - 00140078 _____ () C:\Windows\system32\perfc01F.dat
2014-10-10 19:07 - 2010-11-20 17:01 - 01569918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 22:43 - 2013-10-04 07:44 - 00000000 ____D () C:\Users\Pc\Documents\Outlook Files
2014-10-05 12:06 - 2012-09-19 16:13 - 00000000 ____D () C:\Users\Pc\AppData\Local\Google
2014-10-03 00:25 - 2014-07-08 15:23 - 00000000 ____D () C:\Users\Pc\Desktop\flash
2014-10-02 15:53 - 2013-04-17 14:18 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Pc\AppData\Local\Temp\Quarantine.exe
C:\Users\Pc\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-18 00:49

==================== End Of Log ============================

Link to post
Share on other sites

This is the additional one:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014
Ran by Pc at 2014-10-23 11:14:01
Running from C:\Users\Pc\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - MVP 2 (Version: 2.0.1702 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (Version: 2.0.1707 - CyberLink Corp.) Hidden
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2823.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (Version: 1.5.2823.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Turkish (HKLM\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Backup Manager V3 (Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (Version: 130.0.425.000 - Hewlett-Packard) Hidden
Cambridge TOEFL® Prep (HKLM\...\Cambridge TOEFL® Prep) (Version:  - )
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Media (HKLM\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi Photo (HKLM\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated)
Codecs for Windows 7 Pack 4.0.5 (HKLM\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
CoreAAC (HKLM\...\CoreAAC) (Version:  - )
Curse at Twilight (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Evernote v. 4.5.2 (HKLM\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (Version: 2.2.0.95 - WildTangent) Hidden
FLV Media Player version 1.3 (HKLM\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Channels (Version: 6.2.0.5 - WildTangent, Inc.) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
GOM Video Converter (HKLM\...\GOM Video Converter) (Version: 1.1.0.67 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Idle-#-Crawler (HKLM\...\Idle-#-Crawler) (Version: 87.0.0.434 - Internet Resources Analyzing Foundation) <==== ATTENTION
Insaniquarium Deluxe (Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation)
Internet Explorer için Yandex.Bar 6.7 (HKLM\...\{1D1E60B4-BE61-4219-BDF1-5A7622412130}) (Version: 6.7.0.1913 - Yandex)
Internet-based TOEFL (HKLM\...\Internet-based TOEFL_is1) (Version:  - Kaplan)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Jewel Match 3 (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 5.1.15 - Acer Inc.)
Longman iBT (HKLM\...\Longman iBT) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2013 Yazım Denetleme Araçları - Türkçe (HKLM\...\{90150000-001F-041F-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Türkçe (HKLM\...\{90150000-00BD-041F-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 tr) (HKLM\...\Mozilla Firefox 32.0.1 (x86 tr)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MyWinLocker 4 (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
Norton Online Backup (HKLM\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (Version: 9.0.2.9006 - NTI Corporation) Hidden
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Penguins! (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Practice Test 1 for the TOEFL® iBT - English Version 1.0 (HKLM\...\Practice Test 1 for the TOEFL® iBT - www.Englishtips.org_is1) (Version:  - )
PS_AIO_05_C4600_Software_Min (Version: 130.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Direct Connect (Version: 3.0 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Slingo Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tiny Download Manager (remove only) (HKLM\...\TinyDM) (Version: 2 - TinyDM LTD)
TOEFL Official Guide 2.05.0012 (HKLM\...\TOEFL Official Guide) (Version: 2.05.0012 - The McGraw-Hill Companies)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97 - WildTangent) Hidden
VzDownloadManager (HKCU\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Dash (Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-241018434-2942457574-2001896560-1000_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Users\Pc\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-241018434-2942457574-2001896560-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\Pc\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)
CustomCLSID: HKU\S-1-5-21-241018434-2942457574-2001896560-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\Pc\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-241018434-2942457574-2001896560-1000_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Users\Pc\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)

==================== Restore Points  =========================

14-10-2014 13:10:46 Windows Update
16-10-2014 03:47:33 Windows Update
17-10-2014 01:19:09 Installed iTunes
17-10-2014 04:24:47 Removed Java 7 Update 67
17-10-2014 05:03:28 Installed Java SE Development Kit 8 Update 25
20-10-2014 05:28:56 Windows Update
22-10-2014 19:50:51 zoek.exe restore point
22-10-2014 20:30:08 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C2199A0-0529-4607-AE91-3690A14A1B46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C8B4880-40B4-4A24-BA2C-BD0AE3367B5F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Pc-Bilgisayar-Pc Pc-Bilgisayar => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {2B819F90-4D15-4FB1-A10D-37EFF9C4773D} - \PastaQuotes No Task File <==== ATTENTION
Task: {2F8938EB-312A-4614-9AF7-39FC2A577E41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
Task: {53BCA605-7043-4595-8C26-D3B244D389B1} - System32\Tasks\{1C41CC0C-DCF2-49E4-9F06-B91F2D5E7E51} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.117&LastError=404
Task: {5638A314-5DE1-418F-89B6-56DABBB12BED} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5C449E9D-6D4B-4E1D-9269-E8DE10638D9A} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {60C08FC0-6ED6-4DB4-9A62-6E7F0F80FB37} - \YTDownloaderUpd No Task File <==== ATTENTION
Task: {63C0BC25-97D5-4753-996F-AC014D4F0E80} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {83AC23D1-43E9-4B4C-A25F-EC2687071F95} - \Installer_sm No Task File <==== ATTENTION
Task: {842352F5-6862-4ACD-892E-DC0DB332BBA6} - \Idle-#-Crawler Runner No Task File <==== ATTENTION
Task: {8B45EC5B-2840-47EE-A8AE-E7AC3DD0CFF4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-02] (AVAST Software)
Task: {95CA9F9A-D704-44C3-B05A-110C8B276F2B} - System32\Tasks\DeviceDetector => C:\Program Files\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {A5029882-6791-49FC-ADC6-4744B43EBF9F} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {AB3306EC-F2CE-4501-A6B7-E3027EB2EF1A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AD28C16E-9350-4F90-93AF-C8BBE0758D0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-05] (Google Inc.)
Task: {B1A03B75-7A34-4025-BB51-1439D58090B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-05] (Google Inc.)
Task: {BA1DDDFB-5A56-4247-980E-D4133568A289} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {E439A741-4C9F-4117-AF5A-717EACD9BDD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E8D5AA9D-25EB-45E2-A411-7977141D6E83} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {E90629DA-7127-4B5C-81AE-DE305AF0B8FA} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {FAD00041-64D4-434D-8194-25C41B725F52} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FCA6D7EF-224B-4FFF-856E-D39A387A25ED} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-02 18:31 - 2014-07-02 18:31 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-22 16:18 - 2014-10-22 16:18 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102201\algo.dll
2014-10-23 11:06 - 2014-10-23 11:06 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll
2012-09-23 08:22 - 2011-04-02 09:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2012-09-23 08:22 - 2011-04-02 09:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2014-04-23 09:05 - 2014-04-23 09:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 09:04 - 2014-04-23 09:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-16 13:50 - 2014-09-16 13:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-09 13:18 - 2010-01-09 13:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-20 18:34 - 2010-01-20 18:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files\NTI\Acer Backup Manager\ACE.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files\NTI\Acer Backup Manager\MailConverter32.dll
2013-01-19 12:25 - 2012-12-27 06:17 - 00091232 _____ () C:\Windows\system32\NTServer\service.exe
2012-05-16 14:38 - 2012-03-26 20:33 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-07-02 18:31 - 2014-07-02 18:31 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-16 00:49 - 2014-10-16 00:49 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-05-16 13:57 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-05-26 23:52 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-03-29 16:01 - 2014-10-21 23:49 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-241018434-2942457574-2001896560-500 - Administrator - Disabled)
Guest (S-1-5-21-241018434-2942457574-2001896560-501 - Limited - Disabled)
Pc (S-1-5-21-241018434-2942457574-2001896560-1000 - Administrator - Enabled) => C:\Users\Pc

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tünel Bağdaştırıcısı
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 10:58:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 08:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/22/2014 08:05:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Kablosuz Yerel Ağ Genişletilebilirlik Modülü beklenmeyen bir şekilde durduruldu.

Modül Yolu: C:\Program Files (x86)\Acer\WDAgent\AthIhvWlanExt.dll

Error: (10/22/2014 08:05:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Kablosuz Yerel Ağ Genişletilebilirlik Modülü beklenmeyen bir şekilde durduruldu.

Modül Yolu: C:\Program Files (x86)\Acer\WDAgent\AthIhvWlanExt.dll

Error: (10/22/2014 08:05:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Hizmet Denetimi Yöneticisi, Windows Search hizmetinin beklenmedik şekilde sonlanmasından sonra, bir düzeltme eylemi (Hizmeti yeniden başlat) uygulamayı denedi, ancak bu eylem şu hatayla başarısız oldu:
%%1056

Error: (10/22/2014 08:05:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Kablosuz Yerel Ağ Genişletilebilirlik Modülü beklenmeyen bir şekilde durduruldu.

Modül Yolu: C:\Program Files (x86)\Acer\WDAgent\AthIhvWlanExt.dll

Error: (10/22/2014 08:04:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  30000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (10/22/2014 08:04:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Yazdırma Biriktiricisi hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  60000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (10/22/2014 08:04:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: GREGService hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.

Error: (10/22/2014 08:04:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: HP SI Service hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  1000 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (10/22/2014 08:04:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Intel® Capability Licensing Service Interface hizmeti beklenmedik şekilde sona erdi.  Bu durum 1 defa oluştu.  0 milisaniye içinde şu düzeltme eylemi uygulanacak: Hizmeti yeniden başlat.

Error: (10/22/2014 08:04:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI IScheduleSvc hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.


Microsoft Office Sessions:
=========================
Error: (10/23/2014 10:58:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 08:06:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2014 07:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Celeron® CPU B815 @ 1.60GHz
Percentage of memory in use: 85%
Total physical RAM: 1878.36 MB
Available physical RAM: 280.24 MB
Total Pagefile: 3756.72 MB
Available Pagefile: 1461.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.2 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:183.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2D84616B)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;resetieproxy;emptyfolderscheck;deletehosts;reboot;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hi, second zoek results;

 

Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Pc on 23.10.2014 at 13:47:37,34.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pc\Downloads\zoek(1).exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-22-195447.log    904 bytes
C:\zoek-results2014-10-22-211031.log    85291 bytes

==== System Restore Info ======================

23.10.2014 13:53:01 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02.07.2014 18:31]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [29.01.2014 14:55]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573
40AAE0A1A4F664828DF5A95875AEA1C8    - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll -    Google Update
E7006BB5611298DBDD03FE3519C19AC2    - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll -    Java Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18    - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.250.18
64C4ADE063A9C93D3BAE09922AD90C27    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
64C4ADE063A9C93D3BAE09922AD90C27    - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -    Adobe Acrobat
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
6B34823748BD3C10EB2816858025AFE9    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.5
6B34823748BD3C10EB2816858025AFE9    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.5
64A0D594BCC06DB71B22E7E7EB8869BE    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.5
64A0D594BCC06DB71B22E7E7EB8869BE    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.5
DA80F202C1247CCEB3A92BB2BB30B412    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.5
DA80F202C1247CCEB3A92BB2BB30B412    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.5
893BF7D2261C56C24F813405D9D018E0    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll -    Silverlight Plug-In
B5371D2C9017EEE216B5361D600B3543    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
DDC4B753983AF90EEDA7360C16D4D39A    - C:\Users\Pc\AppData\Roaming\Mozilla\plugins\npoctoshape.dll -    Octoshape Streaming Services
D6ED6EB98E759460AD8C66DE23070132    - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
F4B733EB0355B72F99B66F5577CBA4D7    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -    QuickTime Plug-in 6.1c
1BFD18699636B8F1AA26675BA43D2F8F    - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll -    Shockwave for Director / Shockwave for Director
0A1FF0B674E2F268799442A434A63BB3    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
99F97C9FE748C37528C338A423577FCB    - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll -    Microsoft® Windows Media Player Firefox Plugin
8DA2ED6B04EA33F2EAE8BA883F903729    - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02.07.2014 18:30]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

avast Online Security - Pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\Pc\AppData\Local\Bromium\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Chromium\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true},"ntp":{"shown_sections":64,"shown_page":1024}}

C:\Users\Pc\AppData\Local\Comodo\Dragon\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Nichrome\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Xpom\User Data\Default\Preferences
{"bookmark_bar":{"show_on_all_tabs":true},"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}

C:\Users\Pc\AppData\Local\Yandex\Internet\User Data\Default\Preferences
{"homepage_is_newtabpage":false,"homepage":"http://www.yandex.com.tr/?win=38&clid=1806004","session":{"urls_to_restore_on_startup":["http://www.yandex.com.tr/?win=38&clid=1806004"]},"browser":{"show_home_button":true}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{7DC0055E-1C76-479B-9C92-9D2459569A1F} portalsepeti  Url="http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=JET2&uid=132775_34605056_230351807_3219913727_7869E72D&tm=1358612755"
{85AD0033-1151-461F-8152-9CA484DA6824} Yandex  Url="http://yandex.com.tr/yandsearch?win=113&clid=2083124&text={searchTerms}"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\yasearch-xb\packages\{86c270c9-76aa-423b-9548-da3ae1c9c9f1}\modules\common\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=328 folders=66 8645346 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pc\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pc\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\87RUJZLN\theoceansociety.thesyndicationserver.co.uk"  not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 23.10.2014 at 14:21:18,46 ======================
 

Link to post
Share on other sites

So we'll take a bigger hammer this time :)



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Thank you!here are the combofix results:

 

ComboFix 14-10-27.01 - Pc 28.10.2014  16:28:03.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1254.90.1055.18.1878.1053 [GMT -4:00]
Running from: c:\users\Pc\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-28  )))))))))))))))))))))))))))))))
.
.
2014-10-28 20:42 . 2014-10-28 20:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-28 20:03 . 2014-10-14 20:13    8901368    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{39F58FAB-5C9C-4E8A-AFFB-DB898B93F8A6}\mpengine.dll
2014-10-23 18:19 . 2014-10-23 17:47    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-10-23 18:19 . 2014-10-28 20:42    --------    d-----w-    c:\users\Pc\AppData\Local\Temp
2014-10-22 23:50 . 2014-10-23 00:04    --------    d-----w-    C:\AdwCleaner
2014-10-22 23:27 . 2014-10-22 23:27    --------    d-----w-    c:\windows\ERUNT
2014-10-22 19:43 . 2014-10-22 21:09    --------    d-----w-    C:\zoek_backup
2014-10-22 19:08 . 2014-10-23 15:16    --------    d-----w-    C:\FRST
2014-10-22 17:21 . 2014-10-28 19:58    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 17:20 . 2014-10-22 19:38    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-10-22 17:20 . 2014-10-22 17:20    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-22 17:20 . 2014-10-01 15:11    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-22 17:20 . 2014-10-01 15:11    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-22 17:20 . 2014-10-01 15:11    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-22 03:49 . 2014-10-22 03:49    3231696    ----a-w-    c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-10-17 05:09 . 2014-10-17 05:09    --------    d-----w-    c:\program files\Common Files\Java
2014-10-17 05:09 . 2014-10-17 05:08    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-16 18:47 . 2014-10-16 18:47    --------    d-----w-    c:\program files\Verizon
2014-10-15 16:02 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\system32\mscorier.dll
2014-10-15 16:02 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\system32\dfshim.dll
2014-10-15 16:02 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\system32\mscories.dll
2014-10-15 15:58 . 2014-07-17 01:39    3221504    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-15 15:58 . 2014-07-17 01:39    1051136    ----a-w-    c:\windows\system32\mstsc.exe
2014-10-15 15:56 . 2014-07-07 01:40    3208704    ----a-w-    c:\windows\system32\mf.dll
2014-09-30 22:29 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-22 03:07 . 2012-05-16 18:39    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-22 03:07 . 2012-05-16 18:39    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-10-02 19:53 . 2013-04-17 18:18    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-09 21:47 . 2014-09-24 20:04    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-23 01:46 . 2014-08-29 01:32    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-01 11:35 . 2014-09-10 01:33    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2012-03-05 8921400]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2012-03-05 8921400]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:50    1729232    ----a-w-    c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:50    1729232    ----a-w-    c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:50    1729232    ----a-w-    c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-02 22:31    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34    579400    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tiny download manager"="c:\users\Pc\AppData\Local\DM\TinyDM.exe" [2014-08-15 289752]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"BackupManagerTray"="c:\program files\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 187672]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-27 10889832]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2012-03-23 1105488]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 714120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-02 71944]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-08-19 2282272]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe [2012-01-18 111776]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2011-04-04 17408]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-02 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-04 414520]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-05-16 21600]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-05-16 16936]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-05-16 62240]
S1 wStLibG;wStLibG;c:\windows\system32\drivers\wStLibG.sys [2014-04-13 52928]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-02 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-02 67824]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2012-03-23 355920]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 738688]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 458464]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 NTServiceSystem;NTServiceSystem;c:\windows\system32\NTServer\service.exe [2012-12-27 91232]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-05-04 47104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-19 370728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-28 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2011-11-10 46080]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 01:53    1089352    ----a-w-    c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 03:07]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-05 16:02]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-05 16:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
Trusted Zone: sharepoint.com\livejohnshopkins
Trusted Zone: sharepoint.com\livejohnshopkins-my
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Pc\AppData\Roaming\Mozilla\Firefox\Profiles\jf8dwtno.default-1381697050573\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - prefs.js: network.proxy.http - proxy2.gazi.edu.tr
FF - prefs.js: network.proxy.http_port - 2001
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-WTA-f3ca668e-e0ec-4f59-877c-19703971e31a - c:\program files\WildTangent Games\Games\CurseatTwilight\uninstall\uninstaller.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files\WildTangent Games\App\Uninstall.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer - c:\program files\WildTangent Games\Touchpoints\acer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7536)
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Completion time: 2014-10-28  16:46:03
ComboFix-quarantined-files.txt  2014-10-28 20:46
.
Pre-Run: 194.886.369.280 bayt boş
Post-Run: 194.656.210.944 bayt boş
.
- - End Of File - - C129A43A4416704D9260E727473299B1
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Hi :)
 
I'd like to take a look with a different scanner.



51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    BASESERVICESdrivers32
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.