TechSpot

Strong trojan "spy.zbot.yw"

Solved
By Ian Sule
Apr 4, 2014
  1. Hello. My notebook has been attacked by a strong virus namely "spy.zbot.yw" 10 days ago. I tried to delete it from system by using combofix, eset nod 32, spy bot search & destroy, junkware removal tool, Rogue Killer, security check etc. Although virus has been deleted, it has appeared again. When Internet Explorer or Chrome browsers have been used, some fake warnings from google, including, "your flash player should be updated, your browser should be updated, please enter facebook and gmail accounts" etc has appeared. I have updated flash player and java by removing old java version and cache java memory using javara software. Unfortunately, two laptops have been immediately affected from virus when they have been used in our home network. How do I know if my DSL has been attacked from outer source or a virus problem has affected our laptops? Pum HJ has been detected by adw cleaner software.Is problem relevant to use of old ADSL usage which has not been updated since 3 years? Here is my tds killer, mbam, dds, tds and Rkill report. I can not use gmail, because when I try to connect gmail, update warnings lead to complication. Thank you for your helpings.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Please read our preliminaries: http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/
    I only need logs mentioned there.
    ...and all logs have to be pasted not attached.
     
  3. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Hello. The logs of the mbam and dds were given respectively. I hope your instructions were implemented properly. Thanks for your interest.

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 05.04.2014
    Scan Time: 02:26:54
    Logfile: tech-mbam.txt
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.04.04.09
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: pc

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 275125
    Time Elapsed: 50 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)
    -----------------------------------------------------------------

    DDS LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
    Run by pc at 3:01:41 on 2014-04-05
    Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.6039.3113 [GMT 3:00]
    .
    AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\Dwm.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\windows\SysWOW64\lkads.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\windows\SysWOW64\lkcitdl.exe
    C:\windows\SysWOW64\lktsrv.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\USB Disk Security\USBGuard.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\windows\splwow64.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.tr/
    uSearch Bar = Preserve
    mStart Page = hxxp://www.google.com
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 68.168.98.196 8.8.8.8
    TCP: Interfaces\{B7D8481C-6EED-4716-A734-C513E9D6B1CC} : DHCPNameServer = 68.168.98.196 8.8.8.8
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.google.com
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-3-20 32896]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]
    R1 eamonm;eamonm;C:\windows\System32\drivers\eamonm.sys [2013-9-17 239320]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-19 13824]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-18 235520]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
    R2 epfwwfpr;epfwwfpr;C:\windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-19 127320]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-19 164184]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-29 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-29 857912]
    R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
    R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
    R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-14 31624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-27 171416]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-19 362840]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-9 163456]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]
    R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-3-9 551552]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
    R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2012-8-24 86016]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]
    R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2012-3-26 14748416]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-3-29 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-3-28 119512]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-19 685160]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-27 3921880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 NOBU;Norton Online Backup;"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [?]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-27 1042272]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-8-24 117248]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\System32\drivers\ewusbwwan.sys [2012-8-24 421376]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-13 111616]
    S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2012-8-24 11776]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-9 19456]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2012-5-19 314472]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-17 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-9 30208]
    S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-04-04 13:53:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\offreg.dll
    2014-04-04 04:02:13 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
    2014-04-04 02:46:41 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-04-04 02:01:04 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\mpengine.dll
    2014-04-03 16:28:18 -------- d-----w- C:\AdwCleaner
    2014-04-01 01:02:32 -------- d-----w- C:\ProgramData\HitmanPro
    2014-03-31 22:38:04 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-03-31 20:57:43 -------- d-----w- C:\Users\pc\AppData\Roaming\ScanSpyware
    2014-03-31 02:46:26 -------- d-----w- C:\Users\pc\AppData\Local\schoolmates
    2014-03-31 02:41:01 -------- d-----w- C:\windows\Fated Haven - Chapter One
    2014-03-31 02:41:01 -------- d-----w- C:\Program Files (x86)\Fated Haven - Chapter One
    2014-03-29 23:21:03 -------- d-----w- C:\Users\pc\AppData\Roaming\TheFlyingDutchman
    2014-03-29 23:20:27 -------- d-----w- C:\windows\The Flying Dutchman - In The Ghost Prison
    2014-03-29 23:00:00 -------- d-----w- C:\Users\pc\AppData\Roaming\Picsoft
    2014-03-29 22:59:06 -------- d-----w- C:\windows\Mini Robot Wars
    2014-03-29 11:50:22 -------- d-----w- C:\windows\SysWow64\directx
    2014-03-29 10:09:04 -------- d-----w- C:\windows\Puzzle Agent 2
    2014-03-29 10:05:33 -------- d-----w- C:\Users\pc\AppData\Roaming\Meridian93
    2014-03-29 10:03:09 -------- d-----w- C:\windows\Fruit Farm
    2014-03-29 10:00:46 -------- d-----w- C:\ProgramData\Phenomedia
    2014-03-29 02:41:54 -------- d-----w- C:\Users\pc\AppData\Local\Tales of Lagoona
    2014-03-29 02:38:53 -------- d-----w- C:\Program Files (x86)\Tales of Lagoona - Orphans of the Ocean
    2014-03-29 02:36:27 -------- d-----w- C:\Users\pc\AppData\Roaming\JQ
    2014-03-29 02:34:15 -------- d-----w- C:\windows\Julia's Quest - United Kingdom
    2014-03-29 02:28:36 -------- d-----w- C:\Users\pc\AppData\Roaming\HdO Adventure
    2014-03-29 02:25:57 -------- d-----w- C:\Users\pc\AppData\Roaming\Boolat Games
    2014-03-29 02:24:47 -------- d-----w- C:\windows\Timeless - The Forgotten Town Collector's Edition
    2014-03-29 02:09:52 -------- d-----w- C:\Users\pc\AppData\Roaming\BULKYPIX
    2014-03-29 02:06:24 -------- d-----w- C:\Program Files (x86)\Saving Private Sheep
    2014-03-29 01:07:55 -------- d-----w- C:\Users\pc\AppData\Roaming\Mayan Puzzle
    2014-03-29 01:07:33 -------- d-----w- C:\windows\Mayan Puzzle
    2014-03-29 01:07:33 -------- d-----w- C:\Program Files (x86)\Mayan Puzzle
    2014-03-28 22:04:31 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
    2014-03-28 22:04:31 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
    2014-03-28 22:04:31 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-03-28 22:04:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-03-28 16:10:41 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2014-03-28 15:51:39 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2014-03-26 22:07:46 21040 ----a-w- C:\windows\System32\sdnclean64.exe
    2014-03-26 22:07:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-03-26 20:22:45 -------- d-----w- C:\spybotSearch&Destroy
    2014-03-26 19:55:56 98816 ----a-w- C:\windows\sed.exe
    2014-03-26 19:55:56 256000 ----a-w- C:\windows\PEV.exe
    2014-03-26 19:55:56 208896 ----a-w- C:\windows\MBR.exe
    2014-03-26 19:48:30 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-03-26 02:33:24 2 --shatr- C:\windows\winstart.bat
    2014-03-26 02:32:50 -------- d-----w- C:\Program Files (x86)\UnHackMe
    2014-03-26 02:13:01 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
    2014-03-26 00:23:16 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-03-26 00:22:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-03-17 21:35:44 6574592 ----a-w- C:\windows\System32\mstscax.dll
    2014-03-17 21:35:44 5694464 ----a-w- C:\windows\SysWow64\mstscax.dll
    2014-03-17 11:04:10 792576 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
    2014-03-17 11:04:10 1030144 ----a-w- C:\windows\System32\TSWorkspace.dll
    2014-03-13 02:39:34 624128 ----a-w- C:\windows\System32\qedit.dll
    2014-03-13 02:39:34 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2014-03-13 02:39:33 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
    2014-03-13 02:39:33 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
    .
    ==================== Find3M ====================
    .
    2014-04-04 03:45:16 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-04 03:45:16 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
    2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
    2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
    2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
    .
    ============= FINISH: 3:01:57,35 ===============

    --------------------------------------------------------------
    ATTACH Log

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24.08.2012 13:11:44
    System Uptime: 04.04.2014 15:10:08 (12 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP350V5C-T01TR
    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 352 GiB total, 205,548 GiB free.
    D: is CDROM ()
    F: is FIXED (NTFS) - 325 GiB total, 129,293 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Aygıtı (Kişisel Alan Ağı)
    Device ID: BTH\MS_BTHPAN\7&2B6183A3&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Aygıtı (Kişisel Alan Ağı)
    PNP Device ID: BTH\MS_BTHPAN\7&2B6183A3&0&2
    Service: BthPan
    .
    ==== System Restore Points ===================
    .
    RP189: 28.03.2014 23:25:30 - Geri Yükleme İşlemi
    RP190: 01.04.2014 01:41:12 - Windows Update
    RP191: 03.04.2014 18:56:06 - Windows Update
    RP192: 03.04.2014 18:58:18 - Windows Update
    RP193: 04.04.2014 02:37:14 - Installed SpyHunter
    RP194: 04.04.2014 04:54:49 - Removed SpyHunter
    RP195: 04.04.2014 07:01:06 - Installed Java 7 Update 51 (64-bit)
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ??????????? ??? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    Ñîêğîâèùà Ìîíòåñóìû 3 Full
    Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader X (10.1.9)
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Atheros Bluetooth Suite (64)
    Atheros Client Installation Program
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    Canon MP Navigator EX 2.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cisco WebEx Meetings
    CyberLink Media Suite
    CyberLink Media+ Player10
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink YouCam
    D3DX10
    Digimizer
    E-POP
    Easy File Share
    Easy Migration
    Easy Settings
    Easy Software Manager
    Easy Support Center
    ESET NOD32 Antivirus
    Fotogalerija Windows Live
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPL Ghostscript
    GSview 5.0
    HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0
    HI-TECH C51-lite V9.60PL0
    HUAWEI DataCard Driver 4.22.16.00
    Image Analyzer
    Intel(R) Control Center
    Intel(R) Display Audio Driver
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Java 7 Update 51
    Java 7 Update 51 (64-bit)
    Junk Mail filter update
    K-Lite Mega Codec Pack 9.2.0
    Malwarebytes Anti-Malware 2.00.0.1000 sürümü
    Math Kernel Libraries
    Math Kernel Libraries (64-bit)
    MATLAB R2010a
    Mayan Puzzle
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (Türkçe)
    Microsoft .NET Framework 4.5.1 (TRK)
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Turkish) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678)
    Microsoft Office Excel MUI (Turkish) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (Turkish) 2007
    Microsoft Office InfoPath MUI (Turkish) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (Turkish) 2007
    Microsoft Office Outlook MUI (Turkish) 2007
    Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669)
    Microsoft Office PowerPoint MUI (Turkish) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Turkish) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Proofing (Turkish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Turkish) 2007
    Microsoft Office Shared 64-bit MUI (Spanish) 2007
    Microsoft Office Shared 64-bit MUI (Turkish) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared MUI (Turkish) 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (Spanish) 2007
    Microsoft Office Visio MUI (Turkish) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665)
    Microsoft Office Word MUI (Turkish) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    National Instruments Software
    NI-Mesa
    NI .NET Framework 4.0
    NI ActiveX Container
    NI ActiveX Container (64-bit)
    NI Authentication 12.0.0
    NI Authentication 12.0.0 (64-bit)
    NI Circuit Design Suite 12.0.1 Core
    NI Circuit Design Suite 12.0.1 Pro
    NI Circuit Design Suite 12.0.1 Pro Licenses
    NI Curl 12.0.0
    NI Curl 12.0.0 (64-bit)
    NI Error Reporting 2012
    NI EulaDepot
    NI Example Finder 12.0
    NI GMP Windows 32-bit Installer 12.0.0
    NI GMP Windows 64-bit Installer 12.0.0
    NI Help Assistant
    NI Help Assistant (64bit)
    NI LabVIEW 2011 Real-Time NBFifo
    NI LabVIEW 2012 Deployment Framework
    NI LabVIEW 2012 Real-Time NBFifo
    NI LabVIEW 2012 Run-Time Engine Web Server
    NI LabVIEW Run-Time Engine 2011 SP1
    NI LabVIEW Run-Time Engine 2012
    NI LabVIEW Run-Time Engine Interop 2011
    NI LabVIEW Run-Time Engine Interop 2012
    NI LabVIEW Web Server for Run-Time Engine
    NI LabWindows/CVI 2010 SP1 Analysis Library
    NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
    NI LabWindows/CVI 2010 SP1 Network Variable Library
    NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
    NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library
    NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
    NI LabWindows/CVI Run-Time Engine 2010 SP1
    NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
    NI License Manager
    NI Logos 5.4
    NI Logos 5.4 (64-bit)
    NI Logos XT Support
    NI Logos64 XT Support
    NI Math Kernel Libraries
    NI Math Kernel Libraries (64-bit)
    NI MAX Remote Configuration 64-bit Installer 5.0
    NI MAX Remote Configuration Installer 5.0
    NI MDF Support
    NI mDNS Responder 2.1 for Windows 64-bit
    NI mDNS Responder 2.1.0
    NI MetaSuite Installer
    NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
    NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
    NI SSL LabVIEW RTE 2012 Support
    NI SSL Support
    NI SSL Support (64-bit)
    NI System State Publisher
    NI System State Publisher (64-bit)
    NI System Web Server 12.0
    NI System Web Server Base 12.0.0
    NI System Web Server Base 12.0.0 (64-bit)
    NI TDM Streaming 2.4
    NI TDM Streaming 2.4 (64-bit)
    NI Trace Engine
    NI Trace Engine (64-bit)
    NI Uninstaller
    NI Update Service 2.2.1
    NI USI 2.0.0
    NI USI 2.0.0 64-Bit
    NI VC2005MSMs x64
    NI VC2005MSMs x86
    NI VC2008MSMs x64
    NI VC2008MSMs x86
    NI VC2010MSMs x64
    NI VC2010MSMs x86
    NI Web Application Server 12.0
    NI Web Application Server 12.0 (64-bit)
    NI Web Pipeline 2.0.1
    NI Web Pipeline 2.0.1 64-bit support
    Norton Online Backup
    Plants vs. Zombies
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Pošta Windows Live
    PX Profile Update
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Samsung Recovery Solution 5
    Saving Private Sheep
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
    Skype™ 6.11
    Software Launcher
    SONAR X1 LE
    Spybot - Search & Destroy
    STDU Viewer version 1.6.186.0
    Tales of Lagoona - Orphans of the Ocean
    Turkcell 3G VINN
    Tweaking.com - Windows Repair (All in One)
    UltraISO Premium V9.53
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
    USB Disk Security
    VLC media player 2.0.3
    WildTangent Games
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotoğraf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinRAR 4.00 (64-bit)
    ZTE USB Driver
    .
    ==== End Of File ===========================

     
  4. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Hello,
    RKreport and Mbar logs were obtained and submitted. A new system restore point was created after RogueKiller process. It may be useful to say that when I try to connect Gmail, "ERR_CONNECTION_REFUSED" or "ERR_CONNECTION_TIMED_OUT" messages are shown. Thank you.
    ---------------------------------------
    Here is RKreport

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    eposta : http://www.adlice.com/contact/
    Geribesleme : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    İşletim Sistemi : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Zamanında başladı : Normal mod
    Kullanıcı : pc [Yönetici Hakları]
    Mod : Temizle -- Tarih : 04/06/2014 22:29:40
    | ARK || FAK || MBR |

    ¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

    ¤¤¤ Kayıt Defteri Girişleri : 0 ¤¤¤

    ¤¤¤ Planlanmış Görevler : 0 ¤¤¤

    ¤¤¤ Başlangıç girişleri : 0 ¤¤¤

    ¤¤¤ Web Tarayıcıları : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Sürücü : [YÜKLENMEDİ 0x0] ¤¤¤

    ¤¤¤ Dışarıdaki kovanlar: ¤¤¤

    ¤¤¤ Bulaşma var : ¤¤¤

    ¤¤¤ HOSTS Dosyası: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobeereg.com


    ¤¤¤ MBR Denetimi: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM022 HN-M750MBB +++++
    --- User ---
    [MBR] e5fe430fd119eaef3710fab38e2568be
    [BSP] 776471fc1e0a76640a1cbfda64cc83e7 : KIWI Image system MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 360087 MB
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 737665024 | Size: 332913 MB
    3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1419470848 | Size: 22303 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Tamamlandı : << RKreport[0]_D_04062014_222940.txt >>
    RKreport[0]_S_04062014_222934.txt

    ---------------------------------
    Here is Mbar log
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.04.06.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16521
    pc :: PC-BILGISAYAR [administrator]

    06.04.2014 22:43:10
    mbar-log-2014-04-06 (22-43-10).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 272044
    Time elapsed: 24 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ------------------------------------------
    Here is system log
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16521

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 6332583936, free: 3433709568

    Downloaded database version: v2014.04.06.09
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D8CAB691

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 737458176

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 737665024 Numsec = 681805824

    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1419470848 Numsec = 45676544

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Non-administrative

    Internet Explorer version: 11.0.9600.16521

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 6332583936, free: 4303405056

    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D8CAB691

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 737458176

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 737665024 Numsec = 681805824

    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1419470848 Numsec = 45676544

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Scan finished
     
  6. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Which browser gives you problems with GMail?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Hello,
    Chrome browser was blocking the entrance to GMail before last ComboFix deletion process. Whereas, I can access my GMail account now.
    IExplorer still gives me some fake warnings including "your flash player should be updated" or "message from gmail, facebook, enter your account". Sometimes in the first step in web-surfing, my home page google is being locked and fake warnings are being received. Specially these fake warnings come when I click youtube, gmail or google.
    Combofix deletion has been successfully done in its first implementation unless encountering a rejection. Here is ComboFix report.
    ---------------------------------------------

    ComboFix 14-04-06.01 - pc 07.04.2014 4:03.22.4 - x64
    Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.6039.3907 [GMT 3:00]
    Running from: c:\users\pc\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 )))))))))))))))))))))))))))))))
    .
    .
    2014-04-07 01:18 . 2014-04-07 01:18 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-04-07 01:18 . 2014-04-07 01:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-04-04 04:02 . 2014-04-04 04:02 312744 ----a-w- c:\windows\system32\javaws.exe
    2014-04-04 04:02 . 2014-04-04 04:02 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-04-04 04:02 . 2014-04-04 04:02 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-04-04 04:02 . 2014-04-04 04:02 189352 ----a-w- c:\windows\system32\java.exe
    2014-04-04 04:01 . 2014-04-04 04:01 -------- d-----w- c:\program files\Java
    2014-04-04 03:46 . 2014-04-04 03:46 -------- d-----w- c:\windows\Sun
    2014-04-04 02:01 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{708B3413-053D-4D3F-9BA0-443ADE47814D}\mpengine.dll
    2014-04-03 16:28 . 2014-04-04 05:26 -------- d-----w- C:\AdwCleaner
    2014-04-01 01:02 . 2014-04-04 03:37 -------- d-----w- c:\programdata\HitmanPro
    2014-03-31 22:38 . 2014-04-04 00:03 -------- d-----w- c:\program files\Microsoft Security Client
    2014-03-31 20:57 . 2014-03-31 22:39 -------- d-----w- c:\users\pc\AppData\Roaming\ScanSpyware
    2014-03-31 02:46 . 2014-03-31 02:46 -------- d-----w- c:\users\pc\AppData\Local\schoolmates
    2014-03-31 02:41 . 2014-03-31 02:50 -------- d-----w- c:\program files (x86)\Fated Haven - Chapter One
    2014-03-31 02:41 . 2014-03-31 02:41 -------- d-----w- c:\windows\Fated Haven - Chapter One
    2014-03-29 23:21 . 2014-03-29 23:21 -------- d-----w- c:\users\pc\AppData\Roaming\TheFlyingDutchman
    2014-03-29 23:20 . 2014-03-29 23:20 -------- d-----w- c:\windows\The Flying Dutchman - In The Ghost Prison
    2014-03-29 23:00 . 2014-03-29 23:00 -------- d-----w- c:\users\pc\AppData\Roaming\Picsoft
    2014-03-29 22:59 . 2014-03-29 22:59 -------- d-----w- c:\windows\Mini Robot Wars
    2014-03-29 10:09 . 2014-03-29 10:09 -------- d-----w- c:\windows\Puzzle Agent 2
    2014-03-29 10:05 . 2014-03-29 10:05 -------- d-----w- c:\users\pc\AppData\Roaming\Meridian93
    2014-03-29 10:03 . 2014-03-29 10:03 -------- d-----w- c:\windows\Fruit Farm
    2014-03-29 10:00 . 2014-03-29 10:00 -------- d-----w- c:\programdata\Phenomedia
    2014-03-29 02:41 . 2014-03-29 02:41 -------- d-----w- c:\users\pc\AppData\Local\Tales of Lagoona
    2014-03-29 02:38 . 2014-03-29 02:41 -------- d-----w- c:\program files (x86)\Tales of Lagoona - Orphans of the Ocean
    2014-03-29 02:36 . 2014-03-29 02:36 -------- d-----w- c:\users\pc\AppData\Roaming\JQ
    2014-03-29 02:34 . 2014-03-29 02:34 -------- d-----w- c:\windows\Julia's Quest - United Kingdom
    2014-03-29 02:28 . 2014-03-29 02:28 -------- d-----w- c:\users\pc\AppData\Roaming\HdO Adventure
    2014-03-29 02:25 . 2014-03-29 02:25 -------- d-----w- c:\users\pc\AppData\Roaming\Boolat Games
    2014-03-29 02:24 . 2014-03-29 02:24 -------- d-----w- c:\windows\Timeless - The Forgotten Town Collector's Edition
    2014-03-29 02:09 . 2014-03-29 02:09 -------- d-----w- c:\users\pc\AppData\Roaming\BULKYPIX
    2014-03-29 02:06 . 2014-03-29 02:09 -------- d-----w- c:\program files (x86)\Saving Private Sheep
    2014-03-29 01:07 . 2014-03-29 01:08 -------- d-----w- c:\users\pc\AppData\Roaming\Mayan Puzzle
    2014-03-29 01:07 . 2014-03-29 01:07 -------- d-----w- c:\program files (x86)\Mayan Puzzle
    2014-03-29 01:07 . 2014-03-29 01:07 -------- d-----w- c:\windows\Mayan Puzzle
    2014-03-28 22:04 . 2014-04-06 21:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-28 22:04 . 2014-04-03 06:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-03-28 22:04 . 2014-04-03 06:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-28 22:04 . 2014-04-05 13:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-03-28 16:10 . 2014-03-28 21:57 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
    2014-03-28 15:51 . 2014-04-06 20:15 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-03-26 22:07 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
    2014-03-26 22:07 . 2014-03-28 21:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2014-03-26 20:22 . 2014-03-26 20:22 -------- d-----w- C:\spybotSearch&Destroy
    2014-03-26 19:48 . 2014-04-01 00:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-03-26 02:33 . 2014-03-29 22:00 2 --shatr- c:\windows\winstart.bat
    2014-03-26 02:32 . 2014-03-29 22:04 -------- d-----w- c:\program files (x86)\UnHackMe
    2014-03-26 02:13 . 2014-03-26 02:13 -------- d-----w- c:\program files (x86)\Enigma Software Group
    2014-03-26 00:23 . 2014-03-26 00:23 -------- d-----w- c:\program files\Enigma Software Group
    2014-03-26 00:22 . 2014-03-28 21:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2014-03-17 21:35 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-03-17 21:35 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
    2014-03-17 11:04 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-03-17 11:04 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-03-13 02:39 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-13 02:39 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-13 02:39 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-03-13 02:39 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-04 03:45 . 2013-08-21 23:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-04-04 03:45 . 2013-08-21 23:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-17 11:08 . 2012-08-28 07:21 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2013-02-05 662728]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
    R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
    R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MBAMWEBACCESSCONTROL
    *Deregistered* - MBAMWebAccessControl
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 16:23 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 03:45]
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 22:53]
    .
    2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cef2b99b02ecfc.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 22:53]
    .
    2014-04-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24]
    .
    2014-04-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.tr/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Adobe PDF'ye dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Bağ Hedefini PDF’ye Dönüştür - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Bağ Hedefini PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Varolan PDF’ye Ekle - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    TCP: DhcpNameServer = 68.168.98.196 8.8.8.8
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-04-07 04:41:10
    ComboFix-quarantined-files.txt 2014-04-07 01:40
    ComboFix2.txt 2014-04-04 02:46
    ComboFix3.txt 2014-04-03 21:55
    ComboFix4.txt 2014-04-03 21:15
    ComboFix5.txt 2014-04-07 01:03
    .
    Pre-Run: 216.653.918.208 bayt boş
    Post-Run: 216.335.835.136 bayt boş
    .
    - - End Of File - - 61A61FF0964E48274C5C9E24568E048F
     
  8. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Dear Broni,

    the scanning reports have been obtained, but OTL did not gave an extra.txt report although it was executed two times. It may be useful that some warnings appear when web pages are used:


    1)From Chrome Browser: static.ak.facebook.com > web site message: warning! your flash player may be out of date. Please update to continue!

    2)From Eset nod 32 antivirus:

    a) www.google.com/pagead/drt/ui

    b) static.ak.facebook.com/connect/xd_arbiter/wTH8UOosOYI.js?version=40and IP adress


    Here are the logs.

    PART 1

    #AdwCleaner v3.023- Rapor olusturuldu 08/04/2014 tarihinde 15:24:42

    # Guncellendi 01/04/2014 tarafindan Xplode

    # Isletim sistemi : Windows 7 Home Basic Service Pack 1 (64 bits)

    # Kullanici adi : pc - PC-BILGISAYAR

    # Adwcleaner konumu : C:\Users\pc\Desktop\adwcleaner (1).exe

    # Tarama turu : Temizle


    ***** [ Servisler ] *****


    ***** [ Dosyalar / Klasorler ] *****


    ***** [ Kisayollar ] *****


    ***** [ Registry ] *****


    ***** [ Tarayicilar ] *****


    -\\ Internet Explorer v11.0.9600.16521


    -\\ Google Chrome v33.0.1750.154


    [ Dosya : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [847 octets] - [03/04/2014 19:28:25]

    AdwCleaner[R1].txt - [906 octets] - [03/04/2014 23:46:09]

    AdwCleaner[R2].txt - [979 octets] - [04/04/2014 00:18:02]

    AdwCleaner[R3].txt - [1038 octets] - [04/04/2014 02:00:29]

    AdwCleaner[R4].txt - [1099 octets] - [04/04/2014 02:37:44]

    AdwCleaner[R5].txt - [1221 octets] - [04/04/2014 03:31:44]

    AdwCleaner[R6].txt - [1220 octets] - [04/04/2014 05:48:40]

    AdwCleaner[R7].txt - [1280 octets] - [04/04/2014 08:23:48]

    AdwCleaner[R8].txt - [1404 octets] - [08/04/2014 15:23:24]

    AdwCleaner[S0].txt - [970 octets] - [03/04/2014 23:47:36]

    AdwCleaner[S1].txt - [1343 octets] - [04/04/2014 08:26:10]

    AdwCleaner[S2].txt - [1327 octets] - [08/04/2014 15:24:42]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1387 octets] ##########

    --------------------------------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.4 (04.06.2014:1)

    OS: Windows 7 Home Basic x64

    Ran by pc on 08.04.2014 at 15:31:24,60

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services


    ~~~ Registry Values


    ~~~ Registry Keys


    ~~~ Files


    ~~~ Folders


    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 08.04.2014 at 15:38:50,28

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ---------------------------

    OTL logfile created on: 08.04.2014 15:41:49 - Run 2

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pc\Desktop

    64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.11.9600.16521)

    Locale: 0000041F | Country: Türkiye | Language: TRK | Date Format: dd.MM.yyyy


    5,90 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 72,82% Memory free

    11,79 Gb Paging File | 10,12 Gb Available in Paging File | 85,84% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]


    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 351,65 Gb Total Space | 204,34 Gb Free Space | 58,11% Space Free | Partition Type: NTFS

    Drive F: | 325,11 Gb Total Space | 129,29 Gb Free Space | 39,77% Space Free | Partition Type: NTFS


    Computer Name: PC-BILGISAYAR | User Name: pc | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


    ========== Processes (SafeList) ==========


    PRC - [2014.04.08 15:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

    PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    PRC - [2014.03.27 21:29:56 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

    PRC - [2013.12.18 21:42:48 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    PRC - [2013.12.18 21:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    PRC - [2013.09.12 13:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

    PRC - [2013.07.25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

    PRC - [2013.02.05 15:27:26 | 000,662,728 | ---- | M] (Zbshareware Lab) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe

    PRC - [2012.06.05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

    PRC - [2012.06.05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe

    PRC - [2012.06.05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe

    PRC - [2012.05.31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

    PRC - [2012.05.22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe

    PRC - [2012.04.18 13:50:02 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    PRC - [2012.04.18 13:49:58 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    PRC - [2012.04.18 13:49:38 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    PRC - [2012.04.18 13:49:14 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

    PRC - [2012.04.17 02:15:46 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

    PRC - [2012.03.27 09:10:32 | 002,277,768 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

    PRC - [2012.03.09 11:33:54 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

    PRC - [2012.02.16 16:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

    PRC - [2012.02.13 09:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

    PRC - [2012.01.31 10:00:00 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

    PRC - [2012.01.28 08:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

    PRC - [2011.11.29 14:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    PRC - [2011.05.06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe



    ========== Modules (No Company Name) ==========


    MOD - [2013.12.18 21:44:24 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\tr_TR\AcroTray.TUR

    MOD - [2013.05.16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

    MOD - [2013.05.16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

    MOD - [2013.02.02 12:26:44 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\USB Disk Security\locales\turkish.dll

    MOD - [2011.09.08 13:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

    MOD - [2011.02.16 19:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll

    MOD - [2006.08.12 06:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll



    ========== Services (SafeList) ==========


    SRV:64bit: - [2014.03.01 07:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

    SRV:64bit: - [2013.09.12 13:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

    SRV:64bit: - [2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV:64bit: - [2012.05.22 10:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)

    SRV:64bit: - [2012.04.18 01:58:54 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

    SRV:64bit: - [2012.03.06 20:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

    SRV:64bit: - [2010.09.22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

    SRV - [2014.04.04 06:45:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

    SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2013.12.18 21:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

    SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

    SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

    SRV - [2012.06.05 15:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

    SRV - [2012.06.05 15:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)

    SRV - [2012.06.05 14:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)

    SRV - [2012.05.31 17:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)

    SRV - [2012.05.22 10:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)

    SRV - [2012.05.22 10:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)

    SRV - [2012.04.18 13:50:02 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

    SRV - [2012.04.18 13:49:58 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

    SRV - [2012.04.18 13:49:38 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)

    SRV - [2012.04.18 13:49:14 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

    SRV - [2012.03.26 14:32:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

    SRV - [2012.03.09 11:33:54 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)

    SRV - [2012.03.09 11:11:54 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

    SRV - [2012.02.13 09:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)

    SRV - [2011.11.29 14:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

    SRV - [2011.05.06 16:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

    SRV - [2010.08.02 11:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

    SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)



    ========== Driver Services (SafeList) ==========


    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

    DRV:64bit: - [2014.04.08 15:28:08 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

    DRV:64bit: - [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

    DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

    DRV:64bit: - [2013.10.02 05:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV:64bit: - [2013.09.17 16:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

    DRV:64bit: - [2013.09.17 16:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

    DRV:64bit: - [2013.09.17 16:17:38 | 000,157,432 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

    DRV:64bit: - [2012.12.09 19:58:37 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

    DRV:64bit: - [2012.12.09 19:58:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

    DRV:64bit: - [2012.04.18 13:49:24 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

    DRV:64bit: - [2012.04.18 02:18:34 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

    DRV:64bit: - [2012.04.18 00:57:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

    DRV:64bit: - [2012.04.08 19:18:54 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

    DRV:64bit: - [2012.03.26 14:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

    DRV:64bit: - [2012.03.26 14:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

    DRV:64bit: - [2012.03.20 00:15:54 | 000,032,896 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)

    DRV:64bit: - [2012.03.19 12:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)

    DRV:64bit: - [2012.03.09 15:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

    DRV:64bit: - [2012.03.09 11:22:58 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

    DRV:64bit: - [2012.03.09 11:22:18 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

    DRV:64bit: - [2012.03.09 11:22:00 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

    DRV:64bit: - [2012.03.09 11:21:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

    DRV:64bit: - [2012.03.09 11:21:06 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

    DRV:64bit: - [2012.03.09 11:20:48 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

    DRV:64bit: - [2012.03.09 11:20:30 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

    DRV:64bit: - [2012.03.09 11:20:12 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

    DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

    DRV:64bit: - [2012.02.27 14:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

    DRV:64bit: - [2012.02.27 14:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

    DRV:64bit: - [2012.02.27 14:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

    DRV:64bit: - [2012.02.16 16:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

    DRV:64bit: - [2011.12.12 13:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

    DRV:64bit: - [2011.12.05 23:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

    DRV:64bit: - [2011.11.29 13:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

    DRV:64bit: - [2011.09.22 08:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

    DRV:64bit: - [2011.05.03 10:42:42 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

    DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

    DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

    DRV:64bit: - [2011.01.30 13:19:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)

    DRV:64bit: - [2010.12.23 04:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)

    DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

    DRV:64bit: - [2010.07.27 04:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

    DRV:64bit: - [2010.04.14 14:28:26 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

    DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

    DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

    DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

    DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

    DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

    DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

    DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

    DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)



    ========== Standard Registry (SafeList) ==========



    ========== Internet Explorer ==========


    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}

    IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7



    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}


    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}


    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.tr/

    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.255.91.47:4128



    ========== FireFox ==========


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013.11.17 10:26:29 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014.04.04 05:09:53 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013.11.17 10:26:29 | 000,000,000 | ---D | M]


    [2013.02.20 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\extensions

    [2012.10.16 21:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions


    ========== Chrome ==========


    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

    CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\pc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll

    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\pc\AppData\Roaming\Mozilla\plugins\npo1d.dll

    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

    CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

    CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

    CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

    CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    CHR - plugin: Shockwave Flash (Disabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

    CHR - Extension: Web Navigation = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_1\

    CHR - Extension: Web Navigation = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_1\.bak

    CHR - Extension: Google Cüzdan = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

    END OF PART 1
     
  10. Ian Sule

    Ian Sule TS Rookie Topic Starter

    PART 2

    O1 HOSTS File: ([2014.04.03 23:41:27 | 000,000,492 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O1 - Hosts: 127.0.0.1 activate.adobe.com

    O1 - Hosts: 127.0.0.1 practivate.adobe.com

    O1 - Hosts: 127.0.0.1 ereg.adobe.com

    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

    O1 - Hosts: 127.0.0.1 wip3.adobe.com

    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

    O1 - Hosts: 127.0.0.1 adobeereg.com

    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    O3:64bit: - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O3 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

    O4 - HKLM..\Run: [] File not found

    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

    O4 - HKLM..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe (Zbshareware Lab)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8:64bit: - Extra context menu item: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8:64bit: - Extra context menu item: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8:64bit: - Extra context menu item: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8:64bit: - Extra context menu item: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Adobe PDF'ye dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Bağ Hedefini PDF’ye Dönüştür - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Bağ Hedefini PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O8 - Extra context menu item: Varolan PDF’ye Ekle - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)

    O13 - gopher Prefix: missing

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.168.98.196 8.8.8.8

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8481C-6EED-4716-A734-C513E9D6B1CC}: DhcpNameServer = 68.168.98.196 8.8.8.8

    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

    O18:64bit: - Protocol\Handler\livecall - No CLSID value found

    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

    O18:64bit: - Protocol\Handler\msnim - No CLSID value found

    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2014.03.26 03:23:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O35:64bit: - HKLM\..comfile [open] -- "%1" %*

    O35:64bit: - HKLM\..exefile [open] -- "%1" %*

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    ========== Files/Folders - Created Within 30 Days ==========


    [2014.04.08 15:40:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

    [2014.04.08 15:29:17 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\pc\Desktop\JRT.exe

    [2014.04.07 22:51:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2014.04.07 22:51:39 | 000,000,000 | ---D | C] -- C:\windows\temp

    [2014.04.07 22:43:27 | 000,000,000 | ---D | C] -- C:\ComboFix

    [2014.04.07 03:53:14 | 005,195,663 | R--- | C] (Swearware) -- C:\Users\pc\Desktop\ComboFix.exe

    [2014.04.06 22:40:37 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\mbarrrt

    [2014.04.06 22:34:46 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\pc\Desktop\mbar-1.07.0.1009.exe

    [2014.04.06 05:49:31 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\MP ^^

    [2014.04.06 02:18:54 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Videos – Audioslides_files

    [2014.04.06 00:44:47 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\ECG MATLAB

    [2014.04.05 20:45:11 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\ebooookkkss

    [2014.04.05 06:41:05 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Phil_Collins-Greatest_Hits_2010

    [2014.04.04 07:40:25 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums_files

    [2014.04.04 07:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java

    [2014.04.04 06:46:54 | 000,000,000 | ---D | C] -- C:\windows\Sun

    [2014.04.04 06:36:03 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide)_files

    [2014.04.04 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\pearl

    [2014.04.03 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\java C matlab

    [2014.04.03 19:28:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner

    [2014.04.01 04:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

    [2014.04.01 04:01:30 | 010,971,424 | ---- | C] (SurfRight B.V.) -- C:\Users\pc\Desktop\HitmanPro_x64.exe

    [2014.04.01 03:45:24 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\RK_Quarantine

    [2014.04.01 03:31:00 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions)_files

    [2014.04.01 01:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

    [2014.03.31 23:57:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\ScanSpyware

    [2014.03.31 23:55:29 | 004,233,347 | ---- | C] (ScanSpyware.Net ) -- C:\Users\pc\Desktop\ScanSpyware_3.9.2.2.exe

    [2014.03.31 05:46:26 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\schoolmates

    [2014.03.31 05:41:01 | 000,000,000 | ---D | C] -- C:\windows\Fated Haven - Chapter One

    [2014.03.31 05:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fated Haven - Chapter One

    [2014.03.30 02:21:03 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TheFlyingDutchman

    [2014.03.30 02:20:27 | 000,000,000 | ---D | C] -- C:\windows\The Flying Dutchman - In The Ghost Prison

    [2014.03.30 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Picsoft

    [2014.03.30 01:59:06 | 000,000,000 | ---D | C] -- C:\windows\Mini Robot Wars

    [2014.03.30 01:00:06 | 015,320,504 | ---- | C] (Greatis Software, LLC. ) -- C:\Users\pc\Desktop\unhackme_setup.exe

    [2014.03.29 14:50:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx

    [2014.03.29 13:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Telltale Games

    [2014.03.29 13:09:04 | 000,000,000 | ---D | C] -- C:\windows\Puzzle Agent 2

    [2014.03.29 13:05:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Meridian93

    [2014.03.29 13:03:09 | 000,000,000 | ---D | C] -- C:\windows\Fruit Farm

    [2014.03.29 13:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Phenomedia

    [2014.03.29 05:41:54 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Tales of Lagoona

    [2014.03.29 05:41:06 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tales of Lagoona - Orphans of the Ocean

    [2014.03.29 05:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tales of Lagoona - Orphans of the Ocean

    [2014.03.29 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\JQ

    [2014.03.29 05:34:15 | 000,000,000 | ---D | C] -- C:\windows\Julia's Quest - United Kingdom

    [2014.03.29 05:28:36 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\HdO Adventure

    [2014.03.29 05:25:57 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Boolat Games

    [2014.03.29 05:24:47 | 000,000,000 | ---D | C] -- C:\windows\Timeless - The Forgotten Town Collector's Edition

    [2014.03.29 05:09:52 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\BULKYPIX

    [2014.03.29 05:09:40 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saving Private Sheep

    [2014.03.29 05:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saving Private Sheep

    [2014.03.29 04:07:55 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Mayan Puzzle

    [2014.03.29 04:07:35 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mayan Puzzle

    [2014.03.29 04:07:33 | 000,000,000 | ---D | C] -- C:\windows\Mayan Puzzle

    [2014.03.29 04:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mayan Puzzle

    [2014.03.29 01:04:31 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

    [2014.03.29 01:04:31 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

    [2014.03.29 01:04:31 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

    [2014.03.29 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

    [2014.03.29 00:55:10 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-2.0.0.1000 (1) - Kopya.exe

    [2014.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware

    [2014.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Anti-Malware

    [2014.03.28 18:51:39 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

    [2014.03.27 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\ProcAlyzer Dumps

    [2014.03.27 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums_files

    [2014.03.27 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\çöp

    [2014.03.27 01:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

    [2014.03.27 01:07:46 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe

    [2014.03.27 01:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

    [2014.03.26 23:22:45 | 000,000,000 | ---D | C] -- C:\spybotSearch&Destroy

    [2014.03.26 22:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

    [2014.03.26 22:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

    [2014.03.26 22:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

    [2014.03.26 22:48:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

    [2014.03.26 21:41:23 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2014.03.26 05:33:20 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\RegRun2

    [2014.03.26 05:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe

    [2014.03.26 05:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group

    [2014.03.26 03:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

    [2014.03.26 03:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

    [2014.03.25 02:56:16 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\twist measurement dsp

    [2014.03.24 05:27:14 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\E B O O K simulink sensor mems nano biologic chemical snsor mechatronics photonics PIC simulinl

    [2014.03.17 14:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    [2014.03.17 14:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

    [2014.03.17 14:13:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

    [2014.03.17 03:02:57 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\cihan ödev son


    ========== Files - Modified Within 30 Days ==========


    [2014.04.08 15:45:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

    [2014.04.08 15:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe

    [2014.04.08 15:35:00 | 000,001,020 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cef2b99b02ecfc.job

    [2014.04.08 15:34:27 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2014.04.08 15:34:27 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2014.04.08 15:29:25 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\pc\Desktop\JRT.exe

    [2014.04.08 15:29:00 | 000,000,814 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

    [2014.04.08 15:28:08 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

    [2014.04.08 15:26:02 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

    [2014.04.08 15:25:59 | 000,001,008 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

    [2014.04.08 15:25:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

    [2014.04.08 15:25:46 | 2037,616,639 | -HS- | M] () -- C:\hiberfil.sys

    [2014.04.08 15:22:35 | 001,426,178 | ---- | M] () -- C:\Users\pc\Desktop\adwcleaner (1).exe

    [2014.04.08 15:02:18 | 001,570,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

    [2014.04.08 15:02:18 | 000,656,940 | ---- | M] () -- C:\windows\SysNative\perfh01F.dat

    [2014.04.08 15:02:18 | 000,654,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

    [2014.04.08 15:02:18 | 000,140,336 | ---- | M] () -- C:\windows\SysNative\perfc01F.dat

    [2014.04.08 15:02:18 | 000,122,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

    [2014.04.08 00:37:54 | 005,295,612 | ---- | M] () -- C:\Users\pc\Desktop\pisa 2012 Creative Problem Solving.pdf

    [2014.04.07 03:54:13 | 005,195,663 | R--- | M] (Swearware) -- C:\Users\pc\Desktop\ComboFix.exe

    [2014.04.07 00:31:05 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

    [2014.04.06 22:35:08 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\pc\Desktop\mbar-1.07.0.1009.exe

    [2014.04.06 22:23:18 | 003,972,608 | ---- | M] () -- C:\Users\pc\Desktop\RogueKiller.exe

    [2014.04.06 03:54:18 | 000,007,168 | ---- | M] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2014.04.06 02:18:54 | 000,050,078 | ---- | M] () -- C:\Users\pc\Desktop\Videos – Audioslides.htm

    [2014.04.06 00:51:21 | 000,608,968 | ---- | M] () -- C:\Users\pc\Desktop\SignalProcessingofECGSignalsinMatlab.pdf

    [2014.04.05 16:55:51 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2014.04.05 06:56:17 | 000,043,703 | -HS- | M] () -- C:\Users\pc\Desktop\Folder.jpg

    [2014.04.05 06:56:17 | 000,009,134 | -HS- | M] () -- C:\Users\pc\Desktop\AlbumArtSmall.jpg

    [2014.04.04 07:40:25 | 000,309,815 | ---- | M] () -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums.htm

    [2014.04.04 06:36:02 | 000,067,361 | ---- | M] () -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide).htm

    [2014.04.04 05:10:07 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

    [2014.04.04 03:03:58 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif

    [2014.04.03 23:41:27 | 000,000,492 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

    [2014.04.03 21:20:38 | 000,987,448 | ---- | M] () -- C:\Users\pc\Desktop\SecurityCheck.exe

    [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

    [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

    [2014.04.01 04:03:11 | 010,971,424 | ---- | M] (SurfRight B.V.) -- C:\Users\pc\Desktop\HitmanPro_x64.exe

    [2014.04.01 03:38:14 | 000,430,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    [2014.04.01 03:31:00 | 000,050,826 | ---- | M] () -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions).htm

    [2014.04.01 01:28:59 | 000,000,805 | ---- | M] () -- C:\windows\ScanSpyware.INI

    [2014.03.31 23:55:40 | 004,233,347 | ---- | M] (ScanSpyware.Net ) -- C:\Users\pc\Desktop\ScanSpyware_3.9.2.2.exe

    [2014.03.31 21:09:19 | 003,640,880 | ---- | M] () -- C:\Users\pc\Desktop\avg_remover_zbot.exe

    [2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\winstart.bat

    [2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\CONFIG.NT

    [2014.03.30 01:00:41 | 000,000,002 | RHS- | M] () -- C:\windows\SysWow64\AUTOEXEC.NT

    [2014.03.29 14:52:08 | 000,000,912 | ---- | M] () -- C:\Users\pc\Desktop\Ñîêğîâèùà Ìîíòåñóìû 3.lnk

    [2014.03.29 13:00:35 | 000,430,026 | ---- | M] () -- C:\Users\pc\Desktop\3-66.jpg

    [2014.03.29 05:41:06 | 000,002,184 | ---- | M] () -- C:\Users\pc\Desktop\Tales of Lagoona - Orphans of the Ocean.lnk

    [2014.03.29 05:09:40 | 000,002,041 | ---- | M] () -- C:\Users\pc\Desktop\Saving Private Sheep.lnk

    [2014.03.29 04:07:36 | 000,001,906 | ---- | M] () -- C:\Users\pc\Desktop\Mayan Puzzle.lnk

    [2014.03.29 00:55:02 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pc\Desktop\mbam-setup-2.0.0.1000 (1) - Kopya.exe

    [2014.03.28 14:02:22 | 015,320,504 | ---- | M] (Greatis Software, LLC. ) -- C:\Users\pc\Desktop\unhackme_setup.exe

    [2014.03.27 22:01:28 | 000,256,130 | ---- | M] () -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums.htm

    [2014.03.27 01:07:59 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

    [2014.03.26 03:23:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

    [2014.03.19 16:17:47 | 002,451,517 | ---- | M] () -- C:\Users\pc\Desktop\1 mayis A Computer Based Discrimination Method for the Repetitive and Stochastic Defects on Fancy Yarns Based on Stochastic Signal Processing aOnarıldı).pdf

    [2014.03.15 19:25:52 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk


    ========== Files Created - No Company Name ==========


    [2014.04.08 15:22:27 | 001,426,178 | ---- | C] () -- C:\Users\pc\Desktop\adwcleaner (1).exe

    [2014.04.08 00:37:53 | 005,295,612 | ---- | C] () -- C:\Users\pc\Desktop\pisa 2012 Creative Problem Solving.pdf

    [2014.04.06 22:23:47 | 003,972,608 | ---- | C] () -- C:\Users\pc\Desktop\RogueKiller.exe

    [2014.04.06 02:18:53 | 000,050,078 | ---- | C] () -- C:\Users\pc\Desktop\Videos – Audioslides.htm

    [2014.04.06 00:51:21 | 000,608,968 | ---- | C] () -- C:\Users\pc\Desktop\SignalProcessingofECGSignalsinMatlab.pdf

    [2014.04.05 16:55:51 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2014.04.05 06:56:17 | 000,043,703 | -HS- | C] () -- C:\Users\pc\Desktop\Folder.jpg

    [2014.04.05 06:56:17 | 000,009,134 | -HS- | C] () -- C:\Users\pc\Desktop\AlbumArtSmall.jpg

    [2014.04.04 07:40:20 | 000,309,815 | ---- | C] () -- C:\Users\pc\Desktop\Pum HJ Desk and Pol - TechSpot Forums.htm

    [2014.04.04 06:35:54 | 000,067,361 | ---- | C] () -- C:\Users\pc\Desktop\Remove Outdated Browser Detected pop-up virus (Removal Guide).htm

    [2014.04.03 21:20:49 | 000,987,448 | ---- | C] () -- C:\Users\pc\Desktop\SecurityCheck.exe

    [2014.04.01 03:30:55 | 000,050,826 | ---- | C] () -- C:\Users\pc\Desktop\Remove PWS-Zbot virus (Removal Instructions).htm

    [2014.04.01 01:38:24 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif

    [2014.03.31 23:59:09 | 000,000,805 | ---- | C] () -- C:\windows\ScanSpyware.INI

    [2014.03.31 21:09:08 | 003,640,880 | ---- | C] () -- C:\Users\pc\Desktop\avg_remover_zbot.exe

    [2014.03.29 14:52:08 | 000,000,912 | ---- | C] () -- C:\Users\pc\Desktop\Ñîêğîâèùà Ìîíòåñóìû 3.lnk

    [2014.03.29 05:41:06 | 000,002,184 | ---- | C] () -- C:\Users\pc\Desktop\Tales of Lagoona - Orphans of the Ocean.lnk

    [2014.03.29 05:09:40 | 000,002,041 | ---- | C] () -- C:\Users\pc\Desktop\Saving Private Sheep.lnk

    [2014.03.29 04:07:36 | 000,001,906 | ---- | C] () -- C:\Users\pc\Desktop\Mayan Puzzle.lnk

    [2014.03.27 22:01:28 | 000,256,130 | ---- | C] () -- C:\Users\pc\Desktop\Trojan virus.. removed but still need help - TechSpot Forums.htm

    [2014.03.27 06:11:11 | 000,430,026 | ---- | C] () -- C:\Users\pc\Desktop\3-66.jpg

    [2014.03.27 05:13:07 | 000,177,043 | ---- | C] () -- C:\Users\pc\Desktop\111009-165400.jpg

    [2014.03.27 05:12:46 | 000,168,697 | ---- | C] () -- C:\Users\pc\Desktop\111009-165302.jpg

    [2014.03.27 01:07:59 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

    [2014.03.27 01:07:59 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

    [2014.03.26 22:55:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

    [2014.03.26 22:55:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

    [2014.03.26 22:55:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

    [2014.03.26 22:55:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

    [2014.03.26 22:55:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

    [2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\winstart.bat

    [2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\CONFIG.NT

    [2014.03.26 05:33:24 | 000,000,002 | RHS- | C] () -- C:\windows\SysWow64\AUTOEXEC.NT

    [2014.03.26 03:23:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

    [2014.03.19 16:17:47 | 002,451,517 | ---- | C] () -- C:\Users\pc\Desktop\1 mayis A Computer Based Discrimination Method for the Repetitive and Stochastic Defects on Fancy Yarns Based on Stochastic Signal Processing aOnarıldı).pdf

    [2013.12.19 18:44:43 | 000,007,168 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2013.02.08 00:07:38 | 000,011,426 | ---- | C] () -- C:\Users\pc\gsview64.ini

    [2012.09.04 10:19:30 | 000,000,162 | ---- | C] () -- C:\windows\ODBC.INI

    [2012.09.01 03:04:15 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll

    [2012.09.01 03:04:15 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll

    [2012.09.01 03:04:15 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll

    [2012.09.01 03:04:13 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

    [2012.09.01 03:04:11 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

    [2012.08.26 01:29:41 | 000,007,597 | ---- | C] () -- C:\Users\pc\AppData\Local\Resmon.ResmonCfg

    [2012.08.24 13:14:40 | 001,546,540 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

    [2012.05.19 05:11:06 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

    [2012.05.19 04:45:59 | 000,003,226 | ---- | C] () -- C:\windows\HotFixList.ini

    [2012.05.19 04:17:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

    [2012.05.19 04:08:48 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat

    [2012.04.18 01:16:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

    [2012.04.18 01:16:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

    [2012.04.18 01:14:24 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll


    ========== ZeroAccess Check ==========


    [2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


    ========== LOP Check ==========


    [2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit

    [2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

    [2013.12.28 02:14:08 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Audacity

    [2014.03.29 05:25:57 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Boolat Games

    [2013.04.09 06:13:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Boomzap

    [2014.03.29 05:09:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BULKYPIX

    [2013.12.25 03:57:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Cakewalk

    [2013.03.08 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Canon

    [2012.08.28 11:07:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ESET

    [2012.09.15 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FloodLightGames

    [2013.04.08 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Friday's games

    [2013.04.08 03:19:01 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Gogii Games

    [2014.03.29 05:28:36 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\HdO Adventure

    [2013.03.23 09:18:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IObit

    [2014.03.29 05:36:29 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\JQ

    [2012.10.12 22:05:40 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\LogoDizayn

    [2014.03.29 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Mayan Puzzle

    [2012.10.08 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\MedCalc Software

    [2014.03.29 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Meridian93

    [2012.10.30 13:00:00 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\National Instruments

    [2013.04.08 17:11:28 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera

    [2014.03.30 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Picsoft

    [2013.04.07 09:12:03 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\PlayFavoriteGames

    [2013.04.09 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Playrix Entertainment

    [2014.04.01 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\ScanSpyware

    [2012.09.04 09:25:09 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SoftGrid Client

    [2014.03.30 02:21:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TheFlyingDutchman

    [2012.08.24 13:15:42 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TP

    [2013.05.10 14:34:27 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\webex

    [2012.12.19 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Windows Live Writer

    [2013.02.20 13:44:07 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Zbshareware Lab

    ========== Purity Check ==========

    ========== Alternate Data Streams ==========


    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:DEE46C4E

    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2701988C

    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8AED9359

    < End of report >

     
  11. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    IE - HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.255.91.47:4128
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2013.04.01 15:41:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2013.03.23 09:18:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IObit
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:DEE46C4E
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2701988C
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8AED9359
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    [​IMG]
    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.
    See if that solves the issue.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Click on Run now button.
      NOTE. If you're using non-IE browser you'll be asked to download small file (F-SecureOnlineScanner.exe). After downloading double click on the file to run the scan.
    • Click on Start button.
    • Click on "Accept" button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
     
  12. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Hello Broni,
    here are the required logs. Chrome resetting and temp file cleaning have been done successfully. The only one problem was not able to access F-Secure online scanning web page. An error message given below was received when I try to access online scanner page.

    "An error occurred while processing your request.
    Reference #97.1d0ad817.1396997876.1b40890e"

    ---------------------------------------------------------------------------------
    LOGS


    All processes killed
    ========== OTL ==========
    Service esgiguard stopped successfully!
    Service esgiguard deleted successfully!
    File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
    HKU\S-1-5-21-2950337373-4117638349-1153287397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
    C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
    Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
    C:\Users\pc\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Startup Manager folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup\Registry folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\SecurityHoles folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner\backup\Registry folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner\backup folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Registrycleaner folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Users\pc\AppData\Roaming\IObit folder moved successfully.
    ADS C:\ProgramData\Temp:DEE46C4E deleted successfully.
    ADS C:\ProgramData\Temp:2701988C deleted successfully.
    ADS C:\ProgramData\Temp:8AED9359 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: pc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 119908163 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 288410019 bytes
    ->Flash cache emptied: 1669 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 389,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: pc
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: pc
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04092014_012916

    Files\Folders moved on Reboot...
    C:\Users\pc\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    ----------------------------------------------------------------

    Results of screen317's Security Check version 0.99.81
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    ESET NOD32 Antivirus 7.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Java 7 Update 51
    Adobe Flash Player 12.0.0.77
    Adobe Reader 10.1.9 Adobe Reader out of Date!
    Google Chrome 33.0.1750.146
    Google Chrome 33.0.1750.154
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````

    ---------------------------------------------------------------------------

    Farbar Service Scanner Version: 25-02-2014

    Ran by pc (administrator) on 09-04-2014 at 01:45:20
    Running from "C:\Users\pc\Desktop"
    Microsoft Windows 7 Home Basic Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  13. Ian Sule

    Ian Sule TS Rookie Topic Starter

    I am sorry that I have forgotten reboot. When I restarted pc F-secure page was accessible. F-secure says: nothing harmful detected.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    =========================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  15. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Thank you very much Broni, I was very pleased to know you:)(y)
    I have applied all the last given instructions (delfix, update control, malware byte scan, TFC, PSI etc) to get a just clear and robust system. After all, PC was working well. But, I do not know how it happened, fake flash player may be out of date warnings appeared again nearly every web page! I am at shock!:( In my opinion it is a DNS hack which is affecting people increasingly due to the safety vulnerability of net provider or some DSL models. :(
    I would like to thank you for your interest. :)
     
    Last edited: Apr 9, 2014
  16. Ian Sule

    Ian Sule TS Rookie Topic Starter

    I would like to express a concern. When my friend used her laptop in an outer net source, she said that she was not encountered any problem about fake flash player updating warnings or block to access web pages. Is this evidence reinforces the thesis that the DNS or router hacked? It is quite interesting that the problem affects increasing number of people suddenly.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    It happens in what browser?
     
  18. Ian Sule

    Ian Sule TS Rookie Topic Starter

    It happens in Chrome browser. IExplorer is not working. Additionally our ipad and smart TV showed same flash player may be out of date and SSL fault messages. We cannot enter google, facebook, and youtube by using both ipad and TV. Considering that blockings may occur due to DNS hack, I checked out of my DSL (TP-LINK) modem adjustment to configure DNS for blocking of entering its adjustments. But administrative password of DSL had been changed by someone else. I didn't prefer to reset my DSL to set from the beginning by returning it to factory settings. Because I was not sure if I was able to configure net settings. I have changed TCP/IPv4 settings. Preferred DNS was adjusted as 8.8.8.8 (not automatic), and alternate DNS was adjusted as 8.8.4.4. These settings seem to be a good option. I wonder if I have done right.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Are the browsers OK after your changes?
     
  20. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Yes, Chrome is OK but IExplorer is still not working. I noticed an issue with OTL kill process. I hope access of a legal institutional proxy (193.25...) has not been blocked by OTL. I appreciate for your concern Broni. After deletion of spy.zbot trojan my laptop looks fine :D
     
  21. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Reset Internet Explorer.
    Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
    You can use ANY browser to download "FixIt" file.
    Make sure you follow ALL steps listed there.
     
  22. Ian Sule

    Ian Sule TS Rookie Topic Starter

    Everythig is OK. Many many thanks. (y) :D
     
  23. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.