Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infected or not


  • This topic is locked This topic is locked
23 replies to this topic

#1 natureturkiye

natureturkiye

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 25 November 2012 - 12:48 PM

I have no appearent problem with my XP home premium Pc but yesterday I decided to run system internals rootkit revealer. It fond some suspicious items. Then I run GMER rootkit scan it has also found some problems some of which is same as that of systeminternals' one.

Later, I downloaded and updated the Malwarebytes antirootkit, it started to scannig and just at the beginning gave a message that" AppInit_Dlls" found in registry , " it could be the sign of rootkit activity. Pres "yes" to delete it or "no" if you are not sure about ". I pressed "no" and it did a very long scan but couldnot find anything , giving a message there is no rootkit etc.

I also download and run DDS and attached the DDS.txt report accordingly. Now I am not sure how to proceede further. I do not know whether there is an infection or not. Please kindly comment and advise. I could also send the gmer scan log if it is helpfull.

Regards

Attached Files

  • Attached File  dds.txt   19.27KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 25 November 2012 - 02:35 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 26 November 2012 - 08:03 AM

Hi Gringo,
Thanks for your prompt reply. As for the information requested I say;
1- My pc's is working normally. The only thin could be that just after running all these rootkit revealing software, it seems that it takes a little longer time to get the Windows login screen after PC started. It takes around 130 seconds to reach the login screen. After the login screen there is too much HD activity and CPU usage. When I check from the task manager , most of the time is taken by Microsoft MSE. A few minutes later everything goes normall and CPu usage 1% and little HD activity.
My PC knowledge is said to be good, well above the average user.

I run the three programs you shown in order. I attach the reports within the message. A few word about "rogukiller" , it triggers my Comodo firewall defense feature and says "it is a known malicious program" . Anyway I run it and have it scanned. Then hit the delete key when the bottom "registry" tab is selected. But I couldnot be sure that I should select other tabs like "host", "MBR" etc and hit delete key if anything is found within these tab area. On the other hand it had found some entry in MBR tab , but I was a little anxious hitting the delete key when the MBR tab is selected. So I didnot hit the delete key. So , pls advise. I am not sure how it happened but I have 2 roguekiller report just a minute differences. I think I hit report key again just before closing the programm.

Today I have taken a cold bacup of PC , and seperateley a MBR backup.So pls find the reports below.

Security check report:
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
COMODO Internet Security
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
CCleaner
Auslogics Registry Cleaner
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Mozilla Firefox (17.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

----------------------------------------------------------------------------

Adware cleaner report :

# AdwCleaner v2.009 - Bu rapor 25/11/2012 tarihinde 23:15:10'te olusturuldu
# Son gŘncelleme 24/11/2012 tarihinde, Xplode tarafindan
# Isletim sistemi : Microsoft Windows XP Service Pack 3 (32 bits)
# Kullanici : SAHIP - EVPC-2EB1B7B256
# Mod : Normal
# Dosya konumu : C:\Documents and Settings\SAHIP\Desktop\adwcleaner.exe
# Sešenek [Sil]


***** [Servisler] *****


***** [Dosyalar / Klas÷rler] *****

Dosya Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\searchplugins\Askcom.xml
Dosya Silindi : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\Conduit
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\ConduitCommon
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\CT1060933
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b}
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\toolbar@ask.com
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\searchresults1
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\PriceGong
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Application Data\searchresults1
Klas÷r Silindi : C:\Documents and Settings\SAHIP\Local Settings\Application Data\AskToolbar
Klas÷r Silindi : C:\Program Files\Ask.com
Klas÷r Silindi : C:\Program Files\searchresults1
Klas÷r Silindi : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

De?er Silindi : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Registry Key'i Silindi : HKCU\Software\APN
Registry Key'i Silindi : HKCU\Software\APN DTX
Registry Key'i Silindi : HKCU\Software\Ask&Record
Registry Key'i Silindi : HKCU\Software\Ask.com
Registry Key'i Silindi : HKCU\Software\AskToolbar
Registry Key'i Silindi : HKCU\Software\Conduit
Registry Key'i Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Registry Key'i Silindi : HKCU\Software\PriceGong
Registry Key'i Silindi : HKCU\Software\searchresults1
Registry Key'i Silindi : HKCU\Software\Softonic
Registry Key'i Silindi : HKLM\Software\APN
Registry Key'i Silindi : HKLM\Software\AskToolbar
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Registry Key'i Silindi : HKLM\Software\Conduit
Registry Key'i Silindi : HKLM\Software\Default Tab
Registry Key'i Silindi : HKLM\Software\Freeze.com
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresults1
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1

***** [Browser'lar] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry temiz.

-\\ Mozilla Firefox v17.0 (tr)

Profil Ady : default
Dosya : C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\prefs.js

Silindi : user_pref("CT1060933..clientLogIsEnabled", true);
Silindi : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Silindi : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Silindi : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Silindi : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Silindi : user_pref("CT1060933.AppTrackingLastCheckTime", "Thu Nov 01 2012 18:03:59 GMT+0200 (GTB Standart Saa[...]
Silindi : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Silindi : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Silindi : user_pref("CT1060933.CTID", "CT1060933");
Silindi : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Nov 21 2012 10:11:49 GMT+0200 (GTB Stand[...]
Silindi : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Silindi : user_pref("CT1060933.CommunityChanged", true);
Silindi : user_pref("CT1060933.CurrentServerDate", "23-11-2012");
Silindi : user_pref("CT1060933.DialogsAlignMode", "LTR");
Silindi : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Standart S[...]
Silindi : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Silindi : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Nov 19 2012 14:48:36 GMT+0200 (GTB Stan[...]
Silindi : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Silindi : user_pref("CT1060933.DownloadReferralCookieData", "");
Silindi : user_pref("CT1060933.FirstServerDate", "26-11-2010");
Silindi : user_pref("CT1060933.FirstTime", true);
Silindi : user_pref("CT1060933.FirstTimeFF3", true);
Silindi : user_pref("CT1060933.FirstTimeSettingsDone", true);
Silindi : user_pref("CT1060933.FixPageNotFoundErrors", false);
Silindi : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Silindi : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Silindi : user_pref("CT1060933.HasUserGlobalKeys", true);
Silindi : user_pref("CT1060933.HomePageProtectorEnabled", false);
Silindi : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.ask.com/?l=dis&o=102876&gct=hp");
Silindi : user_pref("CT1060933.Initialize", true);
Silindi : user_pref("CT1060933.InitializeCommonPrefs", true);
Silindi : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Silindi : user_pref("CT1060933.InstalledDate", "Fri Nov 26 2010 19:34:58 GMT+0200 (GTB Standart Saati)");
Silindi : user_pref("CT1060933.InvalidateCache", false);
Silindi : user_pref("CT1060933.IsAlertDBUpdated", true);
Silindi : user_pref("CT1060933.IsGrouping", false);
Silindi : user_pref("CT1060933.IsMulticommunity", true);
Silindi : user_pref("CT1060933.IsOpenThankYouPage", true);
Silindi : user_pref("CT1060933.IsOpenUninstallPage", true);
Silindi : user_pref("CT1060933.LanguagePackLastCheckTime", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Standart Sa[...]
Silindi : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Silindi : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Silindi : user_pref("CT1060933.LastLogin_2.7.2.0", "Mon Mar 28 2011 18:03:30 GMT+0300 (GTB Yaz Saati)");
Silindi : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu Jun 28 2012 14:29:32 GMT+0300 (GTB Yaz Saati)");
Silindi : user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Sep 03 2012 15:56:33 GMT+0300 (GTB Yaz Saati)");
Silindi : user_pref("CT1060933.LastLogin_3.15.1.0", "Mon Nov 19 2012 14:48:38 GMT+0200 (GTB Standart Saati)");
Silindi : user_pref("CT1060933.LastLogin_3.16.0.3", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Standart Saati)");
Silindi : user_pref("CT1060933.LastLogin_3.3.3.2", "Wed Apr 27 2011 16:24:46 GMT+0300 (GTB Yaz Saati)");
Silindi : user_pref("CT1060933.LatestVersion", "3.16.0.3");
Silindi : user_pref("CT1060933.Locale", "en-us");
Silindi : user_pref("CT1060933.LoginCache", 4);
Silindi : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Silindi : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Silindi : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Silindi : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Silindi : user_pref("CT1060933.RadioIsPodcast", false);
Silindi : user_pref("CT1060933.RadioLastCheckTime", "Wed Nov 21 2012 10:11:50 GMT+0200 (GTB Standart Saati)");
Silindi : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Silindi : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Silindi : user_pref("CT1060933.RadioMediaID", "21504191");
Silindi : user_pref("CT1060933.RadioMediaType", "Media Player");
Silindi : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Silindi : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Silindi : user_pref("CT1060933.RadioStationName", "KFOG");
Silindi : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Silindi : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Silindi : user_pref("CT1060933.SearchEngineBeforeUnload", "Ask.com");
Silindi : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Silindi : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Silindi : user_pref("CT1060933.SearchInNewTabEnabled", true);
Silindi : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Silindi : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Standart [...]
Silindi : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Silindi : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Silindi : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Silindi : user_pref("CT1060933.SearchProtectorEnabled", false);
Silindi : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Silindi : user_pref("CT1060933.ServiceMapLastCheckTime", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Standart Saat[...]
Silindi : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Silindi : user_pref("CT1060933.SettingsLastCheckTime", "Fri Nov 23 2012 12:09:27 GMT+0200 (GTB Standart Saati)[...]
Silindi : user_pref("CT1060933.SettingsLastUpdate", "1352142245");
Silindi : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Silindi : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Thu Nov 01 2012 18:03:45 GMT+0200 (GTB Standar[...]
Silindi : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Silindi : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Silindi : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Silindi : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Silindi : user_pref("CT1060933.UserID", "UN63356377350886414");
Silindi : user_pref("CT1060933.ValidationData_Toolbar", 2);
Silindi : user_pref("CT1060933.alertChannelId", "15651");
Silindi : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Silindi : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6F70726C737373");
Silindi : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737275767872797979242F4B4947[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf'ad", "247E61393F236B257575747A2A212C6E414F[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Silindi : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Silindi : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6B6771416A706E737A75767672204A7D7C7725227D207D2A21[...]
Silindi : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Silindi : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Silindi : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Silindi : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C7070737376776F797377");
Silindi : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Silindi : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Silindi : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E6D696C707042437A78707778767B78784D222320");
Silindi : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6F70726C73746F777A77");
Silindi : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Silindi : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Silindi : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Silindi : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975742A797572797C757B7B");
Silindi : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Silindi : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Silindi : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Silindi : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Silindi : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Silindi : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Silindi : user_pref("CT1060933.backendstorage.cb_experience_000", "32");
Silindi : user_pref("CT1060933.backendstorage.cb_user_id_000", "434235333238333232333635345F46697265666F78");
Silindi : user_pref("CT1060933.backendstorage.cbcountry_001", "5452");
Silindi : user_pref("CT1060933.backendstorage.cbfirsttime", "546875204A756E20323820323031322031343A34313A34312[...]
Silindi : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Silindi : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Silindi : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "547565204A756C20303320323031322031343A[...]
Silindi : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "7475726B6579");
Silindi : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2E7[...]
Silindi : user_pref("CT1060933.clientLogIsEnabled", false);
Silindi : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Silindi : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Silindi : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Nov 19 2012 14:48:38 GMT+0200 (GTB Stan[...]
Silindi : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Silindi : user_pref("CT1060933.initDone", true);
Silindi : user_pref("CT1060933.isAppTrackingManagerOn", false);
Silindi : user_pref("CT1060933.isFirstRadioInstallation", false);
Silindi : user_pref("CT1060933.myStuffEnabled", true);
Silindi : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Silindi : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Silindi : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Silindi : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Silindi : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Silindi : user_pref("CT1060933.revertSettingsEnabled", true);
Silindi : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Silindi : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Silindi : user_pref("CT1060933.testingCtid", "");
Silindi : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Fri Nov 23 2012 12:09:28 GMT+0200 (GTB Stand[...]
Silindi : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon Nov 19 2012 14:48:38 GMT+0200 (GTB Stand[...]
Silindi : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Silindi : user_pref("CT1060933.usagesFlag", 2);
Silindi : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/TR", "\"0\"");
Silindi : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/TR", "\"0\"")[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Silindi : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Silindi : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Silindi : user_pref("CommunityToolbar.EngineOwner", "");
Silindi : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Silindi : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Silindi : user_pref("CommunityToolbar.IsEngineShown", false);
Silindi : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Silindi : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\SAHIP\\Application[...]
Silindi : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Silindi : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Silindi : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Silindi : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Silindi : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Silindi : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee[...]
Silindi : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Silindi : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Silindi : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 28 2011 20:42:48 GMT+03[...]
Silindi : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Silindi : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 16 2011 18:56:19 GMT+0300 (GTB Y[...]
Silindi : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Silindi : user_pref("CommunityToolbar.alert.locale", "en");
Silindi : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Silindi : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 03 2011 14:17:50 GMT+0300 (GTB Yaz S[...]
Silindi : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Silindi : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Silindi : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Silindi : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Silindi : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Silindi : user_pref("CommunityToolbar.alert.userId", "{fff296cc-41c2-4707-afa9-b2c334107cf3}");
Silindi : user_pref("CommunityToolbar.globalUserId", "8ea32659-1e8d-4809-ad93-3d20f9941125");
Silindi : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Silindi : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Silindi : user_pref("CommunityToolbar.killedEngine", true);
Silindi : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Nov 19 2012 14:48:5[...]
Silindi : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Silindi : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 21 2012 10:11:59 GMT+020[...]
Silindi : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Silindi : user_pref("CommunityToolbar.notifications.locale", "en");
Silindi : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Silindi : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 21 2012 10:11:51 GMT+0200 (G[...]
Silindi : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Silindi : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Silindi : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Silindi : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Silindi : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Silindi : user_pref("CommunityToolbar.notifications.userId", "85ef726d-51b6-4114-83bd-290e543370a9");
Silindi : user_pref("CommunityToolbar.undefined", "");
Silindi : user_pref("browser.search.defaultengine", "Ask.com");
Silindi : user_pref("browser.search.defaultenginename", "Ask.com");
Silindi : user_pref("browser.search.order.1", "Ask.com");
Silindi : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=102876&gct=hp");
Silindi : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Silindi : user_pref("extensions.asktb.abar-war-timeout", "4000");
Silindi : user_pref("extensions.asktb.apn_dbr", "ie_8.0.6001.18702");
Silindi : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Silindi : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Silindi : user_pref("extensions.asktb.cbid", "6G");
Silindi : user_pref("extensions.asktb.config-updated", true);
Silindi : user_pref("extensions.asktb.crumb", "2011.10.14+09.59.44-toolbar011iad-TR-SXN0YW5idWwsVHVya2V5");
Silindi : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Silindi : user_pref("extensions.asktb.displaybehavior", "");
Silindi : user_pref("extensions.asktb.displaytext", "");
Silindi : user_pref("extensions.asktb.dtid", "YYYYYYYYTR");
Silindi : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Silindi : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "TUXX0014");
Silindi : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Silindi : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?fr=mcafee&p=")[...]
Silindi : user_pref("extensions.asktb.first-launch-url", "file:///C:/Program%20Files/SuperHideIP/ffextension.x[...]
Silindi : user_pref("extensions.asktb.fresh-install", false);
Silindi : user_pref("extensions.asktb.guid", "64976881-42c2-4404-abd8-4a38dc0f059f");
Silindi : user_pref("extensions.asktb.hpr", "YES");
Silindi : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Silindi : user_pref("extensions.asktb.if", "first");
Silindi : user_pref("extensions.asktb.l", "dis");
Silindi : user_pref("extensions.asktb.last-config-req", "1321094407934");
Silindi : user_pref("extensions.asktb.locale", "en_US");
Silindi : user_pref("extensions.asktb.location", "Istanbul,Turkey");
Silindi : user_pref("extensions.asktb.lstation", "");
Silindi : user_pref("extensions.asktb.new-tab-enabled", true);
Silindi : user_pref("extensions.asktb.o", "102876");
Silindi : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Silindi : user_pref("extensions.asktb.pstate", "");
Silindi : user_pref("extensions.asktb.qsrc", "2871");
Silindi : user_pref("extensions.asktb.r", "3");
Silindi : user_pref("extensions.asktb.sa", "YES");
Silindi : user_pref("extensions.asktb.saguid", "DC2382E2-35DE-4047-8AEC-D2F1303540AB");
Silindi : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Silindi : user_pref("extensions.asktb.search-suggestions-enabled", true);
Silindi : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Silindi : user_pref("extensions.asktb.socialmini-first", true);
Silindi : user_pref("extensions.asktb.socialmini-interval", "1200000");
Silindi : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Silindi : user_pref("extensions.asktb.socialmini-max-items", "30");
Silindi : user_pref("extensions.asktb.socialmini-native-on", true);
Silindi : user_pref("extensions.asktb.socialmini-speed", "10000");
Silindi : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Silindi : user_pref("extensions.asktb.themeid", "");
Silindi : user_pref("extensions.asktb.timeinstalled", "14.10.2011 20:01:42");
Silindi : user_pref("extensions.asktb.to", "");
Silindi : user_pref("extensions.asktb.v", "3.13.1.100008");
Silindi : user_pref("extensions.asktb.version", "5.13.1.18107");
Silindi : user_pref("extensions.asktb.volume", "");

*************************

AdwCleaner[S1].txt - [33326 octets] - [25/11/2012 23:15:10]

########## EOF - C:\AdwCleaner[S1].txt - [33387 octets] ##########
-----------------------------------------------------------------------------

Roguekiller report 1:

 úóRogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : SAHIP [Admin rights]
Mode : Scan -- Date : 11/26/2012 13:00:35

˘╩˘╩˘╩ Bad processes : 0 ˘╩˘╩˘╩

˘╩˘╩˘╩ Registry Entries : 4 ˘╩˘╩˘╩
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

˘╩˘╩˘╩ Particular Files / Folders: ˘╩˘╩˘╩

˘╩˘╩˘╩ Driver : [NOT LOADED] ˘╩˘╩˘╩

˘╩˘╩˘╩ HOSTS File: ˘╩˘╩˘╩
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


˘╩˘╩˘╩ MBR Check: ˘╩˘╩˘╩

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 91e3f2a7d85a51b3afe8a8670557a10c
[BSP] 641cd685592f61c91bd5f4b9909ea4dc : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 39472 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11262012_02d1300.txt >>
RKreport[1]_S_11262012_02d1300.txt

-----------------------------------------

Rogue killer reort2

 úóRogueKiller V8.3.1 [Nov 25 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : SAHIP [Admin rights]
Mode : Remove -- Date : 11/26/2012 13:01:53

˘╩˘╩˘╩ Bad processes : 0 ˘╩˘╩˘╩

˘╩˘╩˘╩ Registry Entries : 4 ˘╩˘╩˘╩
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> ERROR [0x1]
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ERROR [0x1]
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> ERROR [0x5]
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

˘╩˘╩˘╩ Particular Files / Folders: ˘╩˘╩˘╩

˘╩˘╩˘╩ Driver : [NOT LOADED] ˘╩˘╩˘╩

˘╩˘╩˘╩ HOSTS File: ˘╩˘╩˘╩
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


˘╩˘╩˘╩ MBR Check: ˘╩˘╩˘╩

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 91e3f2a7d85a51b3afe8a8670557a10c
[BSP] 641cd685592f61c91bd5f4b9909ea4dc : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 39472 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11262012_02d1301.txt >>
RKreport[1]_S_11262012_02d1300.txt ; RKreport[2]_D_11262012_02d1301.txt

----------------------------------

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 26 November 2012 - 04:28 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 27 November 2012 - 11:54 AM

Hi Gringo,
I applied the instructions almost but the result is bad. Let me explain in order.
First I created a new restore point.then
I turned off Microsoft security essentials , comodo firewall and antilogger from msconfig and then rebooted. Then I checked from task manager and confirmed that none of them is working. I also checked that there is internet connection just before running Combofix. Later I run combofix.

It stareted and later asked to confirm recovery console installation, I hit yes but it said there is no internet connection! I hit continue on my risk ( without installaing recovery console)and it started scanning. It give warning that MSE is running! ( I had checked it was not running) and stated that " turn it off or continue at your risk". I continue , it started scanning and after more than 50 steps or so (I was not there at the time of reboot), it restarted and come to windows login screen . I had not disabled the password protection before so I entered password. It continued and then Combo window appeared again , later it stated " this window will cloe and log window will pop up". Ok , combo window closed and log.txt window has opened , showing some files deleted. Anyway, I closed the log window , and want to run IE but it didnot run , firefox is same. Later I checked that all my program files entries are absent, and none of the quick start icons do not work. I did not hit any mose keys but only move the mouse a little for preventing display turn off to st-by.

I restarted , it comes to that blue login screen but there is no user account , and naturely password window. There is only small known windows logo in middle of screen and PC does not respond any more , stuck there.

I rebooted , hit the F8 key and selected " last known best operating configuration" , bu it lasted the same screen as above. Later I rebooted and F8 again but selected safe mode. It installed files but unfortunately it did not work , no windows menu desktop is appeared.

I had original XP SP2 rescue CD( this PC is OEM) , I put it started again , then selected recovery console option but it did not work. There was onether option of "install operating system" but I did not tried it because I am not sure whether it will give me some more option to previous restore points or will just start to install XP SP2.

I have some rescue CDs ,like hiren boot CD 15. I opened the PC with it and I could see the system partitions , program files directory. All programs still seem there. ı can also connect to internet with Hiren bootCD.

I know that Combofix had backed up registries bofore modifyin the PC. These backup files are also seen. On the other hand I had taken the backup of registry with erunt last nigth .

So, I have all the backups of registry , and at the worst case system backup, taken yesterday. So pls comment and how should I proceed further.
-XP SP2 rescue Cd installation option if it detects the installed system and gives restore point option.
- Restore of registry from combofix , or Erunt backup
- System restore from external drive.

rgds

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 27 November 2012 - 08:45 PM

Hello

XP SP2 rescue Cd installation option if it detects the installed system and gives restore point option. - if it gives a system restore option lets try that - I do not want to reinstall windows



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 November 2012 - 09:58 AM

XP SP2 CD did not give any restore point option. I selected the only option of install. It started and furtunately found previously installed system. I selected it and used the repair option then. It worked but naturely installed the SP2. When finished , I checked that all my lately installed programs seen. I tried some of them , they are operational. But windos is seen SP2. It reguieres many update etc..
So restored my pc from cold backup taken 2 days ago. So , it is at the state of just running combofix again.

It would be better to install the recovery console first and the try any problem solving options.

Is it possible to run any rootkit reveal programs offline , if they hide them from operating system?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 28 November 2012 - 09:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 November 2012 - 05:28 AM

Hello,

TDS killer did not find anything harmfull, report is below

11:23:34.0484 0924 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:23:36.0484 0924 ============================================================
11:23:36.0484 0924 Current date / time: 2012/11/29 11:23:36.0484
11:23:36.0484 0924 SystemInfo:
11:23:36.0484 0924
11:23:36.0484 0924 OS Version: 5.1.2600 ServicePack: 3.0
11:23:36.0484 0924 Product type: Workstation
11:23:36.0484 0924 ComputerName: EVPC-2EB1B7B256
11:23:36.0484 0924 UserName: SAHIP
11:23:36.0484 0924 Windows directory: C:\WINDOWS
11:23:36.0484 0924 System windows directory: C:\WINDOWS
11:23:36.0484 0924 Processor architecture: Intel x86
11:23:36.0484 0924 Number of processors: 2
11:23:36.0484 0924 Page size: 0x1000
11:23:36.0484 0924 Boot type: Normal boot
11:23:36.0484 0924 ============================================================
11:23:39.0375 0924 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:23:39.0406 0924 ============================================================
11:23:39.0406 0924 \Device\Harddisk0\DR0:
11:23:39.0406 0924 MBR partitions:
11:23:39.0406 0924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA
11:23:39.0437 0924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927B658, BlocksNum 0x4D08665
11:23:39.0453 0924 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x4, StartLBA 0xDF83CFC, BlocksNum 0xFAC5
11:23:39.0453 0924 ============================================================
11:23:39.0515 0924 C: <-> \Device\Harddisk0\DR0\Partition1
11:23:39.0578 0924 D: <-> \Device\Harddisk0\DR0\Partition2
11:23:39.0609 0924 L: <-> \Device\Harddisk0\DR0\Partition3
11:23:39.0609 0924 ============================================================
11:23:39.0609 0924 Initialize success
11:23:39.0609 0924 ============================================================
11:23:52.0062 2796 ============================================================
11:23:52.0062 2796 Scan started
11:23:52.0062 2796 Mode: Manual;
11:23:52.0062 2796 ============================================================
11:23:53.0281 2796 ================ Scan system memory ========================
11:23:53.0281 2796 System memory - ok
11:23:53.0281 2796 ================ Scan services =============================
11:23:53.0484 2796 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:23:53.0531 2796 !SASCORE - ok
11:23:53.0937 2796 Abiosdsk - ok
11:23:53.0953 2796 abp480n5 - ok
11:23:54.0093 2796 [ BB0CF9772AAE5C5F9C8EFA6ABCB46CE7 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:23:54.0156 2796 ACPI - ok
11:23:54.0203 2796 [ 5D82ECC8B8F9F230DC88F7A68781B306 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:23:54.0203 2796 ACPIEC - ok
11:23:54.0546 2796 [ 49B83FE580B448314F83085E0A19E705 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:23:54.0843 2796 AcrSch2Svc - ok
11:23:55.0015 2796 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:55.0093 2796 AdobeFlashPlayerUpdateSvc - ok
11:23:55.0125 2796 adpu160m - ok
11:23:55.0250 2796 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:23:55.0296 2796 aec - ok
11:23:55.0421 2796 [ DF139E5866C19E0B3217EF210198D875 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
11:23:55.0500 2796 afcdp - ok
11:23:56.0750 2796 [ 30346435058C56903C9F07BC7CABC9EA ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
11:23:57.0984 2796 afcdpsrv - ok
11:23:58.0093 2796 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:23:58.0140 2796 AFD - ok
11:23:58.0156 2796 Aha154x - ok
11:23:58.0187 2796 aic78u2 - ok
11:23:58.0218 2796 aic78xx - ok
11:23:58.0281 2796 [ D0E6300E552368337AE47A78283EFA17 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:23:58.0296 2796 Alerter - ok
11:23:58.0328 2796 [ D5E9ED7E9023E83058FD01945C289269 ] ALG C:\WINDOWS\System32\alg.exe
11:23:58.0359 2796 ALG - ok
11:23:58.0375 2796 AliIde - ok
11:23:58.0406 2796 amsint - ok
11:23:58.0515 2796 [ 63FAF607A6CC20C525DB06DDDF73850E ] AntiLog32 C:\WINDOWS\system32\drivers\AntiLog32.sys
11:23:58.0546 2796 AntiLog32 - ok
11:23:58.0562 2796 AppMgmt - ok
11:23:58.0593 2796 asc - ok
11:23:58.0625 2796 asc3350p - ok
11:23:58.0671 2796 asc3550 - ok
11:23:58.0734 2796 [ 226E1900AEE89EB31CBB84244BFA639D ] asdlog C:\WINDOWS\system32\DRIVERS\asdlog.sys
11:23:58.0781 2796 asdlog - ok
11:23:58.0937 2796 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:23:58.0968 2796 aspnet_state - ok
11:23:59.0187 2796 aswArKrn - ok
11:23:59.0250 2796 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:23:59.0250 2796 AsyncMac - ok
11:23:59.0328 2796 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:23:59.0328 2796 atapi - ok
11:23:59.0343 2796 Atdisk - ok
11:23:59.0421 2796 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:23:59.0437 2796 Atmarpc - ok
11:23:59.0500 2796 [ 95E8ECDE1014E41C2962C9311A53B433 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:23:59.0515 2796 AudioSrv - ok
11:23:59.0578 2796 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:23:59.0578 2796 audstub - ok
11:23:59.0640 2796 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:23:59.0656 2796 Beep - ok
11:23:59.0828 2796 [ 175E298E7A00CEA36B24357CE5CAC97A ] BITS C:\WINDOWS\system32\qmgr.dll
11:24:00.0000 2796 BITS - ok
11:24:00.0093 2796 [ CC6B2E8D8CBA5B815CAA5F0A0649BC36 ] Browser C:\WINDOWS\System32\browser.dll
11:24:00.0125 2796 Browser - ok
11:24:00.0187 2796 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:24:00.0187 2796 cbidf2k - ok
11:24:00.0203 2796 cd20xrnt - ok
11:24:00.0265 2796 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:24:00.0265 2796 Cdaudio - ok
11:24:00.0359 2796 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:24:00.0375 2796 Cdfs - ok
11:24:00.0437 2796 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:24:00.0453 2796 Cdrom - ok
11:24:00.0468 2796 Changer - ok
11:24:00.0531 2796 [ 3A0CEF7EF1F760D9B14DDC64F3ADC674 ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:24:00.0531 2796 CiSvc - ok
11:24:00.0578 2796 [ 32E967728A2FBB1CA8F8B81C8E14AE02 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:24:00.0593 2796 ClipSrv - ok
11:24:00.0656 2796 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:00.0734 2796 clr_optimization_v2.0.50727_32 - ok
11:24:00.0890 2796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:00.0937 2796 clr_optimization_v4.0.30319_32 - ok
11:24:01.0656 2796 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:24:02.0312 2796 cmdAgent - ok
11:24:02.0531 2796 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
11:24:02.0671 2796 cmdGuard - ok
11:24:02.0718 2796 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
11:24:02.0828 2796 cmdHlp - ok
11:24:02.0859 2796 CmdIde - ok
11:24:02.0890 2796 COMSysApp - ok
11:24:02.0953 2796 Cpqarray - ok
11:24:03.0031 2796 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
11:24:03.0109 2796 cpudrv - ok
11:24:03.0187 2796 [ F23F008A3FC0231F238F932E96781860 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:24:03.0218 2796 CryptSvc - ok
11:24:03.0234 2796 dac2w2k - ok
11:24:03.0265 2796 dac960nt - ok
11:24:03.0468 2796 [ 49CA71B047C7E3D84D7004B96A93AB28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:24:03.0625 2796 DcomLaunch - ok
11:24:03.0703 2796 [ E2232C5F049655931B9291BF2D9ED934 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:24:03.0750 2796 Dhcp - ok
11:24:03.0812 2796 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:24:03.0828 2796 Disk - ok
11:24:03.0859 2796 dmadmin - ok
11:24:04.0156 2796 [ 75C73E044AC4B29B943153AADB0D7401 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:24:04.0421 2796 dmboot - ok
11:24:04.0500 2796 [ 66BF7BA8C0734C0DAB744833EC40F34D ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:24:04.0546 2796 dmio - ok
11:24:04.0593 2796 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:24:04.0609 2796 dmload - ok
11:24:04.0656 2796 [ 7785D95AE8ACA7619B838AC296D94FEA ] dmserver C:\WINDOWS\System32\dmserver.dll
11:24:04.0671 2796 dmserver - ok
11:24:04.0718 2796 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:24:04.0734 2796 DMusic - ok
11:24:04.0796 2796 [ E4F691837443858EF4CDB7B1305AA9B1 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:24:04.0828 2796 Dnscache - ok
11:24:04.0937 2796 [ 1D71549003DDC7E2088184013052718E ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:24:04.0984 2796 Dot3svc - ok
11:24:05.0000 2796 dpti2o - ok
11:24:05.0062 2796 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:24:05.0078 2796 drmkaud - ok
11:24:05.0125 2796 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
11:24:05.0140 2796 DrvAgent32 - ok
11:24:05.0265 2796 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
11:24:05.0343 2796 dtsoftbus01 - ok
11:24:05.0421 2796 [ B94E2A6BD22C5531675D3420F3554FD2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:24:05.0437 2796 EapHost - ok
11:24:05.0484 2796 [ F793F397C6214A74BA5EEF98F5E9510C ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:24:05.0500 2796 ERSvc - ok
11:24:05.0593 2796 [ 782EE83D0F77F497ECF0A07DA1C3589F ] Eventlog C:\WINDOWS\system32\services.exe
11:24:05.0640 2796 Eventlog - ok
11:24:05.0781 2796 [ 49EC8FCE84F0D35D99F405FDD7A69CEF ] EventSystem C:\WINDOWS\system32\es.dll
11:24:05.0875 2796 EventSystem - ok
11:24:05.0953 2796 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:24:06.0000 2796 Fastfat - ok
11:24:06.0093 2796 [ 8E189F5394F9FD792EF0751A9EF4BEA3 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:24:06.0187 2796 FastUserSwitchingCompatibility - ok
11:24:06.0312 2796 [ 3905A1B72B21F7F7E7ACF7363F65B147 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:24:06.0406 2796 Fax - ok
11:24:06.0453 2796 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:24:06.0468 2796 Fdc - ok
11:24:06.0546 2796 [ E7072827D0B5F9BD99D6961571A38973 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
11:24:06.0562 2796 FET5X86V - ok
11:24:06.0625 2796 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
11:24:06.0625 2796 FETNDIS - ok
11:24:06.0703 2796 [ F0003EC4C35590AB6B6EAF8DC10A93BA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:24:06.0718 2796 Fips - ok
11:24:06.0734 2796 flash - ok
11:24:06.0781 2796 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:24:06.0796 2796 Flpydisk - ok
11:24:06.0875 2796 [ 29DB1CE676C44B5826BF34FEF7F7259A ] FLService C:\WINDOWS\system32\WinFLService.exe
11:24:06.0984 2796 FLService - ok
11:24:07.0078 2796 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:24:07.0125 2796 FltMgr - ok
11:24:07.0218 2796 [ E20D64EDF74D80874837B16506D58166 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
11:24:07.0250 2796 fltsrv - ok
11:24:07.0328 2796 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:24:07.0343 2796 FontCache3.0.0.0 - ok
11:24:07.0406 2796 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:24:07.0406 2796 Fs_Rec - ok
11:24:07.0484 2796 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
11:24:07.0500 2796 FTDIBUS - ok
11:24:07.0578 2796 [ 97A671403A4554556859812B4D7CCAC4 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:24:07.0625 2796 Ftdisk - ok
11:24:07.0718 2796 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
11:24:07.0734 2796 FTSER2K - ok
11:24:07.0796 2796 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:24:07.0812 2796 GEARAspiWDM - ok
11:24:07.0828 2796 GenericMount - ok
11:24:07.0906 2796 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:24:07.0921 2796 Gpc - ok
11:24:07.0984 2796 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
11:24:07.0984 2796 grmnusb - ok
11:24:08.0078 2796 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:24:08.0078 2796 gupdate - ok
11:24:08.0156 2796 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:24:08.0156 2796 gupdatem - ok
11:24:08.0281 2796 [ 38583F49862C1CD95F5F0430898744B2 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:24:08.0328 2796 helpsvc - ok
11:24:08.0343 2796 hhdnet32 - ok
11:24:08.0468 2796 [ 76E19DC866F2AFF41812CF3DB1C5E4B4 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:24:08.0484 2796 HidServ - ok
11:24:08.0531 2796 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:24:08.0546 2796 hidusb - ok
11:24:08.0593 2796 [ 6022645993A89434332569E1DD9F009B ] hitmanpro35 C:\WINDOWS\system32\drivers\hitmanpro35.sys
11:24:08.0593 2796 hitmanpro35 - ok
11:24:08.0671 2796 [ B214E053798BD806B6FE8C513BE85A94 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:24:08.0703 2796 hkmsvc - ok
11:24:08.0718 2796 hpn - ok
11:24:08.0906 2796 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:24:08.0984 2796 hpqcxs08 - ok
11:24:09.0062 2796 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:24:09.0296 2796 hpqddsvc - ok
11:24:09.0359 2796 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:24:09.0375 2796 HPZid412 - ok
11:24:09.0421 2796 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:24:09.0437 2796 HPZipr12 - ok
11:24:09.0484 2796 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:24:09.0500 2796 HPZius12 - ok
11:24:09.0625 2796 [ 6312DC46356DF3974E88AA51B69360DC ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:24:09.0718 2796 HSFHWBS2 - ok
11:24:10.0062 2796 [ DAAB917EEC9849840A13353198D48CC5 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:24:10.0406 2796 HSF_DPV - ok
11:24:10.0546 2796 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:10.0671 2796 HTTP - ok
11:24:10.0718 2796 [ 6CF2DFEB51DA479CEBBDA1A42DE328E9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:24:10.0734 2796 HTTPFilter - ok
11:24:10.0796 2796 [ DCD57B7B85AF95C603227DD4710ABFF2 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
11:24:10.0812 2796 hwinterface - ok
11:24:10.0828 2796 i2omgmt - ok
11:24:10.0859 2796 i2omp - ok
11:24:10.0921 2796 [ 8D505BBFB10089D7C60346A6E179547C ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:24:10.0953 2796 i8042prt - ok
11:24:11.0046 2796 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:24:11.0125 2796 IDriverT - ok
11:24:11.0468 2796 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:24:11.0796 2796 idsvc - ok
11:24:11.0859 2796 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:24:11.0875 2796 Imapi - ok
11:24:11.0968 2796 [ 81D474A8AAA850C7A6E6D1630DD489AE ] ImapiService C:\WINDOWS\system32\imapi.exe
11:24:12.0031 2796 ImapiService - ok
11:24:12.0078 2796 ini910u - ok
11:24:12.0203 2796 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
11:24:12.0328 2796 Inspect - ok
11:24:12.0343 2796 IntelIde - ok
11:24:12.0421 2796 [ 25A30E8D0EE51307E4E135B20F2CEAC7 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:24:12.0437 2796 intelppm - ok
11:24:12.0484 2796 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:24:12.0500 2796 Ip6Fw - ok
11:24:12.0562 2796 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:24:12.0578 2796 IpFilterDriver - ok
11:24:12.0625 2796 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:24:12.0640 2796 IpInIp - ok
11:24:12.0718 2796 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:24:12.0765 2796 IpNat - ok
11:24:12.0859 2796 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:24:12.0890 2796 IPSec - ok
11:24:12.0937 2796 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:24:12.0937 2796 IRENUM - ok
11:24:13.0015 2796 [ 8331402D6FDC8716FC04881FB35DD3E3 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:24:13.0031 2796 isapnp - ok
11:24:13.0125 2796 [ BF71A06FF065E3FD7E32EA67DCA34885 ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
11:24:13.0156 2796 ISODrive - ok
11:24:13.0328 2796 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:24:13.0390 2796 JavaQuickStarterService - ok
11:24:13.0421 2796 [ 7C9A827DDEC6CFC7FCC7D3C6333DB8C3 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:24:13.0437 2796 Kbdclass - ok
11:24:13.0546 2796 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:24:13.0609 2796 kmixer - ok
11:24:13.0687 2796 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:24:13.0718 2796 KSecDD - ok
11:24:13.0796 2796 [ BBADCEEEA6098155D71C1E39FF757265 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:24:13.0843 2796 lanmanserver - ok
11:24:13.0953 2796 [ 8F74F0F60F032E86A2A1ED8EF26A663B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:24:14.0015 2796 lanmanworkstation - ok
11:24:14.0031 2796 lbrtfdc - ok
11:24:14.0140 2796 [ E9106CF1DA89F961E8C174030F7EA286 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:24:14.0156 2796 LmHosts - ok
11:24:14.0218 2796 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:24:14.0234 2796 MBAMProtector - ok
11:24:14.0453 2796 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:24:14.0593 2796 MBAMScheduler - ok
11:24:14.0843 2796 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:24:15.0062 2796 MBAMService - ok
11:24:15.0125 2796 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:24:15.0140 2796 mdmxsdk - ok
11:24:15.0203 2796 [ D7AF53A57778CB5307564414B19DD402 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:24:15.0218 2796 Messenger - ok
11:24:15.0265 2796 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:15.0281 2796 mnmdd - ok
11:24:15.0343 2796 [ 70CDAA28F6173BEE4929203EEB7ED58D ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:24:15.0359 2796 mnmsrvc - ok
11:24:15.0421 2796 [ E0BA1566270BC5AFA0D00027B66C46FF ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:24:15.0437 2796 Modem - ok
11:24:15.0468 2796 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:24:15.0484 2796 MODEMCSA - ok
11:24:15.0531 2796 [ 053BA6F6C1EE4CDBF3B2AD55EA96CA3F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:15.0546 2796 Mouclass - ok
11:24:15.0578 2796 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:15.0609 2796 MountMgr - ok
11:24:15.0703 2796 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:24:15.0734 2796 MozillaMaintenance - ok
11:24:15.0843 2796 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:24:15.0921 2796 MpFilter - ok
11:24:16.0078 2796 [ A69630D039C38018689190234F866D77 ] MpKslbb53bbd1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{617F1932-7A07-4FE0-B6B5-393C1B1A8D21}\MpKslbb53bbd1.sys
11:24:16.0078 2796 MpKslbb53bbd1 - ok
11:24:16.0109 2796 mraid35x - ok
11:24:16.0218 2796 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:16.0281 2796 MRxDAV - ok
11:24:16.0484 2796 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:16.0671 2796 MRxSmb - ok
11:24:16.0734 2796 [ 205655108B84B4890A909F4FD47A0706 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:24:16.0734 2796 MSDTC - ok
11:24:16.0828 2796 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:24:16.0828 2796 Msfs - ok
11:24:16.0859 2796 MSIServer - ok
11:24:16.0906 2796 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:16.0906 2796 MSKSSRV - ok
11:24:17.0015 2796 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:24:17.0015 2796 MsMpSvc - ok
11:24:17.0062 2796 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:17.0062 2796 MSPCLOCK - ok
11:24:17.0093 2796 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:17.0109 2796 MSPQM - ok
11:24:17.0156 2796 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:17.0171 2796 mssmbios - ok
11:24:17.0265 2796 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:24:17.0312 2796 Mup - ok
11:24:17.0468 2796 [ ABED7EA0733C5956A992C11351320455 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:24:17.0562 2796 napagent - ok
11:24:17.0671 2796 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:24:17.0750 2796 NDIS - ok
11:24:17.0812 2796 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:17.0812 2796 NdisTapi - ok
11:24:17.0843 2796 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:17.0859 2796 Ndisuio - ok
11:24:17.0906 2796 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:17.0953 2796 NdisWan - ok
11:24:18.0031 2796 [ A1D2E1B46E79CE3081607FB88DE2909B ] NDMSHLP C:\Program Files\Common Files\HHD Software\Device Monitor\ndmshlp.sys
11:24:18.0062 2796 NDMSHLP - ok
11:24:18.0125 2796 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:18.0140 2796 NDProxy - ok
11:24:18.0218 2796 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:24:18.0250 2796 Net Driver HPZ12 - ok
11:24:18.0312 2796 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:18.0328 2796 NetBIOS - ok
11:24:18.0406 2796 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:18.0468 2796 NetBT - ok
11:24:18.0562 2796 [ 240E632ED874A8F40D3099723D37C477 ] NetDDE C:\WINDOWS\system32\netdde.exe
11:24:18.0609 2796 NetDDE - ok
11:24:18.0671 2796 [ 240E632ED874A8F40D3099723D37C477 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:24:18.0687 2796 NetDDEdsdm - ok
11:24:18.0734 2796 [ F37B5C30EA09062DA4DFC2288560C485 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:24:18.0750 2796 Netlogon - ok
11:24:18.0875 2796 [ C1356692171443241694E1987DC19C2B ] Netman C:\WINDOWS\System32\netman.dll
11:24:18.0937 2796 Netman - ok
11:24:19.0046 2796 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:19.0093 2796 NetTcpPortSharing - ok
11:24:19.0203 2796 [ 2BD447AA9488959A76508E5F78619FE4 ] NEWDRIVER C:\WINDOWS\system32\WinVDEdrv6.sys
11:24:19.0843 2796 NEWDRIVER - ok
11:24:19.0953 2796 [ 9D24A369438439AC3A9C7131B01B1D92 ] Nla C:\WINDOWS\System32\mswsock.dll
11:24:20.0062 2796 Nla - ok
11:24:20.0156 2796 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
11:24:20.0187 2796 NMSAccess - ok
11:24:20.0265 2796 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:24:20.0281 2796 Npfs - ok
11:24:20.0500 2796 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:20.0734 2796 Ntfs - ok
11:24:20.0765 2796 [ F37B5C30EA09062DA4DFC2288560C485 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:24:20.0781 2796 NtLmSsp - ok
11:24:20.0984 2796 [ 9869F673909A3004A3A8732B51303296 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:24:21.0156 2796 NtmsSvc - ok
11:24:21.0187 2796 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:24:21.0203 2796 Null - ok
11:24:23.0390 2796 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:24:25.0562 2796 nv - ok
11:24:25.0671 2796 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:24:25.0750 2796 NVSvc - ok
11:24:25.0812 2796 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:25.0812 2796 NwlnkFlt - ok
11:24:25.0843 2796 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:25.0875 2796 NwlnkFwd - ok
11:24:25.0968 2796 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:26.0015 2796 ose - ok
11:24:26.0140 2796 [ 99B680F4847B085D9B9ACD000B38B965 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:26.0171 2796 Parport - ok
11:24:26.0218 2796 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:26.0234 2796 PartMgr - ok
11:24:26.0296 2796 [ 4C8654DA30AD5904FA3357D4D9AE2B48 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:26.0296 2796 ParVdm - ok
11:24:26.0343 2796 [ DCB0E536286B17EE4E3072EB7B81F3B3 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:26.0375 2796 PCI - ok
11:24:26.0406 2796 PCIDump - ok
11:24:26.0453 2796 [ A381ED297F58BA5BFE1D0B89384561FE ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:26.0468 2796 PCIIde - ok
11:24:26.0562 2796 [ 9350AF4ED9EA927179AE068C2D3980C4 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:26.0609 2796 Pcmcia - ok
11:24:26.0640 2796 PDCOMP - ok
11:24:26.0671 2796 PDFRAME - ok
11:24:26.0703 2796 PDRELI - ok
11:24:26.0734 2796 PDRFRAME - ok
11:24:26.0781 2796 perc2 - ok
11:24:26.0812 2796 perc2hib - ok
11:24:26.0968 2796 [ 782EE83D0F77F497ECF0A07DA1C3589F ] PlugPlay C:\WINDOWS\system32\services.exe
11:24:27.0000 2796 PlugPlay - ok
11:24:27.0062 2796 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:24:27.0093 2796 Pml Driver HPZ12 - ok
11:24:27.0125 2796 [ F37B5C30EA09062DA4DFC2288560C485 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:24:27.0140 2796 PolicyAgent - ok
11:24:27.0203 2796 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:27.0234 2796 PptpMiniport - ok
11:24:27.0250 2796 PROCEXP151 - ok
11:24:27.0328 2796 [ F37B5C30EA09062DA4DFC2288560C485 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:24:27.0343 2796 ProtectedStorage - ok
11:24:27.0390 2796 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:27.0421 2796 PSched - ok
11:24:27.0500 2796 [ C8EB36910D3BD582891977E80925E21E ] PSSDK42 C:\WINDOWS\system32\Drivers\pssdk42.sys
11:24:27.0562 2796 PSSDK42 - ok
11:24:27.0609 2796 [ 0BEC7B42F4093400509821C63F13F1D5 ] PSSDKLBF C:\WINDOWS\system32\Drivers\pssdklbf.sys
11:24:27.0671 2796 PSSDKLBF - ok
11:24:27.0750 2796 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:27.0765 2796 Ptilink - ok
11:24:27.0781 2796 ql1080 - ok
11:24:27.0812 2796 Ql10wnt - ok
11:24:27.0859 2796 ql12160 - ok
11:24:27.0890 2796 ql1240 - ok
11:24:27.0921 2796 ql1280 - ok
11:24:27.0968 2796 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:27.0984 2796 RasAcd - ok
11:24:28.0062 2796 [ BD44BEAB602CB156F3C8C990FE931B0C ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:24:28.0093 2796 RasAuto - ok
11:24:28.0156 2796 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:28.0187 2796 Rasl2tp - ok
11:24:28.0312 2796 [ 981CB057E6AFF8F8B4A599FB5AB69557 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:24:28.0390 2796 RasMan - ok
11:24:28.0453 2796 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:28.0468 2796 RasPppoe - ok
11:24:28.0500 2796 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:28.0515 2796 Raspti - ok
11:24:28.0625 2796 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:28.0687 2796 Rdbss - ok
11:24:28.0734 2796 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:28.0750 2796 RDPCDD - ok
11:24:28.0875 2796 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:28.0921 2796 RDPWD - ok
11:24:29.0031 2796 [ 9DD93FFBCEA84CFAF4019C95BCFCC277 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:24:29.0078 2796 RDSessMgr - ok
11:24:29.0140 2796 [ C17A980E3F07E8EA6F61142511AB8196 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:29.0171 2796 redbook - ok
11:24:29.0250 2796 [ 6C3F43697E4E0D7325C681579001720A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:24:29.0265 2796 RemoteAccess - ok
11:24:29.0343 2796 [ D978B60227D9F6FC5C6E3FB5097E85E1 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:24:29.0375 2796 RpcLocator - ok
11:24:29.0546 2796 [ 49CA71B047C7E3D84D7004B96A93AB28 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:24:29.0562 2796 RpcSs - ok
11:24:29.0640 2796 [ B4AF6CBD893A01F1A49D70F101E70E88 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:24:29.0703 2796 RSVP - ok
11:24:29.0750 2796 [ F37B5C30EA09062DA4DFC2288560C485 ] SamSs C:\WINDOWS\system32\lsass.exe
11:24:29.0765 2796 SamSs - ok
11:24:29.0828 2796 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:24:29.0828 2796 SASDIFSV - ok
11:24:29.0875 2796 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:24:29.0906 2796 SASKUTIL - ok
11:24:30.0015 2796 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
11:24:30.0062 2796 SbieDrv - ok
11:24:30.0109 2796 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
11:24:30.0125 2796 SbieSvc - ok
11:24:30.0203 2796 [ 4C6453708926E45DC84A3B5E7CE4D22B ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:24:30.0265 2796 SCardSvr - ok
11:24:30.0375 2796 [ B83BF888D7E5C5F7EC89523EC8B726E6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:24:30.0453 2796 Schedule - ok
11:24:30.0546 2796 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:30.0546 2796 Secdrv - ok
11:24:30.0625 2796 [ A6100B21AE48E6E776620FD59936C3C1 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:24:30.0640 2796 seclogon - ok
11:24:30.0718 2796 [ F27276FEB25502AD6BF6E2D74E157181 ] SENS C:\WINDOWS\system32\sens.dll
11:24:30.0750 2796 SENS - ok
11:24:30.0812 2796 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:30.0812 2796 serenum - ok
11:24:30.0859 2796 [ 44874DF5C7F1A379A82FDAF8F0F4CC57 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:30.0890 2796 Serial - ok
11:24:30.0984 2796 [ B98460D74971F0223C2884779C3777F5 ] SerMon C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys
11:24:31.0046 2796 SerMon - ok
11:24:31.0218 2796 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:31.0234 2796 Sfloppy - ok
11:24:31.0406 2796 [ 4A26A3FACA4B3B019A2BE42F4D4D8B2B ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:24:31.0515 2796 SharedAccess - ok
11:24:31.0609 2796 [ 8E189F5394F9FD792EF0751A9EF4BEA3 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:24:31.0625 2796 ShellHWDetection - ok
11:24:31.0640 2796 Simbad - ok
11:24:32.0718 2796 [ 2A99850C2A6EDD6C6602E822C716EDAF ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:24:33.0718 2796 Skype C2C Service - ok
11:24:33.0843 2796 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:24:33.0890 2796 SkypeUpdate - ok
11:24:34.0062 2796 [ 851310C1B742D2DF2D334603836FFDF5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
11:24:34.0125 2796 snapman - ok
11:24:34.0156 2796 Sparrow - ok
11:24:34.0234 2796 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:24:34.0250 2796 splitter - ok
11:24:34.0312 2796 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:24:34.0343 2796 Spooler - ok
11:24:34.0421 2796 [ D58045D55F0352AAE37330080B4D78C1 ] SPSniff C:\Program Files\Eltima Software\Serial Port Monitor\SPSniff.sys
11:24:34.0437 2796 SPSniff - ok
11:24:34.0500 2796 [ 766CE6120A9D27D3ABABB138C4138AF9 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:34.0515 2796 sr - ok
11:24:34.0625 2796 [ 725293069C64665967F18A9458957250 ] srservice C:\WINDOWS\system32\srsvc.dll
11:24:34.0703 2796 srservice - ok
11:24:34.0875 2796 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:35.0000 2796 Srv - ok
11:24:35.0078 2796 [ 60EC79D77FD6620FE2EA103764256EC4 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:24:35.0125 2796 SSDPSRV - ok
11:24:35.0187 2796 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
11:24:35.0187 2796 StarOpen - ok
11:24:35.0375 2796 [ CFFA355B7951A3806BB363C67D5510CC ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:24:35.0500 2796 stisvc - ok
11:24:35.0562 2796 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:35.0562 2796 swenum - ok
11:24:35.0625 2796 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:24:35.0656 2796 swmidi - ok
11:24:35.0671 2796 SwPrv - ok
11:24:35.0750 2796 symc810 - ok
11:24:35.0781 2796 symc8xx - ok
11:24:35.0828 2796 sym_hi - ok
11:24:35.0859 2796 sym_u3 - ok
11:24:38.0265 2796 [ 1D8C612D6589430AD8F981F615B7C528 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
11:24:40.0671 2796 syncagentsrv - ok
11:24:40.0750 2796 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:40.0781 2796 sysaudio - ok
11:24:40.0890 2796 [ 040620073707C2F77F230B1B537EEF97 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:24:40.0921 2796 SysmonLog - ok
11:24:41.0046 2796 [ DAD0B2F0AFA9C03F043848DB16696224 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:24:41.0140 2796 TapiSrv - ok
11:24:41.0328 2796 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:41.0453 2796 Tcpip - ok
11:24:41.0484 2796 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:41.0500 2796 TDPIPE - ok
11:24:41.0812 2796 [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
11:24:42.0109 2796 tdrpman - ok
11:24:42.0156 2796 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:42.0171 2796 TDTCP - ok
11:24:42.0234 2796 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:42.0250 2796 TermDD - ok
11:24:42.0406 2796 [ 95610769D9B59DCDAE9BC463C1C0962C ] TermService C:\WINDOWS\System32\termsrv.dll
11:24:42.0515 2796 TermService - ok
11:24:42.0593 2796 [ 8E189F5394F9FD792EF0751A9EF4BEA3 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:24:42.0609 2796 Themes - ok
11:24:42.0890 2796 [ A8C31102F448231596168FFC9F568B9A ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
11:24:43.0109 2796 tib_mounter - ok
11:24:43.0140 2796 TosIde - ok
11:24:43.0234 2796 [ 02A4096174745AD6E11AB5EC097EB8BB ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:24:43.0281 2796 TrkWks - ok
11:24:43.0984 2796 [ 65217CB56F60561FBFD00E7C3273DEBA ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
11:24:44.0484 2796 TuneUp.UtilitiesSvc - ok
11:24:44.0562 2796 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
11:24:44.0578 2796 TuneUpUtilitiesDrv - ok
11:24:44.0687 2796 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
11:24:44.0703 2796 uagp35 - ok
11:24:44.0765 2796 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:24:44.0781 2796 Udfs - ok
11:24:44.0812 2796 ultra - ok
11:24:45.0000 2796 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:24:45.0140 2796 Update - ok
11:24:45.0234 2796 [ B69B61C2219F5FE503E5333194CDC8A7 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:24:45.0312 2796 upnphost - ok
11:24:45.0359 2796 [ B13F0403FAB578C2280E80703797AD07 ] UPS C:\WINDOWS\System32\ups.exe
11:24:45.0375 2796 UPS - ok
11:24:45.0453 2796 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:24:45.0468 2796 usbaudio - ok
11:24:45.0515 2796 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:45.0531 2796 usbccgp - ok
11:24:45.0578 2796 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:45.0593 2796 usbehci - ok
11:24:45.0671 2796 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:45.0718 2796 usbhub - ok
11:24:45.0765 2796 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:24:45.0781 2796 usbprint - ok
11:24:45.0828 2796 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:45.0828 2796 usbscan - ok
11:24:45.0890 2796 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:45.0906 2796 usbstor - ok
11:24:45.0953 2796 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:45.0968 2796 usbuhci - ok
11:24:46.0046 2796 [ 6F81DCCD90E56B0E2B677FEADB34681C ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:24:46.0062 2796 UxTuneUp - ok
11:24:46.0156 2796 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:24:46.0156 2796 VgaSave - ok
11:24:46.0218 2796 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:24:46.0234 2796 ViaIde - ok
11:24:46.0359 2796 [ FECE79A9AEF62AD5F11A3F4A14F1DEAD ] VIAudio C:\WINDOWS\system32\drivers\vinyl97.sys
11:24:46.0484 2796 VIAudio - ok
11:24:46.0578 2796 [ 26B75DCB58B006867EFD659E845CD65E ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
11:24:46.0640 2796 vididr - ok
11:24:46.0687 2796 [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
11:24:46.0734 2796 vidsflt - ok
11:24:46.0796 2796 [ 2A405A3E1D925B49E09369999854E853 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:46.0812 2796 VolSnap - ok
11:24:46.0968 2796 [ EE0393DBF85980500A1F7774E1C81F6D ] VSS C:\WINDOWS\System32\vssvc.exe
11:24:47.0093 2796 VSS - ok
11:24:47.0187 2796 [ 2D1385433AB3F76F324023FAFCD8A711 ] W32Time C:\WINDOWS\system32\w32time.dll
11:24:47.0250 2796 W32Time - ok
11:24:47.0328 2796 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:47.0343 2796 Wanarp - ok
11:24:47.0578 2796 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:24:47.0734 2796 Wdf01000 - ok
11:24:47.0750 2796 WDICA - ok
11:24:47.0828 2796 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:47.0859 2796 wdmaud - ok
11:24:47.0937 2796 [ AEECAAAC59CDD24DDE0D5C0164250D96 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:24:47.0984 2796 WebClient - ok
11:24:48.0250 2796 [ BE3A842C2F2E87E7C840D36BCF13E8E0 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:24:48.0500 2796 winachsf - ok
11:24:48.0609 2796 [ 7456760DFC228E48C790C6A254C82906 ] WinFLAdrv C:\WINDOWS\system32\WinFLAdrv.sys
11:24:48.0671 2796 WinFLAdrv - ok
11:24:48.0828 2796 [ F2424C8EB744E9AEF66F3691E82FC6DD ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:24:48.0953 2796 winmgmt - ok
11:24:49.0156 2796 [ 8A81839D1DDDD19A5F450C754F00C0A6 ] WinVDEDrv C:\WINDOWS\system32\WinVDEdrv.sys
11:24:50.0281 2796 WinVDEDrv - ok
11:24:50.0343 2796 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:24:50.0359 2796 WmdmPmSN - ok
11:24:50.0500 2796 [ 2A86994CBAB96D9D5F5E4CEE99E09EE0 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:24:50.0546 2796 WmiApSrv - ok
11:24:50.0906 2796 [ F97BFA16A420AFD1C74B6ECB28C3EBEC ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:24:51.0218 2796 WMPNetworkSvc - ok
11:24:51.0609 2796 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:24:51.0906 2796 WPFFontCache_v0400 - ok
11:24:52.0031 2796 [ AD3204B412F8DC6443363392D9DA3B26 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:24:52.0062 2796 wscsvc - ok
11:24:52.0093 2796 [ 7E2A44A76F9724D4CC6A6198323EB475 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:24:52.0125 2796 wuauserv - ok
11:24:52.0203 2796 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:24:52.0234 2796 WudfPf - ok
11:24:52.0296 2796 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:24:52.0328 2796 WudfRd - ok
11:24:52.0390 2796 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:24:52.0437 2796 WudfSvc - ok
11:24:52.0640 2796 [ 229B9795979FD2F437AAB2D85030245E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:24:52.0843 2796 WZCSVC - ok
11:24:52.0937 2796 [ 9C76585F186648F69B2014C19030A571 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:24:53.0000 2796 xmlprov - ok
11:24:53.0015 2796 ================ Scan global ===============================
11:24:53.0078 2796 [ 1FDCDFA9B345635C6D06D37656F04E5F ] C:\WINDOWS\system32\basesrv.dll
11:24:53.0234 2796 [ D32454E31E5CBCE46AED09118C547C00 ] C:\WINDOWS\system32\winsrv.dll
11:24:53.0453 2796 [ D32454E31E5CBCE46AED09118C547C00 ] C:\WINDOWS\system32\winsrv.dll
11:24:53.0531 2796 [ 782EE83D0F77F497ECF0A07DA1C3589F ] C:\WINDOWS\system32\services.exe
11:24:53.0546 2796 [Global] - ok
11:24:53.0546 2796 ================ Scan MBR ==================================
11:24:53.0593 2796 [ F2634EFAB9E22A7870007C2453CEFE38 ] \Device\Harddisk0\DR0
11:24:53.0890 2796 \Device\Harddisk0\DR0 - ok
11:24:53.0890 2796 ================ Scan VBR ==================================
11:24:53.0906 2796 [ A4FCA4AB0A0D0F59BEBC12DA5412D08F ] \Device\Harddisk0\DR0\Partition1
11:24:53.0921 2796 \Device\Harddisk0\DR0\Partition1 - ok
11:24:53.0968 2796 [ 3F4FE211D86DA395587D3757F6B6AB44 ] \Device\Harddisk0\DR0\Partition2
11:24:53.0968 2796 \Device\Harddisk0\DR0\Partition2 - ok
11:24:54.0015 2796 [ B8E02CC2267F611945FC26F72464848E ] \Device\Harddisk0\DR0\Partition3
11:24:54.0015 2796 \Device\Harddisk0\DR0\Partition3 - ok
11:24:54.0015 2796 ============================================================
11:24:54.0015 2796 Scan finished
11:24:54.0015 2796 ============================================================
11:24:54.0062 3864 Detected object count: 0
11:24:54.0062 3864 Actual detected object count: 0
11:25:09.0500 2388 Deinitialize success



Avsmbr is updated and scanned. In the report it changed the color of only 1 line to yellow which is indicated as bold below

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 11:25:30
-----------------------------
11:25:30.593 OS Version: Windows 5.1.2600 Service Pack 3
11:25:30.593 Number of processors: 2 586 0x403
11:25:30.593 ComputerName: EVPC-2EB1B7B256 UserName: SAHIP
11:25:33.218 Initialize success
11:27:42.531 AVAST engine defs: 12112900
11:28:20.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
11:28:20.453 Disk 0 Vendor: ST3120213A 2AAA Size: 114473MB BusType: 3
11:28:20.484 Disk 0 MBR read successfully
11:28:20.484 Disk 0 MBR scan
11:28:20.609 Disk 0 unknown MBR code
11:28:20.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 74998 MB offset 63
11:28:20.687 Disk 0 Partition - 00 0F Extended LBA 39472 MB offset 153597465
11:28:20.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39440 MB offset 153597528
11:28:20.734 Disk 0 Partition - 00 05 Extended 31 MB offset 234372285
11:28:20.765 Disk 0 Partition 3 00 04 Small FAT16 MSDOS5.0 31 MB offset 234372348
11:28:20.812 Disk 0 scanning sectors +234436545
11:28:21.000 Disk 0 scanning C:\WINDOWS\system32\drivers
11:29:06.375 Service scanning
11:29:49.343 Service MpKslbb53bbd1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{617F1932-7A07-4FE0-B6B5-393C1B1A8D21}\MpKslbb53bbd1.sys **LOCKED** 32
11:30:46.375 Modules scanning
11:31:21.890 Disk 0 trace - called modules:
11:31:21.921 ntoskrnl.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys atapi.sys viaide.sys
11:31:21.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87387ab8]
11:31:21.921 3 CLASSPNP.SYS[f786efd7] -> nt!IofCallDriver -> [0x87348c60]
11:31:21.921 5 vidsflt.sys[f77c5d9b] -> nt!IofCallDriver -> \Device\00000075[0x873c7648]
11:31:21.937 7 ACPI.sys[f77e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x873a4030]
11:31:24.406 AVAST engine scan C:\WINDOWS
11:31:35.671 AVAST engine scan C:\WINDOWS\system32
11:42:31.109 AVAST engine scan C:\WINDOWS\system32\drivers
11:43:26.171 AVAST engine scan C:\Documents and Settings\SAHIP
11:52:31.578 AVAST engine scan C:\Documents and Settings\All Users
11:54:14.296 Scan finished successfully
12:00:48.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SAHIP\Desktop\MBR.dat"
12:00:48.343 The log file has been saved successfully to "C:\Documents and Settings\SAHIP\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 29 November 2012 - 07:17 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 November 2012 - 11:58 AM

Hi,

I scan with OTL , no problem is reported. Report is below;

OTL logfile created on: 11/29/2012 6:36:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SAHIP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: A.B.D. | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 571.88 Mb Available Physical Memory | 55.89% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.24 Gb Total Space | 46.47 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
Drive D: | 38.52 Gb Total Space | 22.44 Gb Free Space | 58.25% Space Free | Partition Type: NTFS
Drive K: | 3.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 31.08 Mb Total Space | 27.85 Mb Free Space | 89.58% Space Free | Partition Type: FAT

Computer Name: EVPC-2EB1B7B256 | User Name: SAHIP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\SAHIP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\WINDOWS\system32\WinFLService.exe (NewSoftwares.net, Inc.)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\TrafficCounter\TrafficCounter.exe (DigitByte Studio)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (FLService) -- C:\WINDOWS\system32\WinFLService.exe (NewSoftwares.net, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


========== Driver Services (SafeList) ==========

DRV - (PROCEXP151) -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS File not found
DRV - (hhdnet32) -- system32\DRIVERS\hhdnet32.sys File not found
DRV - (GenericMount) -- system32\DRIVERS\GenericMount.sys File not found
DRV - (flash) -- C:\DOCUME~1\SAHIP\LOCALS~1\Temp\IXP000.TMP\flash.sys File not found
DRV - (aswArKrn) -- C:\DOCUME~1\SAHIP\LOCALS~1\Temp\aswArKrn.sys File not found
DRV - (MpKslce1e9896) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{617F1932-7A07-4FE0-B6B5-393C1B1A8D21}\MpKslce1e9896.sys (Microsoft Corporation)
DRV - (PSSDKLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.sys (microOLAP Technologies LTD)
DRV - (PSSDK42) -- C:\WINDOWS\system32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (AntiLog32) -- C:\WINDOWS\system32\drivers\AntiLog32.sys (Zemana Ltd.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\drivers\tdrpman.sys (Acronis)
DRV - (tib_mounter) -- C:\WINDOWS\system32\drivers\tib_mounter.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt) -- C:\WINDOWS\system32\drivers\vidsflt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\WINDOWS\system32\drivers\fltsrv.sys (Acronis)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (WinFLAdrv) -- C:\WINDOWS\system32\WinFLAdrv.sys ()
DRV - (NEWDRIVER) -- C:\WINDOWS\system32\WinVDEdrv6.sys ()
DRV - (WinVDEDrv) -- C:\WINDOWS\system32\WinVDEdrv.sys (NewSoftwares.net, Inc.)
DRV - (hitmanpro35) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Buzz)
DRV - (SPSniff) -- C:\Program Files\Eltima Software\Serial Port Monitor\SPSniff.sys ()
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (asdlog) -- C:\WINDOWS\system32\drivers\asdlog.sys (AGG Software (http://www.aggsoft.com))
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SerMon) -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys (HHD Software)
DRV - (NDMSHLP) -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys (HHD Software)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes,DefaultScope = {18957074-AF7E-47F1-82D1-48ECFB863861}
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{18957074-AF7E-47F1-82D1-48ECFB863861}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{5B914B86-4B6E-41BD-A6F5-DC5A635961EF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6G&apn_dtid=YYYYYYYYTR&apn_uid=64976881-42c2-4404-abd8-4a38dc0f059f&apn_sauid=DC2382E2-35DE-4047-8AEC-D2F1303540AB&
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.7
FF - prefs.js..extensions.enabledAddons: %7B1392b8d2-5c05-419f-a8f6-b9f15a596612%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc4dc572a-3295-40eb-b30f-b54aa4cdc4b7%7D:0.7.26
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: eliteproxyswitcher@my-proxy.com:1.1.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2010/09/16 15:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/24 19:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/23 12:11:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/23 12:10:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/10/13 12:52:13 | 000,000,000 | ---D | M]

[2010/09/11 16:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Extensions
[2012/11/25 23:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions
[2010/11/26 17:51:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/23 16:37:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/11/19 15:02:01 | 000,000,000 | ---D | M] (Freecorder) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com
[2012/10/16 21:39:03 | 000,016,275 | ---- | M] () (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
[2011/04/27 15:32:03 | 000,077,793 | ---- | M] () (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
[2012/11/23 15:37:07 | 000,530,519 | ---- | M] () (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/16 21:33:48 | 000,091,876 | ---- | M] () (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}.xpi
[2012/10/16 21:34:56 | 000,042,336 | ---- | M] () (No name found) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/11/23 12:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/23 12:09:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SAHIP\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N8GIORUL.DEFAULT\EXTENSIONS\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[2012/11/23 12:11:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/10/24 19:03:32 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/12/20 17:58:20 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/11/23 12:10:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012/11/23 12:10:27 | 000,002,702 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yandex-tr.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files\searchresults1\searchresultsDx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files\searchresults1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\SAHIP\Start Menu\Programlar\Başlangıš\Traffic Counter.lnk = C:\Program Files\TrafficCounter\TrafficCounter.exe (DigitByte Studio)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} https://sube.garanti.com.tr/lib/JaguarEditControl.CAB (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344951803010 (MUWebControl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} http://82.222.81.12/WEBWATCH2.cab (WebWatch2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{916BC87F-990D-479E-BA8F-7CDFEDA02CC6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Manzara.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Manzara.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/10 16:39:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 18:09:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SAHIP\Desktop\OTL.exe
[2012/11/29 11:21:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SAHIP\Desktop\tdsskiller.exe
[2012/11/29 11:21:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\SAHIP\Desktop\aswMBR.exe
[2012/11/29 01:24:11 | 000,000,000 | ---D | C] -- C:\VProRecovery
[2012/11/26 11:42:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SAHIP\Recent
[2012/11/25 23:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Desktop\RK_Quarantine
[2012/11/25 15:12:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\SAHIP\Desktop\dds.com
[2012/11/23 12:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/19 15:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\Freecorder 7 Audio
[2012/11/19 15:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio
[2012/11/19 15:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Belgelerim\Freecorder
[2012/11/19 15:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\Jaksta_Technologies_Pty_L
[2012/11/19 15:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
[2012/11/13 16:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Belgelerim\DVDFab
[2012/11/11 16:52:35 | 001,010,720 | R-S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCHRT20.OCX
[2012/11/11 16:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Technitium
[2012/11/10 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Belgelerim\DriverGenius
[2012/11/09 18:50:27 | 000,000,000 | ---D | C] -- C:\L
[2012/11/08 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Wipe MFT
[2012/11/08 19:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\WipeMFT
[2012/11/08 12:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Active@ File Recovery
[2012/11/03 13:16:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{01D60ACE-D7E7-493C-877A-618A9BDB57ED}
[2012/11/03 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\AntiLogger
[2012/11/02 17:56:37 | 000,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2012/11/02 17:56:36 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2012/11/02 17:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\thinkbroadband.com
[2012/11/02 17:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\thinkbroadband.com
[2012/11/01 17:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrafficCounter
[2012/11/01 17:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programlar\Traffic Counter
[2010/12/26 17:30:14 | 013,317,640 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\SAHIP\Application Data\RealPlayer11plus.exe

========== Files - Modified Within 30 Days ==========

[2012/11/29 18:23:02 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 18:10:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SAHIP\Desktop\OTL.exe
[2012/11/29 18:01:04 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/29 17:53:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/29 17:48:42 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/11/29 17:48:37 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 17:48:34 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-1202660629-682003330-1004.job
[2012/11/29 17:48:22 | 000,000,060 | -HS- | M] () -- C:\WINDOWS\System32\ext_drive_list.dat
[2012/11/29 17:43:17 | 000,000,211 | -H-- | M] () -- C:\boot.ini
[2012/11/29 12:00:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SAHIP\Desktop\MBR.dat
[2012/11/29 11:15:51 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\SAHIP\Desktop\aswMBR.exe
[2012/11/29 11:14:54 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\SAHIP\Desktop\tdsskiller.exe
[2012/11/28 23:10:37 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2012/11/28 23:10:37 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2012/11/28 18:03:34 | 000,939,823 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\nuvi_1100_1200_1300_1400_OM.pdf
[2012/11/28 17:20:38 | 005,582,931 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\HT_9800_Kilavuz_Forum.rar
[2012/11/28 15:26:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/26 11:35:47 | 000,000,738 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\orjhosts
[2012/11/25 22:41:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\SAHIP\Desktop\RogueKiller.exe
[2012/11/25 22:40:25 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\SAHIP\Desktop\adwcleaner.exe
[2012/11/25 22:39:36 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\SAHIP\Desktop\SecurityCheck.exe
[2012/11/25 17:35:17 | 000,197,367 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\İški fiyatları İngiltere.pdf
[2012/11/25 15:12:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\SAHIP\Desktop\dds.com
[2012/11/24 21:04:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-1202660629-682003330-1004.job
[2012/11/24 18:49:36 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/23 12:08:55 | 000,102,228 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\bookmark.htm
[2012/11/21 14:55:44 | 007,724,775 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\Shell GTL process.pdf
[2012/11/20 23:06:23 | 000,268,981 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\Shell GTL Emissions measurements.pdf
[2012/11/19 14:49:01 | 000,459,794 | ---- | M] () -- C:\WINDOWS\System32\perfh01F.dat
[2012/11/19 14:49:00 | 000,474,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/19 14:49:00 | 000,086,678 | ---- | M] () -- C:\WINDOWS\System32\perfc01F.dat
[2012/11/19 14:48:59 | 000,076,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/18 17:15:41 | 000,351,875 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\first_steps_TV7_webconnector_en.pdf
[2012/11/18 17:15:14 | 000,337,753 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\first_steps_TV7_unattended_access_en.pdf
[2012/11/18 17:14:57 | 003,305,381 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\TeamViewer7_Manual_RemoteControl_EN.pdf
[2012/11/14 12:28:41 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/12 17:54:45 | 000,154,246 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\DVD decript kullanımı.mht
[2012/11/11 16:52:43 | 001,010,720 | R-S- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCHRT20.OCX
[2012/11/08 15:30:36 | 001,735,007 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\toyota-tsb.pdf
[2012/11/07 18:45:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/11/07 18:45:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/11/07 17:37:03 | 004,803,690 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\dp3_manual.zip
[2012/11/07 17:32:04 | 000,483,930 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\DiskPatch manual - partition table repair.mht
[2012/11/04 21:10:10 | 000,000,700 | -HS- | M] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\systemFL7.$dk
[2012/11/04 21:10:05 | 000,003,465 | -HS- | M] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\win_stlthdb_sys.dat
[2012/11/04 20:10:17 | 000,145,390 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\KSS213B.pdf
[2012/11/04 20:09:00 | 000,115,726 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\KSS210A.pdf
[2012/11/03 13:16:42 | 000,081,720 | ---- | M] (Zemana Ltd.) -- C:\WINDOWS\System32\drivers\AntiLog32.sys
[2012/11/03 13:07:01 | 000,657,536 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\Glonass GPS.pdf
[2012/11/01 18:53:04 | 000,131,225 | ---- | M] () -- C:\Documents and Settings\SAHIP\Belgelerim\direksiyon kolonu.pdf
[2012/11/01 17:47:33 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\SAHIP\Start Menu\Programlar\Başlangıš\Traffic Counter.lnk

========== Files Created - No Company Name ==========

[2012/11/29 12:00:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SAHIP\Desktop\MBR.dat
[2012/11/28 18:03:34 | 000,939,823 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\nuvi_1100_1200_1300_1400_OM.pdf
[2012/11/28 17:20:23 | 005,582,931 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\HT_9800_Kilavuz_Forum.rar
[2012/11/25 22:41:08 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\SAHIP\Desktop\RogueKiller.exe
[2012/11/25 22:39:54 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\SAHIP\Desktop\adwcleaner.exe
[2012/11/25 22:39:21 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\SAHIP\Desktop\SecurityCheck.exe
[2012/11/25 17:35:17 | 000,197,367 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\İški fiyatları İngiltere.pdf
[2012/11/21 14:55:44 | 007,724,775 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\Shell GTL process.pdf
[2012/11/20 23:06:23 | 000,268,981 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\Shell GTL Emissions measurements.pdf
[2012/11/18 17:15:40 | 000,351,875 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\first_steps_TV7_webconnector_en.pdf
[2012/11/18 17:15:13 | 000,337,753 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\first_steps_TV7_unattended_access_en.pdf
[2012/11/18 17:14:50 | 003,305,381 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\TeamViewer7_Manual_RemoteControl_EN.pdf
[2012/11/12 17:54:43 | 000,154,246 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\DVD decript kullanımı.mht
[2012/11/08 15:30:32 | 001,735,007 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\toyota-tsb.pdf
[2012/11/07 17:36:55 | 004,803,690 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\dp3_manual.zip
[2012/11/07 17:32:03 | 000,483,930 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\DiskPatch manual - partition table repair.mht
[2012/11/04 20:10:16 | 000,145,390 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\KSS213B.pdf
[2012/11/04 20:09:00 | 000,115,726 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\KSS210A.pdf
[2012/11/03 13:07:01 | 000,657,536 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\Glonass GPS.pdf
[2012/11/01 18:53:04 | 000,131,225 | ---- | C] () -- C:\Documents and Settings\SAHIP\Belgelerim\direksiyon kolonu.pdf
[2012/11/01 17:47:33 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\SAHIP\Start Menu\Programlar\Başlangıš\Traffic Counter.lnk
[2012/08/30 10:43:48 | 000,000,700 | -HS- | C] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\systemFL7.$dk
[2012/08/16 13:47:01 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\scantool.tr
[2012/05/31 14:58:15 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\SAHIP\Application Data\wpstate.ini
[2012/04/27 21:53:00 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\HackLogs.dat
[2012/04/19 13:58:58 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2012/04/16 10:34:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2012/04/09 14:53:42 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2012/04/09 14:48:43 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2012/02/15 12:46:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 18:10:56 | 000,002,289 | ---- | C] () -- C:\Documents and Settings\SAHIP\scanxlstd.cfg
[2011/12/11 19:23:41 | 000,001,316 | ---- | C] () -- C:\Documents and Settings\SAHIP\pcmscan.cfg
[2011/12/10 19:13:44 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2011/12/05 15:43:57 | 000,010,788 | ---- | C] () -- C:\Documents and Settings\SAHIP\Scanxl konfig 1.cfg
[2011/12/03 21:34:14 | 000,003,205 | ---- | C] () -- C:\Documents and Settings\SAHIP\scanxlpro.cfg
[2011/12/03 21:26:10 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ppe_fleetdb.vdb
[2011/11/19 12:31:23 | 000,000,102 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2011/11/04 11:40:55 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\SAHIP\Application Data\.backup.dm
[2011/10/20 16:19:05 | 000,003,465 | -HS- | C] () -- C:\WINDOWS\System32\win_stlthdb_sys.dat
[2011/10/20 16:14:42 | 000,001,213 | -HS- | C] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\win_fldb_sys.dat
[2011/10/20 16:14:42 | 000,000,693 | -HS- | C] () -- C:\WINDOWS\System32\win_fldb_sys.dat
[2011/10/20 16:12:37 | 000,003,465 | -HS- | C] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\win_stlthdb_sys.dat
[2011/10/20 16:12:16 | 000,002,568 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\win_mpwd_sys.dat
[2011/10/20 16:12:03 | 000,030,608 | ---- | C] () -- C:\WINDOWS\System32\WinFLAdrv.sys
[2011/10/20 16:12:02 | 000,188,176 | ---- | C] () -- C:\WINDOWS\System32\WinVDEdrv6.sys
[2011/10/20 16:11:44 | 000,000,060 | -HS- | C] () -- C:\WINDOWS\System32\ext_drive_list.dat
[2011/10/20 16:11:41 | 000,014,936 | ---- | C] () -- C:\WINDOWS\System32\WinFLMsgService.exe
[2011/10/20 16:11:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwsftUninstall.exe
[2011/10/08 19:59:46 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/10/08 19:59:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/24 19:20:42 | 000,019,497 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/09/14 14:35:57 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/08/28 19:33:06 | 000,001,870 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/06/15 12:12:26 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/30 21:35:48 | 000,000,008 | ---- | C] () -- C:\WINDOWS\wincris.ini
[2011/04/07 17:13:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/02 16:36:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/26 19:53:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/01/16 17:08:36 | 000,078,336 | ---- | C] () -- C:\WINDOWS\xxgmt.exe
[2010/12/26 17:30:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SAHIP\Application Data\chrtmp
[2010/11/23 19:13:56 | 002,970,450 | ---- | C] () -- C:\Documents and Settings\SAHIP\mezarlık transfer
[2010/11/23 19:07:29 | 000,071,023 | ---- | C] () -- C:\Documents and Settings\SAHIP\mezarlık.gdb
[2010/11/10 18:48:58 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\SAHIP\SAKARYA KOFTE
[2010/10/31 18:46:15 | 000,054,978 | ---- | C] () -- C:\Documents and Settings\SAHIP\KAYIT1.gdb
[2010/10/27 15:56:19 | 000,003,039 | ---- | C] () -- C:\Documents and Settings\SAHIP\Ank yol karma.gdb
[2010/10/27 15:47:57 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\SAHIP\teyzem yol.gdb
[2010/10/27 15:19:27 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\SAHIP\ab-teyzem yol.gdb
[2010/10/27 15:12:01 | 000,001,276 | ---- | C] () -- C:\Documents and Settings\SAHIP\Steyze yol
[2010/09/11 13:28:26 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 19:25:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\SAHIP\winscp.RND

========== ZeroAccess Check ==========

[2010/09/16 15:21:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 14:10:53 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:52:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 18:00:27 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FB1CEE3
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9638A27E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10A4358
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 30 November 2012 - 08:44 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files\searchresults1\searchresultsDx.dll File not found
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files\searchresults1\searchresultsDx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} https://sube.garanti.com.tr/lib/JaguarEditControl.CAB (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FB1CEE3
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9638A27E
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10A4358
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF  
    IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{5B914B86-4B6E-41BD-A6F5-DC5A635961EF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6G&apn_dtid=YYYYYYYYTR&apn_uid=64976881-42c2-4404-abd8-4a38dc0f059f&apn_sauid=DC2382E2-35DE-4047-8AEC-D2F1303540AB&
    FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.7
    FF - prefs.js..extensions.enabledAddons: %7B1392b8d2-5c05-419f-a8f6-b9f15a596612%7D:3.16.0.3
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    [2012/11/19 15:02:01 | 000,000,000 | ---D | M] (Freecorder) -- C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com
    O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com)
    [2012/11/19 15:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\Freecorder 7 Audio
    [2012/11/19 15:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio
    [2012/11/19 15:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Belgelerim\Freecorder
    [2012/11/19 15:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SAHIP\Local Settings\Application Data\Jaksta_Technologies_Pty_L
    [2012/11/19 15:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 30 November 2012 - 01:32 PM

Hello ,
I applied the suggestion. Report is below. The situation is stable :wacko: . It still takes around 130 second to reach to login screen. It is also said to be long if I select the safe mode during start up. It is around 65 seconds , but of course it is better than normal mode. For information , you know that , after login there is a known "Windows start" music played which is expected to be continous , but in my case it is shortly interrupted a few times.

I tried that to disable many services and programs from msconfig. They seem to only change the situation after login.

I will try to go back a former restore point and see the result altough do not hope too much to have an effect.

------- Report is below---------

rgds

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94366e2c-9923-431c-b0d6-747447dd0f2b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{94366e2c-9923-431c-b0d6-747447dd0f2b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94366e2c-9923-431c-b0d6-747447dd0f2b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {0FC8B38E-9293-424C-9D0E-CE60775679CF}
C:\WINDOWS\Downloaded Program Files\JaguarEditControl.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0FC8B38E-9293-424C-9D0E-CE60775679CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FC8B38E-9293-424C-9D0E-CE60775679CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0FC8B38E-9293-424C-9D0E-CE60775679CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FC8B38E-9293-424C-9D0E-CE60775679CF}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1FB1CEE3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9638A27E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F10A4358 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF deleted successfully.
Registry key HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{5B914B86-4B6E-41BD-A6F5-DC5A635961EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B914B86-4B6E-41BD-A6F5-DC5A635961EF}\ not found.
Prefs.js: addon%40freecorder.com:7.0.0.7 removed from extensions.enabledAddons
Prefs.js: %7B1392b8d2-5c05-419f-a8f6-b9f15a596612%7D:3.16.0.3 removed from extensions.enabledAddons
Prefs.js: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\plugins folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\skin folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\content\popup\images folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\content\popup folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\content\js folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\content\img folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome\content folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com\chrome folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Mozilla\Firefox\Profiles\n8giorul.default\extensions\addon@freecorder.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}\ deleted successfully.
C:\Program Files\Freecorder extension\ScriptHost.dll moved successfully.
C:\Documents and Settings\SAHIP\Local Settings\Application Data\Freecorder 7 Audio\UrlCache folder moved successfully.
C:\Documents and Settings\SAHIP\Local Settings\Application Data\Freecorder 7 Audio folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio\Library\logs folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio\Library\db folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio\Library\art folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio\Library folder moved successfully.
C:\Documents and Settings\SAHIP\Application Data\Freecorder 7 Audio folder moved successfully.
C:\Documents and Settings\SAHIP\Belgelerim\Freecorder\Audio folder moved successfully.
C:\Documents and Settings\SAHIP\Belgelerim\Freecorder folder moved successfully.
C:\Documents and Settings\SAHIP\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx\5.0.0.48 folder moved successfully.
C:\Documents and Settings\SAHIP\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx folder moved successfully.
C:\Documents and Settings\SAHIP\Local Settings\Application Data\Jaksta_Technologies_Pty_L folder moved successfully.
C:\Program Files\Freecorder extension folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Yapilandirmasi
DNS ă÷zme Ínbellegi basariyla temizlendi.
C:\Documents and Settings\SAHIP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SAHIP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: SAHIP
->Java cache emptied: 8351181 bytes

Total Java Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56504 bytes

User: Guest
->Flash cache emptied: 59249 bytes

User: LocalService
->Flash cache emptied: 574 bytes

User: NetworkService

User: SAHIP
->Flash cache emptied: 1786 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302012_191630

#14 natureturkiye

natureturkiye
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 30 November 2012 - 02:47 PM

Hi Gringo,

In addition to my above reply pls be informed that I restored my pc to a restore point taken 10 days before. It rebooted and worked normally. Later I rebooted again to make sure the result. I took only 48 seconds to reach to login screen :thumbup2: , it was 130 seconds before. I am not sure what has changed in between but the problem is over.

Many thanks for your kind efforts in trying to solve my pc's problem.

Kind regards

NatureTurkiye

Edited by natureturkiye, 30 November 2012 - 02:48 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 AM

Posted 30 November 2012 - 03:33 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users