Solved Strong trojan "spy.zbot.yw"

[Ian Sule]

Hello. My notebook has been attacked by a strong virus namely "spy.zbot.yw" 10 days ago. I tried to delete it from system by using combofix, eset nod 32, spy bot search & destroy, junkware removal tool, Rogue Killer, security check etc. Although virus has been deleted, it has appeared again. When Internet Explorer or Chrome browsers have been used, some fake warnings from google, including, "your flash player should be updated, your browser should be updated, please enter facebook and gmail accounts" etc has appeared. I have updated flash player and java by removing old java version and cache java memory using javara software. Unfortunately, two laptops have been immediately affected from virus when they have been used in our home network. How do I know if my DSL has been attacked from outer source or a virus problem has affected our laptops? Pum HJ has been detected by adw cleaner software.Is problem relevant to use of old ADSL usage which has not been updated since 3 years? Here is my tds killer, mbam, dds, tds and Rkill report. I can not use gmail, because when I try to connect gmail, update warnings lead to complication. Thank you for your helpings.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Please read our preliminaries: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
I only need logs mentioned there.
...and all logs have to be pasted not attached.

 

[Ian Sule]

Hello. The logs of the mbam and dds were given respectively. I hope your instructions were implemented properly. Thanks for your interest.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05.04.2014
Scan Time: 02:26:54
Logfile: tech-mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.09
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275125
Time Elapsed: 50 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
-----------------------------------------------------------------

DDS LOG
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by pc at 3:01:41 on 2014-04-05
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.6039.3113 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\lkads.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\SysWOW64\lkcitdl.exe
C:\windows\SysWOW64\lktsrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.tr/
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 68.168.98.196 8.8.8.8
TCP: Interfaces\{B7D8481C-6EED-4716-A734-C513E9D6B1CC} : DHCPNameServer = 68.168.98.196 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-3-20 32896]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-19 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-18 235520]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-19 127320]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-19 164184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-29 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-29 857912]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-14 31624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-27 171416]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-19 362840]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-9 163456]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-9 551552]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2012-8-24 86016]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2012-3-26 14748416]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-3-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-3-28 119512]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-19 685160]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-27 3921880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NOBU;Norton Online Backup;"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [?]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-27 1042272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-8-24 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\System32\drivers\ewusbwwan.sys [2012-8-24 421376]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2012-8-24 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-9 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2012-5-19 314472]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-9 30208]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-04 13:53:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\offreg.dll
2014-04-04 04:02:13 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-04-04 02:46:41 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-04 02:01:04 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\mpengine.dll
2014-04-03 16:28:18 -------- d-----w- C:\AdwCleaner
2014-04-01 01:02:32 -------- d-----w- C:\ProgramData\HitmanPro
2014-03-31 22:38:04 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-03-31 20:57:43 -------- d-----w- C:\Users\pc\AppData\Roaming\ScanSpyware
2014-03-31 02:46:26 -------- d-----w- C:\Users\pc\AppData\Local\schoolmates
2014-03-31 02:41:01 -------- d-----w- C:\windows\Fated Haven - Chapter One
2014-03-31 02:41:01 -------- d-----w- C:\Program Files (x86)\Fated Haven - Chapter One
2014-03-29 23:21:03 -------- d-----w- C:\Users\pc\AppData\Roaming\TheFlyingDutchman
2014-03-29 23:20:27 -------- d-----w- C:\windows\The Flying Dutchman - In The Ghost Prison
2014-03-29 23:00:00 -------- d-----w- C:\Users\pc\AppData\Roaming\Picsoft
2014-03-29 22:59:06 -------- d-----w- C:\windows\Mini Robot Wars
2014-03-29 11:50:22 -------- d-----w- C:\windows\SysWow64\directx
2014-03-29 10:09:04 -------- d-----w- C:\windows\Puzzle Agent 2
2014-03-29 10:05:33 -------- d-----w- C:\Users\pc\AppData\Roaming\Meridian93
2014-03-29 10:03:09 -------- d-----w- C:\windows\Fruit Farm
2014-03-29 10:00:46 -------- d-----w- C:\ProgramData\Phenomedia
2014-03-29 02:41:54 -------- d-----w- C:\Users\pc\AppData\Local\Tales of Lagoona
2014-03-29 02:38:53 -------- d-----w- C:\Program Files (x86)\Tales of Lagoona - Orphans of the Ocean
2014-03-29 02:36:27 -------- d-----w- C:\Users\pc\AppData\Roaming\JQ
2014-03-29 02:34:15 -------- d-----w- C:\windows\Julia's Quest - United Kingdom
2014-03-29 02:28:36 -------- d-----w- C:\Users\pc\AppData\Roaming\HdO Adventure
2014-03-29 02:25:57 -------- d-----w- C:\Users\pc\AppData\Roaming\Boolat Games
2014-03-29 02:24:47 -------- d-----w- C:\windows\Timeless - The Forgotten Town Collector's Edition
2014-03-29 02:09:52 -------- d-----w- C:\Users\pc\AppData\Roaming\BULKYPIX
2014-03-29 02:06:24 -------- d-----w- C:\Program Files (x86)\Saving Private Sheep
2014-03-29 01:07:55 -------- d-----w- C:\Users\pc\AppData\Roaming\Mayan Puzzle
2014-03-29 01:07:33 -------- d-----w- C:\windows\Mayan Puzzle
2014-03-29 01:07:33 -------- d-----w- C:\Program Files (x86)\Mayan Puzzle
2014-03-28 22:04:31 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-03-28 22:04:31 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-03-28 22:04:31 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-28 22:04:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:10:41 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-28 15:51:39 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-03-26 22:07:46 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2014-03-26 22:07:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-26 20:22:45 -------- d-----w- C:\spybotSearch&Destroy
2014-03-26 19:55:56 98816 ----a-w- C:\windows\sed.exe
2014-03-26 19:55:56 256000 ----a-w- C:\windows\PEV.exe
2014-03-26 19:55:56 208896 ----a-w- C:\windows\MBR.exe
2014-03-26 19:48:30 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-26 02:33:24 2 --shatr- C:\windows\winstart.bat
2014-03-26 02:32:50 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-03-26 02:13:01 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-03-26 00:23:16 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-26 00:22:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-17 21:35:44 6574592 ----a-w- C:\windows\System32\mstscax.dll
2014-03-17 21:35:44 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-03-17 11:04:10 792576 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-03-17 11:04:10 1030144 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-03-13 02:39:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-13 02:39:34 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-03-13 02:39:33 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-03-13 02:39:33 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
.
==================== Find3M ====================
.
2014-04-04 03:45:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 03:45:16 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 3:01:57,35 ===============

--------------------------------------------------------------
ATTACH Log

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 24.08.2012 13:11:44
System Uptime: 04.04.2014 15:10:08 (12 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP350V5C-T01TR
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 352 GiB total, 205,548 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 325 GiB total, 129,293 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Aygıtı (Kişisel Alan Ağı)
Device ID: BTH\MS_BTHPAN\7&2B6183A3&0&2
Manufacturer: Microsoft
Name: Bluetooth Aygıtı (Kişisel Alan Ağı)
PNP Device ID: BTH\MS_BTHPAN\7&2B6183A3&0&2
Service: BthPan
.
==== System Restore Points ===================
.
RP189: 28.03.2014 23:25:30 - Geri Yükleme İşlemi
RP190: 01.04.2014 01:41:12 - Windows Update
RP191: 03.04.2014 18:56:06 - Windows Update
RP192: 03.04.2014 18:58:18 - Windows Update
RP193: 04.04.2014 02:37:14 - Installed SpyHunter
RP194: 04.04.2014 04:54:49 - Removed SpyHunter
RP195: 04.04.2014 07:01:06 - Installed Java 7 Update 51 (64-bit)
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ??????????? ??? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Ñîêğîâèùà Ìîíòåñóìû 3 Full
Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
Atheros Bluetooth Suite (64)
Atheros Client Installation Program
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Canon MP Navigator EX 2.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Digimizer
E-POP
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center
ESET NOD32 Antivirus
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript
GSview 5.0
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0
HI-TECH C51-lite V9.60PL0
HUAWEI DataCard Driver 4.22.16.00
Image Analyzer
Intel(R) Control Center
Intel(R) Display Audio Driver
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 51
Java 7 Update 51 (64-bit)
Junk Mail filter update
K-Lite Mega Codec Pack 9.2.0
Malwarebytes Anti-Malware 2.00.0.1000 sürümü
Math Kernel Libraries
Math Kernel Libraries (64-bit)
MATLAB R2010a
Mayan Puzzle
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Türkçe)
Microsoft .NET Framework 4.5.1 (TRK)
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678)
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Turkish) 2007
Microsoft Office InfoPath MUI (Turkish) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Turkish) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669)
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared 64-bit MUI (Spanish) 2007
Microsoft Office Shared 64-bit MUI (Turkish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (Spanish) 2007
Microsoft Office Visio MUI (Turkish) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665)
Microsoft Office Word MUI (Turkish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
National Instruments Software
NI-Mesa
NI .NET Framework 4.0
NI ActiveX Container
NI ActiveX Container (64-bit)
NI Authentication 12.0.0
NI Authentication 12.0.0 (64-bit)
NI Circuit Design Suite 12.0.1 Core
NI Circuit Design Suite 12.0.1 Pro
NI Circuit Design Suite 12.0.1 Pro Licenses
NI Curl 12.0.0
NI Curl 12.0.0 (64-bit)
NI Error Reporting 2012
NI EulaDepot
NI Example Finder 12.0
NI GMP Windows 32-bit Installer 12.0.0
NI GMP Windows 64-bit Installer 12.0.0
NI Help Assistant
NI Help Assistant (64bit)
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2012 Deployment Framework
NI LabVIEW 2012 Real-Time NBFifo
NI LabVIEW 2012 Run-Time Engine Web Server
NI LabVIEW Run-Time Engine 2011 SP1
NI LabVIEW Run-Time Engine 2012
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW Run-Time Engine Interop 2012
NI LabVIEW Web Server for Run-Time Engine
NI LabWindows/CVI 2010 SP1 Analysis Library
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
NI LabWindows/CVI 2010 SP1 Network Variable Library
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
NI LabWindows/CVI Run-Time Engine 2010 SP1
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
NI License Manager
NI Logos 5.4
NI Logos 5.4 (64-bit)
NI Logos XT Support
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MAX Remote Configuration 64-bit Installer 5.0
NI MAX Remote Configuration Installer 5.0
NI MDF Support
NI mDNS Responder 2.1 for Windows 64-bit
NI mDNS Responder 2.1.0
NI MetaSuite Installer
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
NI SSL LabVIEW RTE 2012 Support
NI SSL Support
NI SSL Support (64-bit)
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 12.0
NI System Web Server Base 12.0.0
NI System Web Server Base 12.0.0 (64-bit)
NI TDM Streaming 2.4
NI TDM Streaming 2.4 (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service 2.2.1
NI USI 2.0.0
NI USI 2.0.0 64-Bit
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI VC2010MSMs x64
NI VC2010MSMs x86
NI Web Application Server 12.0
NI Web Application Server 12.0 (64-bit)
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
Norton Online Backup
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
PX Profile Update
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Samsung Recovery Solution 5
Saving Private Sheep
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Skype™ 6.11
Software Launcher
SONAR X1 LE
Spybot - Search & Destroy
STDU Viewer version 1.6.186.0
Tales of Lagoona - Orphans of the Ocean
Turkcell 3G VINN
Tweaking.com - Windows Repair (All in One)
UltraISO Premium V9.53
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
USB Disk Security
VLC media player 2.0.3
WildTangent Games
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotoğraf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.00 (64-bit)
ZTE USB Driver
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Ian Sule]

Hello,
RKreport and Mbar logs were obtained and submitted. A new system restore point was created after RogueKiller process. It may be useful to say that when I try to connect Gmail, "ERR_CONNECTION_REFUSED" or "ERR_CONNECTION_TIMED_OUT" messages are shown. Thank you.
---------------------------------------
Here is RKreport

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
eposta : http://www.adlice.com/contact/
Geribesleme : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

İşletim Sistemi : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Zamanında başladı : Normal mod
Kullanıcı : pc [Yönetici Hakları]
Mod : Temizle -- Tarih : 04/06/2014 22:29:40
| ARK || FAK || MBR |

¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

¤¤¤ Kayıt Defteri Girişleri : 0 ¤¤¤

¤¤¤ Planlanmış Görevler : 0 ¤¤¤

¤¤¤ Başlangıç girişleri : 0 ¤¤¤

¤¤¤ Web Tarayıcıları : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Sürücü : [YÜKLENMEDİ 0x0] ¤¤¤

¤¤¤ Dışarıdaki kovanlar: ¤¤¤

¤¤¤ Bulaşma var : ¤¤¤

¤¤¤ HOSTS Dosyası: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com


¤¤¤ MBR Denetimi: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] e5fe430fd119eaef3710fab38e2568be
[BSP] 776471fc1e0a76640a1cbfda64cc83e7 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 360087 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 737665024 | Size: 332913 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1419470848 | Size: 22303 MB
User = LL1 ... OK!
User = LL2 ... OK!

Tamamlandı : << RKreport[0]_D_04062014_222940.txt >>
RKreport[0]_S_04062014_222934.txt

---------------------------------
Here is Mbar log
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
pc :: PC-BILGISAYAR [administrator]

06.04.2014 22:43:10
mbar-log-2014-04-06 (22-43-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272044
Time elapsed: 24 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
------------------------------------------
Here is system log
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6332583936, free: 3433709568

Downloaded database version: v2014.04.06.09
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8CAB691

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 737458176

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 737665024 Numsec = 681805824

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1419470848 Numsec = 45676544

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Non-administrative

Internet Explorer version: 11.0.9600.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6332583936, free: 4303405056

=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D8CAB691

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 737458176

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 737665024 Numsec = 681805824

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1419470848 Numsec = 45676544

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished

 

[Broni]

Which browser gives you problems with GMail?

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Ian Sule]

Hello,
Chrome browser was blocking the entrance to GMail before last ComboFix deletion process. Whereas, I can access my GMail account now.
IExplorer still gives me some fake warnings including "your flash player should be updated" or "message from gmail, facebook, enter your account". Sometimes in the first step in web-surfing, my home page google is being locked and fake warnings are being received. Specially these fake warnings come when I click youtube, gmail or google.
Combofix deletion has been successfully done in its first implementation unless encountering a rejection. Here is ComboFix report.
---------------------------------------------

ComboFix 14-04-06.01 - pc 07.04.2014 4:03.22.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.6039.3907 [GMT 3:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 01:18 . 2014-04-07 01:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-07 01:18 . 2014-04-07 01:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-04 04:02 . 2014-04-04 04:02 312744 ----a-w- c:\windows\system32\javaws.exe
2014-04-04 04:02 . 2014-04-04 04:02 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-04 04:02 . 2014-04-04 04:02 189352 ----a-w- c:\windows\system32\javaw.exe
2014-04-04 04:02 . 2014-04-04 04:02 189352 ----a-w- c:\windows\system32\java.exe
2014-04-04 04:01 . 2014-04-04 04:01 -------- d-----w- c:\program files\Java
2014-04-04 03:46 . 2014-04-04 03:46 -------- d-----w- c:\windows\Sun
2014-04-04 02:01 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\mpengine.dll
2014-04-03 16:28 . 2014-04-04 05:26 -------- d-----w- C:\AdwCleaner
2014-04-01 01:02 . 2014-04-04 03:37 -------- d-----w- c:\programdata\HitmanPro
2014-03-31 22:38 . 2014-04-04 00:03 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-31 20:57 . 2014-03-31 22:39 -------- d-----w- c:\users\pc\AppData\Roaming\ScanSpyware
2014-03-31 02:46 . 2014-03-31 02:46 -------- d-----w- c:\users\pc\AppData\Local\schoolmates
2014-03-31 02:41 . 2014-03-31 02:50 -------- d-----w- c:\program files (x86)\Fated Haven - Chapter One
2014-03-31 02:41 . 2014-03-31 02:41 -------- d-----w- c:\windows\Fated Haven - Chapter One
2014-03-29 23:21 . 2014-03-29 23:21 -------- d-----w- c:\users\pc\AppData\Roaming\TheFlyingDutchman
2014-03-29 23:20 . 2014-03-29 23:20 -------- d-----w- c:\windows\The Flying Dutchman - In The Ghost Prison
2014-03-29 23:00 . 2014-03-29 23:00 -------- d-----w- c:\users\pc\AppData\Roaming\Picsoft
2014-03-29 22:59 . 2014-03-29 22:59 -------- d-----w- c:\windows\Mini Robot Wars
2014-03-29 10:09 . 2014-03-29 10:09 -------- d-----w- c:\windows\Puzzle Agent 2
2014-03-29 10:05 . 2014-03-29 10:05 -------- d-----w- c:\users\pc\AppData\Roaming\Meridian93
2014-03-29 10:03 . 2014-03-29 10:03 -------- d-----w- c:\windows\Fruit Farm
2014-03-29 10:00 . 2014-03-29 10:00 -------- d-----w- c:\programdata\Phenomedia
2014-03-29 02:41 . 2014-03-29 02:41 -------- d-----w- c:\users\pc\AppData\Local\Tales of Lagoona
2014-03-29 02:38 . 2014-03-29 02:41 -------- d-----w- c:\program files (x86)\Tales of Lagoona - Orphans of the Ocean
2014-03-29 02:36 . 2014-03-29 02:36 -------- d-----w- c:\users\pc\AppData\Roaming\JQ
2014-03-29 02:34 . 2014-03-29 02:34 -------- d-----w- c:\windows\Julia's Quest - United Kingdom
2014-03-29 02:28 . 2014-03-29 02:28 -------- d-----w- c:\users\pc\AppData\Roaming\HdO Adventure
2014-03-29 02:25 . 2014-03-29 02:25 -------- d-----w- c:\users\pc\AppData\Roaming\Boolat Games
2014-03-29 02:24 . 2014-03-29 02:24 -------- d-----w- c:\windows\Timeless - The Forgotten Town Collector's Edition
2014-03-29 02:09 . 2014-03-29 02:09 -------- d-----w- c:\users\pc\AppData\Roaming\BULKYPIX
2014-03-29 02:06 . 2014-03-29 02:09 -------- d-----w- c:\program files (x86)\Saving Private Sheep
2014-03-29 01:07 . 2014-03-29 01:08 -------- d-----w- c:\users\pc\AppData\Roaming\Mayan Puzzle
2014-03-29 01:07 . 2014-03-29 01:07 -------- d-----w- c:\program files (x86)\Mayan Puzzle
2014-03-29 01:07 . 2014-03-29 01:07 -------- d-----w- c:\windows\Mayan Puzzle
2014-03-28 22:04 . 2014-04-06 21:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-28 22:04 . 2014-04-03 06:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-28 22:04 . 2014-04-03 06:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-28 22:04 . 2014-04-05 13:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:10 . 2014-03-28 21:57 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-03-28 15:51 . 2014-04-06 20:15 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-26 22:07 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-03-26 22:07 . 2014-03-28 21:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-03-26 20:22 . 2014-03-26 20:22 -------- d-----w- C:\spybotSearch&Destroy
2014-03-26 19:48 . 2014-04-01 00:35 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-26 02:33 . 2014-03-29 22:00 2 --shatr- c:\windows\winstart.bat
2014-03-26 02:32 . 2014-03-29 22:04 -------- d-----w- c:\program files (x86)\UnHackMe
2014-03-26 02:13 . 2014-03-26 02:13 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-03-26 00:23 . 2014-03-26 00:23 -------- d-----w- c:\program files\Enigma Software Group
2014-03-26 00:22 . 2014-03-28 21:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-03-17 21:35 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-03-17 21:35 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-03-17 11:04 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-17 11:04 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-13 02:39 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-13 02:39 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-13 02:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-13 02:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-04 03:45 . 2013-08-21 23:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-04 03:45 . 2013-08-21 23:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-17 11:08 . 2012-08-28 07:21 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2013-02-05 662728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:23 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 03:45]
.
2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 22:53]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef2b99b02ecfc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 22:53]
.
2014-04-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24]
.
2014-04-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tr/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Adobe PDF'ye dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağ Hedefini PDF’ye Dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Bağ Hedefini PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Varolan PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 68.168.98.196 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-07 04:41:10
ComboFix-quarantined-files.txt 2014-04-07 01:40
ComboFix2.txt 2014-04-04 02:46
ComboFix3.txt 2014-04-03 21:55
ComboFix4.txt 2014-04-03 21:15
ComboFix5.txt 2014-04-07 01:03
.
Pre-Run: 216.653.918.208 bayt boş
Post-Run: 216.335.835.136 bayt boş
.
- - End Of File - - 61A61FF0964E48274C5C9E24568E048F

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Ian Sule]

Dear Broni,

the scanning reports have been obtained, but OTL did not gave an extra.txt report although it was executed two times. It may be useful that some warnings appear when web pages are used:


1)From Chrome Browser: static.ak.facebook.com > web site message: warning! your flash player may be out of date. Please update to continue!

2)From Eset nod 32 antivirus:

a) www.google.com/pagead/drt/ui

b) static.ak.facebook.com/connect/xd_arbiter/wTH8UOosOYI.js?version=40and IP adress


Here are the logs.

PART 1

#AdwCleaner v3.023- Rapor olusturuldu 08/04/2014 tarihinde 15:24:42

# Guncellendi 01/04/2014 tarafindan Xplode

# Isletim sistemi : Windows 7 Home Basic Service Pack 1 (64 bits)

# Kullanici adi : pc - PC-BILGISAYAR

# Adwcleaner konumu : C:\Users\pc\Desktop\adwcleaner (1).exe

# Tarama turu : Temizle


***** [ Servisler ] *****


***** [ Dosyalar / Klasorler ] *****


***** [ Kisayollar ] *****


***** [ Registry ] *****


***** [ Tarayicilar ] *****


-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v33.0.1750.154


[ Dosya : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [847 octets] - [03/04/2014 19:28:25]

AdwCleaner[R1].txt - [906 octets] - [03/04/2014 23:46:09]

AdwCleaner[R2].txt - [979 octets] - [04/04/2014 00:18:02]

AdwCleaner[R3].txt - [1038 octets] - [04/04/2014 02:00:29]

AdwCleaner[R4].txt - [1099 octets] - [04/04/2014 02:37:44]

AdwCleaner[R5].txt - [1221 octets] - [04/04/2014 03:31:44]

AdwCleaner[R6].txt - [1220 octets] - [04/04/2014 05:48:40]

AdwCleaner[R7].txt - [1280 octets] - [04/04/2014 08:23:48]

AdwCleaner[R8].txt - [1404 octets] - [08/04/2014 15:23:24]

AdwCleaner[S0].txt - [970 octets] - [03/04/2014 23:47:36]

AdwCleaner[S1].txt - [1343 octets] - [04/04/2014 08:26:10]

AdwCleaner[S2].txt - [1327 octets] - [08/04/2014 15:24:42]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1387 octets] ##########

--------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Basic x64

Ran by pc on 08.04.2014 at 15:31:24,60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services


~~~ Registry Values


~~~ Registry Keys


~~~ Files


~~~ Folders


~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.04.2014 at 15:38:50,28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------

OTL logfile created on: 08.04.2014 15:41:49 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop

64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy


5,90 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 72,82% Memory free

11,79 Gb Paging File | 10,12 Gb Available in Paging File | 85,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 351,65 Gb Total Space | 204,34 Gb Free Space | 58,11% Space Free | Partition Type: NTFS

Drive F: | 325,11 Gb Total Space | 129,29 Gb Free Space | 39,77% Space Free | Partition Type: NTFS


Computer Name: PC-BILGISAYAR | User Name: pc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - [2014.04.08 15:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014.03.27 21:29:56 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

PRC - [2013.12.18 21:42:48 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2013.12.18 21:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013.09.12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2013.07.25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2013.02.05 15:27:26 | 000,662,728 | ---- | M] (Zbshareware Lab) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe

PRC - [2012.06.05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2012.06.05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe

PRC - [2012.06.05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe

PRC - [2012.05.31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

PRC - [2012.05.22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

PRC - [2012.04.18 13:50:02 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2012.04.18 13:49:58 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2012.04.18 13:49:38 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012.04.18 13:49:14 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

PRC - [2012.04.17 02:15:46 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

PRC - [2012.03.27 09:10:32 | 002,277,768 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

PRC - [2012.03.09 11:33:54 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2012.02.16 16:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2012.02.13 09:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

PRC - [2012.01.31 10:00:00 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

PRC - [2012.01.28 08:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

PRC - [2011.11.29 14:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.05.06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe



========== Modules (No Company Name) ==========


MOD - [2013.12.18 21:44:24 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\tr_TR\AcroTray.TUR

MOD - [2013.05.16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

MOD - [2013.05.16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

MOD - [2013.02.02 12:26:44 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\USB Disk Security\locales\turkish.dll

MOD - [2011.09.08 13:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

MOD - [2011.02.16 19:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll

MOD - [2006.08.12 06:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll



========== Services (SafeList) ==========


SRV:64bit: - [2014.03.01 07:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013.09.12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012.05.22 10:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)

SRV:64bit: - [2012.04.18 01:58:54 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012.03.06 20:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

SRV:64bit: - [2010.09.22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2014.04.04 06:45:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.12.18 21:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012.06.05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2012.06.05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)

SRV - [2012.06.05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)

SRV - [2012.05.31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)

SRV - [2012.05.22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)

SRV - [2012.05.22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)

SRV - [2012.04.18 13:50:02 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012.04.18 13:49:58 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012.04.18 13:49:38 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)

SRV - [2012.04.18 13:49:14 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012.03.26 14:32:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012.03.09 11:33:54 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)

SRV - [2012.03.09 11:11:54 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2012.02.13 09:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)

SRV - [2011.11.29 14:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011.05.06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

SRV - [2010.08.02 11:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)



========== Driver Services (SafeList) ==========


DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2014.04.08 15:28:08 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013.10.02 05:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013.09.17 16:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2013.09.17 16:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2013.09.17 16:17:38 | 000,157,432 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2012.12.09 19:58:37 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.12.09 19:58:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.04.18 13:49:24 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012.04.18 02:18:34 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012.04.18 00:57:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012.04.08 19:18:54 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012.03.26 14:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2012.03.26 14:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.03.20 00:15:54 | 000,032,896 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)

DRV:64bit: - [2012.03.19 12:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2012.03.09 15:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2012.03.09 11:22:58 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2012.03.09 11:22:18 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2012.03.09 11:22:00 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2012.03.09 11:21:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2012.03.09 11:21:06 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2012.03.09 11:20:48 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2012.03.09 11:20:30 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2012.03.09 11:20:12 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.27 14:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012.02.27 14:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012.02.27 14:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012.02.16 16:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011.12.12 13:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011.12.05 23:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011.11.29 13:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.09.22 08:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

DRV:64bit: - [2011.05.03 10:42:42 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.01.30 13:19:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV:64bit: - [2010.12.23 04:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)

DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.07.27 04:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV:64bit: - [2010.04.14 14:28:26 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}

IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7



IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}


IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr/

IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.255.91.47:4128



========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013.11.17 10:26:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.04.04 05:09:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.11.17 10:26:29 | 000,000,000 | ---D | M]


[2013.02.20 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\extensions

[2012.10.16 21:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions


========== Chrome ==========


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\pc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npo1d.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

CHR - Extension: Web Navigation = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_1\

CHR - Extension: Web Navigation = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_1\.bak

CHR - Extension: Google Cüzdan = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

END OF PART 1

 

[Ian Sule]

PART 2

O1 HOSTS File: ([2014.04.03 23:41:27 | 000,000,492 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.168.98.196 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8481C-6EED-4716-A734-C513E9D6B1CC}: DhcpNameServer = 68.168.98.196 8.8.8.8

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014.03.26 03:23:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========


[2014.04.08 15:40:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

[2014.04.08 15:29:17 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\pc\Desktop\JRT.exe

[2014.04.07 22:51:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014.04.07 22:51:39 | 000,000,000 | ---D | C] -- C:\windows\temp

[2014.04.07 22:43:27 | 000,000,000 | ---D | C] -- C:\ComboFix

[2014.04.07 03:53:14 | 005,195,663 | R--- | C] (Swearware) -- C:\Users\pc\Desktop\ComboFix.exe

[2014.04.06 22:40:37 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\mbarrrt

[2014.04.06 22:34:46 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\pc\Desktop\mbar-1.07.0.1009.exe

[2014.04.06 05:49:31 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\MP ^^

[2014.04.06 02:18:54 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Videos – Audioslides_files

[2014.04.06 00:44:47 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\ECG MATLAB

[2014.04.05 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\ebooookkkss

[2014.04.05 06:41:05 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Phil_Collins-Greatest_Hits_2010

[2014.04.04 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums_files

[2014.04.04 07:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2014.04.04 06:46:54 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2014.04.04 06:36:03 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide)_files

[2014.04.04 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\pearl

[2014.04.03 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\java C matlab

[2014.04.03 19:28:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014.04.01 04:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2014.04.01 04:01:30 | 010,971,424 | ---- | C] (SurfRight B.V.) -- C:\Users\pc\Desktop\HitmanPro_x64.exe

[2014.04.01 03:45:24 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\RK_Quarantine

[2014.04.01 03:31:00 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions)_files

[2014.04.01 01:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2014.03.31 23:57:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\ScanSpyware

[2014.03.31 23:55:29 | 004,233,347 | ---- | C] (ScanSpyware.Net ) -- C:\Users\pc\Desktop\ScanSpyware_3.9.2.2.exe

[2014.03.31 05:46:26 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\schoolmates

[2014.03.31 05:41:01 | 000,000,000 | ---D | C] -- C:\windows\Fated Haven - Chapter One

[2014.03.31 05:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fated Haven - Chapter One

[2014.03.30 02:21:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TheFlyingDutchman

[2014.03.30 02:20:27 | 000,000,000 | ---D | C] -- C:\windows\The Flying Dutchman - In The Ghost Prison

[2014.03.30 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Picsoft

[2014.03.30 01:59:06 | 000,000,000 | ---D | C] -- C:\windows\Mini Robot Wars

[2014.03.30 01:00:06 | 015,320,504 | ---- | C] (Greatis Software, LLC. ) -- C:\Users\pc\Desktop\unhackme_setup.exe

[2014.03.29 14:50:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx

[2014.03.29 13:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Telltale Games

[2014.03.29 13:09:04 | 000,000,000 | ---D | C] -- C:\windows\Puzzle Agent 2

[2014.03.29 13:05:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Meridian93

[2014.03.29 13:03:09 | 000,000,000 | ---D | C] -- C:\windows\Fruit Farm

[2014.03.29 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia

[2014.03.29 05:41:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Tales of Lagoona

[2014.03.29 05:41:06 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tales of Lagoona - Orphans of the Ocean

[2014.03.29 05:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tales of Lagoona - Orphans of the Ocean

[2014.03.29 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\JQ

[2014.03.29 05:34:15 | 000,000,000 | ---D | C] -- C:\windows\Julia's Quest - United Kingdom

[2014.03.29 05:28:36 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\HdO Adventure

[2014.03.29 05:25:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Boolat Games

[2014.03.29 05:24:47 | 000,000,000 | ---D | C] -- C:\windows\Timeless - The Forgotten Town Collector's Edition

[2014.03.29 05:09:52 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\BULKYPIX

[2014.03.29 05:09:40 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saving Private Sheep

[2014.03.29 05:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saving Private Sheep

[2014.03.29 04:07:55 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Mayan Puzzle

[2014.03.29 04:07:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mayan Puzzle

[2014.03.29 04:07:33 | 000,000,000 | ---D | C] -- C:\windows\Mayan Puzzle

[2014.03.29 04:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mayan Puzzle

[2014.03.29 01:04:31 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

[2014.03.29 01:04:31 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

[2014.03.29 01:04:31 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2014.03.29 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014.03.29 00:55:10 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-2.0.0.1000 (1) - Kopya.exe

[2014.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware

[2014.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Anti-Malware

[2014.03.28 18:51:39 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.03.27 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\ProcAlyzer Dumps

[2014.03.27 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums_files

[2014.03.27 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\çöp

[2014.03.27 01:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2014.03.27 01:07:46 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe

[2014.03.27 01:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2014.03.26 23:22:45 | 000,000,000 | ---D | C] -- C:\spybotSearch&Destroy

[2014.03.26 22:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2014.03.26 22:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2014.03.26 22:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2014.03.26 22:48:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2014.03.26 21:41:23 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014.03.26 05:33:20 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\RegRun2

[2014.03.26 05:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe

[2014.03.26 05:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group

[2014.03.26 03:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2014.03.26 03:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2014.03.25 02:56:16 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\twist measurement dsp

[2014.03.24 05:27:14 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\E B O O K simulink sensor mems nano biologic chemical snsor mechatronics photonics PIC simulinl

[2014.03.17 14:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2014.03.17 14:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2014.03.17 14:13:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2014.03.17 03:02:57 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\cihan ödev son


========== Files - Modified Within 30 Days ==========


[2014.04.08 15:45:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

[2014.04.08 15:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

[2014.04.08 15:35:00 | 000,001,020 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cef2b99b02ecfc.job

[2014.04.08 15:34:27 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014.04.08 15:34:27 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014.04.08 15:29:25 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\pc\Desktop\JRT.exe

[2014.04.08 15:29:00 | 000,000,814 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014.04.08 15:28:08 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.04.08 15:26:02 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

[2014.04.08 15:25:59 | 000,001,008 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014.04.08 15:25:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014.04.08 15:25:46 | 2037,616,639 | -HS- | M] () -- C:\hiberfil.sys

[2014.04.08 15:22:35 | 001,426,178 | ---- | M] () -- C:\Users\pc\Desktop\adwcleaner (1).exe

[2014.04.08 15:02:18 | 001,570,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014.04.08 15:02:18 | 000,656,940 | ---- | M] () -- C:\windows\SysNative\perfh01F.dat

[2014.04.08 15:02:18 | 000,654,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014.04.08 15:02:18 | 000,140,336 | ---- | M] () -- C:\windows\SysNative\perfc01F.dat

[2014.04.08 15:02:18 | 000,122,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014.04.08 00:37:54 | 005,295,612 | ---- | M] () -- C:\Users\pc\Desktop\pisa 2012 Creative Problem Solving.pdf

[2014.04.07 03:54:13 | 005,195,663 | R--- | M] (Swearware) -- C:\Users\pc\Desktop\ComboFix.exe

[2014.04.07 00:31:05 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

[2014.04.06 22:35:08 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\pc\Desktop\mbar-1.07.0.1009.exe

[2014.04.06 22:23:18 | 003,972,608 | ---- | M] () -- C:\Users\pc\Desktop\RogueKiller.exe

[2014.04.06 03:54:18 | 000,007,168 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014.04.06 02:18:54 | 000,050,078 | ---- | M] () -- C:\Users\pc\Desktop\Videos – Audioslides.htm

[2014.04.06 00:51:21 | 000,608,968 | ---- | M] () -- C:\Users\pc\Desktop\SignalProcessingofECGSignalsinMatlab.pdf

[2014.04.05 16:55:51 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014.04.05 06:56:17 | 000,043,703 | -HS- | M] () -- C:\Users\pc\Desktop\Folder.jpg

[2014.04.05 06:56:17 | 000,009,134 | -HS- | M] () -- C:\Users\pc\Desktop\AlbumArtSmall.jpg

[2014.04.04 07:40:25 | 000,309,815 | ---- | M] () -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums.htm

[2014.04.04 06:36:02 | 000,067,361 | ---- | M] () -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide).htm

[2014.04.04 05:10:07 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

[2014.04.04 03:03:58 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif

[2014.04.03 23:41:27 | 000,000,492 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2014.04.03 21:20:38 | 000,987,448 | ---- | M] () -- C:\Users\pc\Desktop\SecurityCheck.exe

[2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

[2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2014.04.01 04:03:11 | 010,971,424 | ---- | M] (SurfRight B.V.) -- C:\Users\pc\Desktop\HitmanPro_x64.exe

[2014.04.01 03:38:14 | 000,430,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014.04.01 03:31:00 | 000,050,826 | ---- | M] () -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions).htm

[2014.04.01 01:28:59 | 000,000,805 | ---- | M] () -- C:\windows\ScanSpyware.INI

[2014.03.31 23:55:40 | 004,233,347 | ---- | M] (ScanSpyware.Net ) -- C:\Users\pc\Desktop\ScanSpyware_3.9.2.2.exe

[2014.03.31 21:09:19 | 003,640,880 | ---- | M] () -- C:\Users\pc\Desktop\avg_remover_zbot.exe

[2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\winstart.bat

[2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\CONFIG.NT

[2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\AUTOEXEC.NT

[2014.03.29 14:52:08 | 000,000,912 | ---- | M] () -- C:\Users\pc\Desktop\Ñîêğîâèùà Ìîíòåñóìû 3.lnk

[2014.03.29 13:00:35 | 000,430,026 | ---- | M] () -- C:\Users\pc\Desktop\3-66.jpg

[2014.03.29 05:41:06 | 000,002,184 | ---- | M] () -- C:\Users\pc\Desktop\Tales of Lagoona - Orphans of the Ocean.lnk

[2014.03.29 05:09:40 | 000,002,041 | ---- | M] () -- C:\Users\pc\Desktop\Saving Private Sheep.lnk

[2014.03.29 04:07:36 | 000,001,906 | ---- | M] () -- C:\Users\pc\Desktop\Mayan Puzzle.lnk

[2014.03.29 00:55:02 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-2.0.0.1000 (1) - Kopya.exe

[2014.03.28 14:02:22 | 015,320,504 | ---- | M] (Greatis Software, LLC. ) -- C:\Users\pc\Desktop\unhackme_setup.exe

[2014.03.27 22:01:28 | 000,256,130 | ---- | M] () -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums.htm

[2014.03.27 01:07:59 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2014.03.26 03:23:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2014.03.19 16:17:47 | 002,451,517 | ---- | M] () -- C:\Users\pc\Desktop\1 mayis A Computer Based Discrimination Method for the Repetitive and Stochastic Defects on Fancy Yarns Based on Stochastic Signal Processing aOnarıldı).pdf

[2014.03.15 19:25:52 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk


========== Files Created - No Company Name ==========


[2014.04.08 15:22:27 | 001,426,178 | ---- | C] () -- C:\Users\pc\Desktop\adwcleaner (1).exe

[2014.04.08 00:37:53 | 005,295,612 | ---- | C] () -- C:\Users\pc\Desktop\pisa 2012 Creative Problem Solving.pdf

[2014.04.06 22:23:47 | 003,972,608 | ---- | C] () -- C:\Users\pc\Desktop\RogueKiller.exe

[2014.04.06 02:18:53 | 000,050,078 | ---- | C] () -- C:\Users\pc\Desktop\Videos – Audioslides.htm

[2014.04.06 00:51:21 | 000,608,968 | ---- | C] () -- C:\Users\pc\Desktop\SignalProcessingofECGSignalsinMatlab.pdf

[2014.04.05 16:55:51 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014.04.05 06:56:17 | 000,043,703 | -HS- | C] () -- C:\Users\pc\Desktop\Folder.jpg

[2014.04.05 06:56:17 | 000,009,134 | -HS- | C] () -- C:\Users\pc\Desktop\AlbumArtSmall.jpg

[2014.04.04 07:40:20 | 000,309,815 | ---- | C] () -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums.htm

[2014.04.04 06:35:54 | 000,067,361 | ---- | C] () -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide).htm

[2014.04.03 21:20:49 | 000,987,448 | ---- | C] () -- C:\Users\pc\Desktop\SecurityCheck.exe

[2014.04.01 03:30:55 | 000,050,826 | ---- | C] () -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions).htm

[2014.04.01 01:38:24 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif

[2014.03.31 23:59:09 | 000,000,805 | ---- | C] () -- C:\windows\ScanSpyware.INI

[2014.03.31 21:09:08 | 003,640,880 | ---- | C] () -- C:\Users\pc\Desktop\avg_remover_zbot.exe

[2014.03.29 14:52:08 | 000,000,912 | ---- | C] () -- C:\Users\pc\Desktop\Ñîêğîâèùà Ìîíòåñóìû 3.lnk

[2014.03.29 05:41:06 | 000,002,184 | ---- | C] () -- C:\Users\pc\Desktop\Tales of Lagoona - Orphans of the Ocean.lnk

[2014.03.29 05:09:40 | 000,002,041 | ---- | C] () -- C:\Users\pc\Desktop\Saving Private Sheep.lnk

[2014.03.29 04:07:36 | 000,001,906 | ---- | C] () -- C:\Users\pc\Desktop\Mayan Puzzle.lnk

[2014.03.27 22:01:28 | 000,256,130 | ---- | C] () -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums.htm

[2014.03.27 06:11:11 | 000,430,026 | ---- | C] () -- C:\Users\pc\Desktop\3-66.jpg

[2014.03.27 05:13:07 | 000,177,043 | ---- | C] () -- C:\Users\pc\Desktop\111009-165400.jpg

[2014.03.27 05:12:46 | 000,168,697 | ---- | C] () -- C:\Users\pc\Desktop\111009-165302.jpg

[2014.03.27 01:07:59 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2014.03.27 01:07:59 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2014.03.26 22:55:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2014.03.26 22:55:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2014.03.26 22:55:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2014.03.26 22:55:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2014.03.26 22:55:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\winstart.bat

[2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\CONFIG.NT

[2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\AUTOEXEC.NT

[2014.03.26 03:23:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2014.03.19 16:17:47 | 002,451,517 | ---- | C] () -- C:\Users\pc\Desktop\1 mayis A Computer Based Discrimination Method for the Repetitive and Stochastic Defects on Fancy Yarns Based on Stochastic Signal Processing aOnarıldı).pdf

[2013.12.19 18:44:43 | 000,007,168 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.02.08 00:07:38 | 000,011,426 | ---- | C] () -- C:\Users\pc\gsview64.ini

[2012.09.04 10:19:30 | 000,000,162 | ---- | C] () -- C:\windows\ODBC.INI

[2012.09.01 03:04:15 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

[2012.09.01 03:04:15 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

[2012.09.01 03:04:15 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll

[2012.09.01 03:04:13 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2012.09.01 03:04:11 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

[2012.08.26 01:29:41 | 000,007,597 | ---- | C] () -- C:\Users\pc\AppData\Local\Resmon.ResmonCfg

[2012.08.24 13:14:40 | 001,546,540 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012.05.19 05:11:06 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2012.05.19 04:45:59 | 000,003,226 | ---- | C] () -- C:\windows\HotFixList.ini

[2012.05.19 04:17:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2012.05.19 04:08:48 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat

[2012.04.18 01:16:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2012.04.18 01:16:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2012.04.18 01:14:24 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll


========== ZeroAccess Check ==========


[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


========== LOP Check ==========


[2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit

[2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

[2013.12.28 02:14:08 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Audacity

[2014.03.29 05:25:57 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Boolat Games

[2013.04.09 06:13:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Boomzap

[2014.03.29 05:09:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BULKYPIX

[2013.12.25 03:57:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Cakewalk

[2013.03.08 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon

[2012.08.28 11:07:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ESET

[2012.09.15 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FloodLightGames

[2013.04.08 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Friday's games

[2013.04.08 03:19:01 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Gogii Games

[2014.03.29 05:28:36 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\HdO Adventure

[2013.03.23 09:18:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IObit

[2014.03.29 05:36:29 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\JQ

[2012.10.12 22:05:40 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\LogoDizayn

[2014.03.29 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Mayan Puzzle

[2012.10.08 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\MedCalc Software

[2014.03.29 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Meridian93

[2012.10.30 13:00:00 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\National Instruments

[2013.04.08 17:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera

[2014.03.30 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Picsoft

[2013.04.07 09:12:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\PlayFavoriteGames

[2013.04.09 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Playrix Entertainment

[2014.04.01 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ScanSpyware

[2012.09.04 09:25:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SoftGrid Client

[2014.03.30 02:21:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TheFlyingDutchman

[2012.08.24 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TP

[2013.05.10 14:34:27 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\webex

[2012.12.19 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Windows Live Writer

[2013.02.20 13:44:07 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Zbshareware Lab

========== Purity Check ==========

========== Alternate Data Streams ==========


@Alternate Data Stream - 136 bytes -> C:\ProgramData\TempEE46C4E

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2701988C

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8AED9359

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.255.91.47:4128
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013.03.23 09:18:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IObit
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:DEE46C4E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2701988C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8AED9359

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.
See if that solves the issue.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run F-Secure Online Scanner

• Disable your Antivirus program.
• Click on Run now button.
  NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.
• Click on Start button.
• Click on "Accept" button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[Ian Sule]

Hello Broni,
here are the required logs. Chrome resetting and temp file cleaning have been done successfully. The only one problem was not able to access F-Secure online scanning web page. An error message given below was received when I try to access online scanner page.

"An error occurred while processing your request.
Reference #97.1d0ad817.1396997876.1b40890e"

---------------------------------------------------------------------------------
LOGS

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
C:\Users\pc\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Startup Manager folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\SecurityHoles folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner\backup folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\pc\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\TempEE46C4E deleted successfully.
ADS C:\ProgramData\Temp:2701988C deleted successfully.
ADS C:\ProgramData\Temp:8AED9359 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119908163 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 288410019 bytes
->Flash cache emptied: 1669 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 389,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: pc
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: pc
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04092014_012916

Files\Folders moved on Reboot...
C:\Users\pc\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
----------------------------------------------------------------

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 7.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

---------------------------------------------------------------------------

Farbar Service Scanner Version: 25-02-2014
Ran by pc (administrator) on 09-04-2014 at 01:45:20
Running from "C:\Users\pc\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Ian Sule]

I am sorry that I have forgotten reboot. When I restarted pc F-secure page was accessible. F-secure says: nothing harmful detected.

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

=========================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Ian Sule]

Thank you very much Broni, I was very pleased to know you(y)
I have applied all the last given instructions (delfix, update control, malware byte scan, TFC, PSI etc) to get a just clear and robust system. After all, PC was working well. But, I do not know how it happened, fake flash player may be out of date warnings appeared again nearly every web page! I am at shock! In my opinion it is a DNS hack which is affecting people increasingly due to the safety vulnerability of net provider or some DSL models.
I would like to thank you for your interest.

 

[Ian Sule]

I would like to express a concern. When my friend used her laptop in an outer net source, she said that she was not encountered any problem about fake flash player updating warnings or block to access web pages. Is this evidence reinforces the thesis that the DNS or router hacked? It is quite interesting that the problem affects increasing number of people suddenly.

 

[Broni]

It happens in what browser?

 

[Ian Sule]

It happens in Chrome browser. IExplorer is not working. Additionally our ipad and smart TV showed same flash player may be out of date and SSL fault messages. We cannot enter google, facebook, and youtube by using both ipad and TV. Considering that blockings may occur due to DNS hack, I checked out of my DSL (TP-LINK) modem adjustment to configure DNS for blocking of entering its adjustments. But administrative password of DSL had been changed by someone else. I didn't prefer to reset my DSL to set from the beginning by returning it to factory settings. Because I was not sure if I was able to configure net settings. I have changed TCP/IPv4 settings. Preferred DNS was adjusted as 8.8.8.8 (not automatic), and alternate DNS was adjusted as 8.8.4.4. These settings seem to be a good option. I wonder if I have done right.

 

[Broni]

Are the browsers OK after your changes?

 

[Ian Sule]

Yes, Chrome is OK but IExplorer is still not working. I noticed an issue with OTL kill process. I hope access of a legal institutional proxy (193.25...) has not been blocked by OTL. I appreciate for your concern Broni. After deletion of spy.zbot trojan my laptop looks fine

 

[Broni]

Reset Internet Explorer.
Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
You can use ANY browser to download "FixIt" file.
Make sure you follow ALL steps listed there.

 

[Ian Sule]

Everythig is OK. Many many thanks. (y)

 

[Broni]

Way to go!!
Good luck and stay safe