Jump to content

spigot.a


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2015 01
Ran by Tunc (administrator) on TUNC-PC (15-08-2015 22:34:11)
Running from C:\Users\Tunc\Downloads
Loaded Profiles: Tunc (Available Profiles: Tunc)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Tunc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Tunc\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-08-04] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\900\G2AWinLogon.dll [2013-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\Run: [] => [X]
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\Run: [Dropbox Update] => C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-15] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-05-26]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-05-26]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Tunc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tunc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk [2014-09-25]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmail.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001 -> DefaultScope {62E39AED-7EAE-46C9-ABBE-26DEE373A02C} URL =
SearchScopes: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001 -> {15257D10-D79B-4879-BA8C-52EC7D9373F5} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-05-26] (LastPass)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-05-26] (LastPass)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{09148399-F59E-47A1-9A7A-C0C0C27C889F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Tunc\AppData\Roaming\Mozilla\Firefox\Profiles\dccjn1ki.default-1439559959738
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-05-26] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-04] (NVIDIA Corporation)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-07-18] (Tencent)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1080754587-2029738980-2047957757-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Tunc\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-01] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [827272 2013-03-07] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32648 2013-03-07] (Broadcom Corporation)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\900\g2aservice.exe [13720 2013-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi.exe [2209568 2014-08-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Tunc\AppData\Local\Temp\7zS5C33\hpslpsvc32.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-03-14] (Advanced Micro Devices, Inc.)
S3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [42720 2013-10-10] (Broadcom Corporation)
S3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
R3 DPPCMFilter; C:\Windows\System32\DRIVERS\DPPCMFilter.sys [456960 2008-07-08] (NEC Corporation, NEC Personal Products, Ltd.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [526392 1999-12-31] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 1999-12-31] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7530736 2013-10-21] (Intel Corporation)
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-09-18] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [25328 2014-04-07] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-10-20] ()
R3 udsstub; C:\Windows\System32\DRIVERS\udsstub.sys [16000 2012-06-18] (SysNucleus)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 22:34 - 2015-08-15 22:35 - 00016166 _____ C:\Users\Tunc\Downloads\FRST.txt
2015-08-15 22:33 - 2015-08-15 22:34 - 00000000 ____D C:\FRST
2015-08-15 22:33 - 2015-08-15 22:33 - 01678336 _____ (Farbar) C:\Users\Tunc\Downloads\FRST(1).exe
2015-08-15 16:48 - 2015-08-15 16:48 - 00000000 ____D C:\Users\Tunc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-15 16:43 - 2015-08-15 21:49 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001UA.job
2015-08-15 16:43 - 2015-08-15 16:48 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001Core.job
2015-08-15 16:43 - 2015-08-15 16:43 - 00000000 ____D C:\Users\Tunc\AppData\Local\Dropbox
2015-08-15 16:43 - 2015-08-15 16:43 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-15 10:28 - 2015-08-15 22:13 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 10:28 - 2015-08-15 10:28 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-15 10:28 - 2015-08-15 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-15 10:27 - 2015-08-15 10:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-15 10:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 10:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-15 10:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-15 10:26 - 2015-08-15 10:26 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tunc\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-15 10:01 - 2015-08-15 10:01 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Tunc\Downloads\mbam-clean-2.1.1.1001.exe
2015-08-14 21:48 - 2015-08-14 21:48 - 00000000 ____D C:\Program Files\ESET
2015-08-14 20:38 - 2015-08-14 20:38 - 00000000 ____D C:\Users\Tunc\AppData\Local\GWX
2015-08-14 13:42 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 13:22 - 2015-07-28 16:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-14 13:22 - 2015-07-28 16:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-14 13:22 - 2015-07-28 16:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-14 13:22 - 2015-07-28 16:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-14 13:22 - 2015-07-28 16:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-14 13:22 - 2015-07-28 16:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-14 13:22 - 2015-07-28 16:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-14 13:22 - 2015-07-28 15:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-14 13:22 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-14 13:22 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-14 13:22 - 2015-07-20 13:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-14 13:22 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-14 13:22 - 2015-06-03 16:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-14 13:21 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-14 13:21 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-14 13:21 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-14 13:21 - 2015-06-15 17:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-14 13:21 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-14 13:21 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-14 13:21 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-14 13:21 - 2015-06-15 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-14 13:21 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-14 13:21 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-14 13:20 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-14 13:20 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-14 13:20 - 2015-07-15 13:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-14 13:20 - 2015-07-15 13:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-14 13:20 - 2015-07-15 13:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-14 13:20 - 2015-07-15 13:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-14 13:20 - 2015-07-15 13:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-14 13:20 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-14 13:20 - 2015-07-15 13:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-14 13:20 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-14 13:20 - 2015-07-15 13:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-14 13:20 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-14 13:20 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-14 13:20 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-14 13:20 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-14 13:20 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-14 13:20 - 2015-07-15 12:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-14 13:20 - 2015-07-15 12:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-14 13:20 - 2015-07-15 12:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-14 13:19 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-14 13:19 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-14 13:19 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-14 13:19 - 2015-07-16 11:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-14 13:19 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-14 13:19 - 2015-06-17 13:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-14 13:19 - 2015-04-10 23:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-08-14 13:18 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-14 13:18 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-14 13:18 - 2015-07-30 12:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-14 13:18 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-14 13:18 - 2015-05-25 14:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-14 13:18 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-14 13:17 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-14 13:17 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-08-14 13:17 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-08-14 13:17 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-08-14 13:17 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-08-14 13:17 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-08-14 13:17 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-08-14 13:17 - 2015-05-25 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-14 13:16 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-14 13:16 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-14 13:16 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-14 13:16 - 2015-07-16 15:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-14 13:16 - 2015-07-16 15:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 13:16 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 13:16 - 2015-07-16 15:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-14 13:16 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 13:16 - 2015-06-09 15:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-14 13:16 - 2015-06-09 15:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-14 13:16 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-14 13:16 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-14 13:16 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-14 13:16 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-14 13:15 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 13:15 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-14 13:15 - 2015-07-16 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 13:15 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 13:15 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-14 13:15 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 13:15 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-14 13:15 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-14 13:15 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 13:15 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-14 13:15 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 13:15 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 13:15 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-14 13:15 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 13:15 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-14 13:15 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 13:15 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 13:15 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 13:15 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 13:15 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 13:15 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 13:15 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-14 13:15 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 13:15 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-14 13:14 - 2015-07-14 22:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-14 13:14 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-14 13:12 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-14 13:12 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-08-14 13:12 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-08-14 13:12 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-08-14 13:11 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-14 13:11 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-14 13:11 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-14 13:11 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-14 13:11 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-14 13:11 - 2015-05-08 23:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-14 13:11 - 2015-05-08 23:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-14 13:11 - 2015-05-08 23:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-14 13:11 - 2015-05-08 23:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-14 13:11 - 2015-05-08 23:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 23:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 21:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 13:11 - 2015-05-08 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 13:11 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-08-14 13:01 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 22:24 - 2009-07-14 00:34 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-15 22:24 - 2009-07-14 00:34 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-15 22:19 - 2015-04-22 22:31 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-15 22:19 - 2012-02-08 14:47 - 00788414 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 22:17 - 2014-09-04 15:11 - 00000000 ___RD C:\Users\Tunc\Documents\Dropbox
2015-08-15 22:17 - 2014-09-04 15:02 - 00000000 ____D C:\Users\Tunc\AppData\Roaming\Dropbox
2015-08-15 22:16 - 2014-03-20 12:19 - 01124235 ____N C:\Windows\WindowsUpdate.log
2015-08-15 22:11 - 2012-09-17 15:41 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-15 22:11 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 10:27 - 2014-01-27 14:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-15 07:36 - 2014-09-20 18:46 - 00000000 ____D C:\Users\Tunc\AppData\Roaming\Wondershare
2015-08-15 07:36 - 2014-09-20 18:46 - 00000000 ____D C:\Users\Tunc\.android
2015-08-15 07:36 - 2014-09-20 18:46 - 00000000 ____D C:\Program Files\Wondershare
2015-08-15 07:36 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-15 07:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-08-15 02:53 - 2014-10-20 13:04 - 00000000 ____D C:\ProgramData\TweakBit
2015-08-14 20:59 - 2015-01-05 11:39 - 00000000 __SHD C:\Users\Tunc\AppData\Local\EmieBrowserModeList
2015-08-14 20:59 - 2014-04-15 16:18 - 00000000 __SHD C:\Users\Tunc\AppData\Local\EmieUserList
2015-08-14 20:59 - 2014-04-15 16:18 - 00000000 __SHD C:\Users\Tunc\AppData\Local\EmieSiteList
2015-08-14 20:32 - 2013-02-18 09:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-14 20:29 - 2014-12-10 04:49 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 20:29 - 2014-04-28 06:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-14 15:07 - 2012-02-08 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 15:05 - 2012-02-08 17:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 15:01 - 2013-02-15 14:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 14:50 - 2013-07-11 07:56 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 13:45 - 2009-07-13 22:04 - 00000645 _____ C:\Windows\win.ini
2015-08-14 10:14 - 2015-05-17 08:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-28 11:01 - 2012-02-08 15:04 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-26 18:55 - 2014-05-26 18:55 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-06-19 08:15 - 2014-06-19 08:15 - 0000024 _____ () C:\Users\Tunc\AppData\Roaming\temp.ini
2014-11-25 16:25 - 2014-11-25 16:25 - 0000000 _____ () C:\Users\Tunc\AppData\Local\{24ACD070-02BA-4A9C-BB14-451535418C78}
2013-08-14 12:17 - 2013-08-14 12:17 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Tunc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe4s8no.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-14 17:40

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-08-2015 01
Ran by Tunc (2015-08-15 22:36:55)
Running from C:\Users\Tunc\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1080754587-2029738980-2047957757-500 - Administrator - Disabled)
Guest (S-1-5-21-1080754587-2029738980-2047957757-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1080754587-2029738980-2047957757-1003 - Limited - Enabled)
Tunc (S-1-5-21-1080754587-2029738980-2047957757-1001 - Administrator - Enabled) => C:\Users\Tunc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer (HKLM\...\{8022CB10-15F8-43C6-AA18-6A38AEDD86B6}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dropbox (HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Efficient Address Book Free 3.62 (HKLM\...\Efficient Address Book Free_is1) (Version:  - Efficient Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.900 - Citrix Online, a division of Citrix Systems, Inc.)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{5696CE5E-FD09-4DFF-82CE-DB87229F03DD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Integrated Webcam Driver (1.03.02.0919)   (HKLM\...\Creative OA001) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{2BF67B4B-7C5E-4045-8766-BB44838DC61A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 340.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.66 - NVIDIA Corporation)
NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SQL Server System CLR Types (HKLM\...\{C9FD9DF2-D92B-4321-A338-52961FECE249}) (Version: 10.1.2531.0 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tunc\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Tunc\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-05-2015 09:32:13 Removed Motorola Mobile Drivers Installation 6.3.0
14-08-2015 09:53:38 Windows Update
14-08-2015 13:38:21 Windows Update
15-08-2015 02:58:43 Removed Java 8 Update 31
15-08-2015 07:26:38 Removed QuickTime 7
15-08-2015 07:32:30 Removed Apple Software Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32169EBF-34DA-4684-8D09-4BDF9F1B9568} - System32\Tasks\HP AR Program Upload - 04b8e15cc88242f0b42c86c1e089965ef2166cc0b444477c994c0aa99ee5414a => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {3E3EF207-34AA-4915-A14C-A016AFA26103} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4619C8F6-CA9F-4A59-9550-5849413EB3C4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001UA => C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-15] (Dropbox, Inc.)
Task: {4E44B616-8AB2-4F7D-AE5D-EC80A55C2AEB} - System32\Tasks\HP AR Program Upload - e28b97c7ea384e2d871b7a14527cf1ae709db8bc95174e248c2d0a4c6c7ecc7b => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {55B6A9E6-A68C-4033-B42C-37FDCFE2000B} - System32\Tasks\HP AR Program Upload - 47caf973155a4d12a786c40ac095cb563d8843e381e546489e9ebbfbe9669bb9 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6F4D7F1E-5E2E-4484-B9B1-1ECBEE1EE1A4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {797F97CF-E1DB-4754-815F-475199C8180D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001Core => C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-15] (Dropbox, Inc.)
Task: {7DC8CBD4-F4CB-4ABE-9107-5C493425242A} - System32\Tasks\UpdaterEX => C:\Users\Tunc\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C1251A19-384C-4392-8E47-47AD28F55997} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C886E302-23E1-40ED-8CD6-BDC2ABA0ED55} - System32\Tasks\HP AR Program Upload - 08f47d53d8624f1592db9659308ae8f2c1af00fba13c435a9a839f5dda8568c6 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E50E0A29-7683-499C-96EC-2D482654B576} - System32\Tasks\HP AR Program Upload - 63676c1e3e564f5b987d3adb1d38f9372d9e26275e4b4dd0960a0d9c71458694 => C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F2E999D5-521A-431A-8225-5A494EDFFB60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {FD90C6D0-6C2F-4D02-B49E-96D769A99EEB} - \GlaryInitialize 5 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001Core.job => C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1080754587-2029738980-2047957757-1001UA.job => C:\Users\Tunc\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => 0x010601006C0B05158EAADE42B56B8D76592F28244600EE000000000044440000200000000014730F0000000003130400002000010000000000000000000000000000000000003D0043003A005C00550073006500720073005C00540075006E0063005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B00000000000500540075006E00630000000000000008000313040000000000010030000000D2070300070000000000000009001400A00500003C0000000000000001000000010000000000000000000000

==================== Loaded Modules (Whitelisted) ==============

2014-09-04 15:22 - 2014-08-04 15:15 - 02209568 _____ () C:\Windows\system32\nvwmi.exe
2012-09-17 15:40 - 2014-08-04 13:43 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-08-15 22:13 - 2015-08-15 22:13 - 00071168 _____ () c:\users\tunc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe4s8no.dll
2015-08-15 16:48 - 2015-08-05 16:49 - 00012800 _____ () C:\Users\Tunc\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-15 16:48 - 2015-08-05 16:49 - 00779776 _____ () C:\Users\Tunc\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-15 16:48 - 2015-08-05 16:49 - 00056320 _____ () C:\Users\Tunc\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-15 16:48 - 2015-08-05 16:49 - 00012288 _____ () C:\Users\Tunc\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-02-04 22:42 - 2015-01-23 06:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1080754587-2029738980-2047957757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tunc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
MSCONFIG\startupreg: MotoCast =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "c:\program files\skype\phone\skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8643BA7D-C1E1-4B04-A355-3F7FC0116CC2}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2AC63FB6-4676-43EC-B204-86EFBFB646A3}] => (Allow) LPort=2869
FirewallRules: [{FE4E7BE5-8BD0-48D8-8C8B-08009AE81980}] => (Allow) LPort=1900
FirewallRules: [{1FA62C85-92F9-4822-B96E-33B47A70C27D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{48901EED-001A-44F3-9A8F-E2BC037B3581}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{215B9630-D9AE-4949-91DD-1B330B84C8BA}] => (Allow) LPort=50000
FirewallRules: [{B59B4A55-3EB7-4650-B309-612334C75DB5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{57879401-D68B-4A01-87BC-30F9BE73313D}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{091FB4CC-B5EC-45C5-BFF7-F779F7FC52C8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{9D45FF4B-930C-43A2-B62E-28F3474B6794}] => (Allow) C:\Users\Tunc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB400F97-BADB-4D74-9A2D-08C3CAB3F73B}] => (Allow) C:\Users\Tunc\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9F74A179-BD79-4A08-ADBA-4B705F485B44}C:\users\tunc\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tunc\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{89C87D1F-5592-48D7-894C-16B9DC510615}C:\users\tunc\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tunc\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7972779A-1D30-4371-B089-A79B12CAB8C8}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{F04C188B-806F-4328-8080-30CE79D5BFE6}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{6392C153-55A8-4AB5-B385-CD914F3AEDFF}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{A0A165E4-9430-447C-B083-E45A1576F73B}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{39A1A44A-2BA2-48C5-90CC-EDE77F44DC7C}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2B0ABE99-F8DE-411D-8ABA-1C78400AC856}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3E1471C6-3482-4A5E-9AE0-EDB1D76990F2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{76594077-0FD0-4FD1-B03E-4F4F22E27641}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 4620 series
Description: Officejet 4620 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2015 12:27:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69d9f
Exception code: 0xc000000d
Fault offset: 0x000980c9
Faulting process id: 0x74c
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (08/15/2015 10:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Exception code: 0x40000015
Fault offset: 0x0008f796
Faulting process id: 0x1328
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (08/15/2015 09:40:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner.exe version 4.18.0.4844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1560

Start Time: 01d0d74f49205856

Termination Time: 63

Application Path: C:\Program Files\CCleaner\CCleaner.exe

Report Id: 32131e76-4353-11e5-a894-0024e89d3fb3

Error: (08/14/2015 08:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.7.2.4667, time stamp: 0x54bd3245
Faulting module name: carboniteservice.exe, version: 5.7.2.4667, time stamp: 0x54bd3245
Exception code: 0xc0000005
Fault offset: 0x00139435
Faulting process id: 0x774
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (08/14/2015 05:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/14/2015 02:52:10 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (08/14/2015 09:38:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FlashUtil32_18_0_0_129_ActiveX.exe version 18.0.0.129 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17dc

Start Time: 01d0d6965369b065

Termination Time: 62

Application Path: C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_129_ActiveX.exe

Report Id: b5f97c46-4289-11e5-95e9-0024e89d3fb3

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/15/2015 10:15:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/15/2015 10:15:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (08/15/2015 10:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (08/15/2015 10:14:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (08/15/2015 10:13:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053

Error: (08/15/2015 10:13:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (08/15/2015 10:12:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (08/15/2015 12:31:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/15/2015 12:31:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/15/2015 12:30:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1053


Microsoft Office:
=========================
Error: (08/15/2015 12:27:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc100ntdll.dll6.1.7601.1893355a69d9fc000000d000980c974c01d0d76382d7c68fC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll7b5c5801-436a-11e5-a98b-0024e89d3fb3

Error: (08/15/2015 10:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f796132801d0d6f6ac9d92c5C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe46c8ba25-4356-11e5-a894-0024e89d3fb3

Error: (08/15/2015 09:40:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner.exe4.18.0.4844156001d0d74f4920585663C:\Program Files\CCleaner\CCleaner.exe32131e76-4353-11e5-a894-0024e89d3fb3

Error: (08/14/2015 08:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.7.2.466754bd3245carboniteservice.exe5.7.2.466754bd3245c00000050013943577401d0d6f200398f0dC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe498330a4-42e5-11e5-8b6f-0024e89d3fb3

Error: (08/14/2015 05:41:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet 4620 series\DriverStore\Pipeline\amd64\hpinkins6412.exe

Error: (08/14/2015 02:52:10 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (08/14/2015 09:38:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FlashUtil32_18_0_0_129_ActiveX.exe18.0.0.12917dc01d0d6965369b06562C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_129_ActiveX.exeb5f97c46-4289-11e5-95e9-0024e89d3fb3

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/14/2015 09:25:34 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P9600 @ 2.66GHz
Percentage of memory in use: 69%
Total physical RAM: 1971.9 MB
Available physical RAM: 593.6 MB
Total Virtual: 3943.8 MB
Available Virtual: 2273.75 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:148.95 GB) (Free:100.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 89F77F14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================

Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,
 
Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number



Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)
Started On Mon Aug 17 06:49:28 2015

Engine: 1.1.11903.0
Signatures: 1.203.693.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Aug 17 07:06:47 2015


Return code: 0 (0x0)

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 22:44:48
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Tunc - TUNC-PC
# Running from : C:\Users\Tunc\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\DriverToolkit
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\TweakBit
[!] Folder Not Deleted : C:\Users\All Users\TweakBit
[-] Folder Deleted : C:\Users\Public\Documents\tencent
[-] Folder Deleted : C:\Users\Tunc\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Tunc\AppData\Local\Innovative Solutions
[-] Folder Deleted : C:\Users\Tunc\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Tunc\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Tunc\daemonprocess.txt
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\Tune
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Tune
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [2073 octets] - [16/08/2015 22:44:48]
C:\AdwCleaner[s1].txt - [1960 octets] - [16/08/2015 22:40:57]

########## EOF - C:\AdwCleaner[C1].txt - [2199 octets] ##########

Fix result of Farbar Recovery Scan Tool (x86) Version:16-08-2015
Ran by Tunc (2015-08-16 21:22:24) Run:1
Running from C:\Users\Tunc\Downloads
Loaded Profiles: Tunc (Available Profiles: Tunc)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
Task: {7DC8CBD4-F4CB-4ABE-9107-5C493425242A} - System32\Tasks\UpdaterEX => C:\Users\Tunc\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Tunc\AppData\Roaming\UPDATE~1
Task: {FD90C6D0-6C2F-4D02-B49E-96D769A99EEB} - \GlaryInitialize 5 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => 0x010601006C0B05158EAADE42B56B8D76592F28244600EE000000000044440000200000000014730F0000000003130400002000010000000000000000000000000000000000003D0043003A005C00550073006500720073005C00540075006E0063005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005500500044004100540045007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B00000000000500540075006E00630000000000000008000313040000000000010030000000D2070300070000000000000009001400A00500003C0000000000000001000000010000000000000000000000
C:\Windows\Tasks\UpdaterEX.job
Emptytemp:
End
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DC8CBD4-F4CB-4ABE-9107-5C493425242A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DC8CBD4-F4CB-4ABE-9107-5C493425242A}" => key removed successfully.
C:\Windows\System32\Tasks\UpdaterEX => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully.
C:\Users\Tunc\AppData\Roaming\UPDATE~1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD90C6D0-6C2F-4D02-B49E-96D769A99EEB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD90C6D0-6C2F-4D02-B49E-96D769A99EEB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize 5" => key removed successfully.
C:\Windows\Tasks\UpdaterEX.job => moved successfully.
"C:\Windows\Tasks\UpdaterEX.job" => File/Folder not found.
EmptyTemp: => 795.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:23:29 ====

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x86
Ran by Tunc on Mon 08/17/2015 at  6:01:08.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Tunc\AppData\Roaming\iobit\driver booster



~~~ FireFox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/17/2015 at  6:09:09.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2015
Scan Time: 9:42 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tunc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318063
Time Elapsed: 40 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.