Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 ubeydullahshn1

ubeydullahshn1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 05 May 2013 - 01:13 PM

Mod Edit: Removed email address, Combofix log posted, and topic moved from Windows7 to the Malware Removal Logs forum. ~bloopie

ComboFix 13-05-04.01 - hewlet 05.05.2013  20:01:58.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1254.90.1055.18.6092.3604 [GMT 3:00]
Running from: c:\users\hewlet\Desktop\ComboFix_2.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\go muhasebe\GO\DEFAULTS\Desktop_.ini
c:\go muhasebe\GO\DEFAULTS\DEU\Desktop_.ini
c:\go muhasebe\GO\DEFAULTS\GEN\Desktop_.ini
c:\go muhasebe\GO\DEFAULTS\REPORTS\Desktop_.ini
c:\go muhasebe\GO\DEFAULTS\TRK\Desktop_.ini
c:\go muhasebe\GO\Desktop_.ini
c:\go muhasebe\GO\FOCUS\Bin\Desktop_.ini
c:\go muhasebe\GO\FOCUS\Client\Desktop_.ini
c:\go muhasebe\GO\FOCUS\Desktop_.ini
c:\go muhasebe\GO\FOCUS\LogoModels\Desktop_.ini
c:\go muhasebe\GO\FOCUS\Map\Desktop_.ini
c:\go muhasebe\GO\FOCUS\Tools\Desktop_.ini
c:\go muhasebe\GO\RESOURCE\Desktop_.ini
c:\go muhasebe\GO\RESOURCE\Skins\Desktop_.ini
c:\go muhasebe\GO\RESOURCE\Skins\images\Desktop_.ini
c:\go muhasebe\GO\SmartTag\Desktop_.ini
c:\go muhasebe\GO\WREPORT\Desktop_.ini
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files (x86)\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files (x86)\sXe Injected\chromechange.exe
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\default.reg
c:\program files (x86)\sXe Injected\firechange.exe
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js
c:\program files (x86)\sXe Injected\localstrike-search.xml
c:\program files (x86)\sXe Injected\newtaburl_local.xpi
c:\program files (x86)\sXe Injected\Preferences
c:\program files (x86)\sXe Injected\search.ini
c:\program files (x86)\sXe Injected\speeddial.ini
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\sXe.dll
c:\program files (x86)\sXe Injected\TopSites.plist
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
c:\program files (x86)\sXe Injected\Web Data
c:\programdata\ChromeUpdate\chrome.crx
c:\programdata\ChromeUpdate\update.xml
c:\programdata\Roaming
c:\programdata\Samsung
c:\programdata\Samsung\Device Error Recovery\SAMSUNGDERSDK_20130305.log
c:\users\hewlet\AppData\Local\lollipop
c:\users\hewlet\AppData\Roaming\dclogs
c:\users\hewlet\AppData\Roaming\dclogs\2013-04-24-4.dc
c:\users\hewlet\AppData\Roaming\Samsung
c:\users\hewlet\Documents\DCSCMIN
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-05 to 2013-05-05  )))))))))))))))))))))))))))))))
.
.
2013-05-05 17:20 . 2013-05-05 17:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-05 17:20 . 2013-05-05 17:20	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2013-05-05 16:48 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D63DACF1-49B2-4013-85D0-1627D1021484}\mpengine.dll
2013-05-05 11:57 . 2013-05-05 11:57	--------	d-----w-	c:\users\hewlet\AppData\Local\AVG SafeGuard toolbar
2013-05-05 11:57 . 2013-05-05 11:57	--------	d-----w-	c:\programdata\AVG SafeGuard toolbar
2013-05-05 11:56 . 2013-05-05 11:55	40736	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2013-05-05 11:56 . 2013-05-05 11:56	--------	d-----w-	c:\program files (x86)\Common Files\AVG Secure Search
2013-05-05 11:56 . 2013-05-05 11:56	--------	d-----w-	c:\program files (x86)\AVG SafeGuard toolbar
2013-05-05 00:48 . 2013-05-05 00:48	--------	d-----w-	c:\users\hewlet\AppData\Local\CAE_Report_Generator
2013-05-05 00:03 . 2013-05-05 00:15	--------	d-----w-	c:\users\hewlet\AppData\Local\VMware
2013-05-05 00:03 . 2013-05-05 00:03	--------	d-----w-	c:\users\hewlet\AppData\Roaming\VMware
2013-05-04 22:18 . 2012-10-24 11:17	67224	----a-w-	c:\windows\system32\vsocklib.dll
2013-05-04 22:18 . 2012-10-24 11:17	70296	----a-w-	c:\windows\system32\drivers\vsock.sys
2013-05-04 22:18 . 2013-02-25 23:28	67664	----a-w-	c:\windows\system32\drivers\vmx86.sys
2013-05-04 22:18 . 2013-02-25 23:27	33360	----a-w-	c:\windows\system32\drivers\VMkbd.sys
2013-05-04 22:17 . 2013-02-25 23:28	30800	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2013-05-04 22:17 . 2013-02-25 23:29	933968	----a-w-	c:\windows\system32\vnetlib64.dll
2013-05-04 22:16 . 2012-10-11 13:15	52376	----a-w-	c:\windows\system32\drivers\hcmon.sys
2013-05-04 22:15 . 2013-05-04 22:15	--------	d-----w-	c:\program files\Common Files\VMware
2013-05-04 22:14 . 2013-05-05 17:25	--------	d-----w-	c:\programdata\VMware
2013-05-04 22:14 . 2013-05-04 22:14	--------	d-----w-	c:\program files (x86)\VMware
2013-05-04 22:14 . 2013-05-04 22:14	--------	d-----w-	c:\program files (x86)\Common Files\VMware
2013-05-04 20:33 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpipreset
2013-05-04 13:58 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-04 13:31 . 2013-05-04 13:31	--------	d-----w-	c:\users\hewlet\AppData\Roaming\Petrax Software
2013-05-04 13:31 . 2013-05-04 13:31	--------	d-----w-	c:\program files (x86)\Petrax Software
2013-05-04 13:06 . 2013-05-04 13:06	--------	d-----w-	c:\program files (x86)\Hide My IP
2013-05-03 19:55 . 2013-05-03 19:57	--------	d-----w-	c:\program files (x86)\CamStudio 2.7
2013-05-02 15:22 . 2013-05-02 15:24	--------	d-----w-	c:\program files (x86)\FileZilla Server
2013-04-30 17:21 . 2013-04-05 11:32	166576	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2013-04-30 16:15 . 2013-04-30 16:15	--------	d-----w-	c:\users\hewlet\AppData\Local\Mozilla
2013-04-30 16:15 . 2013-04-30 16:15	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-04-29 19:17 . 2013-04-29 21:06	--------	d-----w-	c:\users\hewlet\AppData\Local\Bundled software uninstaller
2013-04-29 19:16 . 2013-04-29 19:16	--------	d-----w-	c:\programdata\Babylon
2013-04-29 19:16 . 2013-04-29 19:16	--------	d-----w-	c:\users\hewlet\AppData\Roaming\Babylon
2013-04-29 19:03 . 2013-05-05 14:01	--------	d-----w-	c:\users\hewlet\AppData\Roaming\IDM
2013-04-29 19:03 . 2013-05-04 20:23	--------	d-----w-	c:\program files (x86)\Internet Download Manager
2013-04-28 20:37 . 2013-04-28 20:37	28068864	----a-w-	c:\windows\system32\imageres.dll
2013-04-26 19:01 . 2013-04-26 19:01	--------	d-----w-	c:\users\hewlet\AppData\Roaming\CAE_Report_Generator
2013-04-25 00:30 . 2013-04-07 22:32	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-25 00:30 . 2013-04-25 00:30	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E4036D9-AE53-4489-9621-03D49DBAE9E8}\gapaengine.dll
2013-04-24 17:40 . 2013-04-24 17:40	--------	d-----w-	c:\users\hewlet\AppData\Roaming\PhrozenSoft
2013-04-24 17:39 . 2013-04-24 17:46	--------	d-----w-	c:\users\hewlet\AppData\Roaming\FK_Monitor
2013-04-24 17:39 . 2013-04-24 17:39	--------	d-----w-	c:\program files (x86)\FK_Monitor
2013-04-24 13:42 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 22:17 . 2013-04-27 17:15	--------	d-----w-	c:\program files (x86)\Age of Empires II HD
2013-04-23 11:57 . 2013-04-23 11:57	--------	d-----w-	c:\users\hewlet\AppData\Local\B1E
2013-04-23 11:57 . 2013-04-23 11:57	--------	d-----w-	c:\users\hewlet\AppData\Roaming\B1Toolbar
2013-04-21 20:34 . 2013-04-21 20:50	--------	d-----w-	c:\users\hewlet\AppData\Roaming\PC Suite
2013-04-21 20:34 . 2013-04-21 20:34	--------	d-----w-	c:\users\hewlet\AppData\Local\Nokia
2013-04-21 20:34 . 2013-04-21 20:34	--------	d-----w-	c:\programdata\PC Suite
2013-04-21 20:32 . 2013-04-21 20:33	--------	d-----w-	c:\programdata\Nokia
2013-04-21 20:32 . 2013-04-21 20:32	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2013-04-21 20:31 . 2013-04-21 20:31	--------	d-----w-	c:\program files\DIFX
2013-04-21 20:31 . 2012-10-17 10:53	26112	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2013-04-21 20:31 . 2013-04-21 20:31	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-04-21 20:30 . 2013-04-21 20:30	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2013-04-21 20:30 . 2012-11-09 12:33	57856	----a-w-	c:\windows\system32\nmwcdclsX64.dll
2013-04-21 20:21 . 2013-04-21 20:32	--------	d-----w-	c:\program files (x86)\Nokia
2013-04-19 19:45 . 2013-04-19 19:47	--------	d-----w-	c:\users\hewlet\AppData\Local\Mixxx
2013-04-19 19:43 . 2013-04-19 19:48	--------	d-----w-	c:\program files (x86)\Mixxx
2013-04-18 17:15 . 2013-04-18 17:15	--------	d-----w-	c:\users\hewlet\AppData\Roaming\Turkcell Teknoloji
2013-04-15 18:06 . 2013-04-15 18:07	--------	d-----w-	c:\program files (x86)\Smarttürk WebTV
2013-04-14 16:01 . 2013-04-14 17:18	--------	d-----w-	c:\users\hewlet\AppData\Local\Skymonk2
2013-04-14 10:33 . 2013-04-14 10:33	--------	d-----w-	c:\program files (x86)\VirtualDJ
2013-04-14 10:17 . 2013-04-14 10:17	69632	----a-r-	c:\users\hewlet\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\ARPPRODUCTICON.exe
2013-04-14 10:17 . 2013-04-14 10:17	49152	----a-r-	c:\users\hewlet\AppData\Roaming\Microsoft\Installer\{58C91689-85E3-4B25-ADEC-2697986DF817}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-04-14 10:17 . 2013-04-14 10:17	--------	d-----w-	c:\users\hewlet\Qtrax
2013-04-14 10:17 . 2013-04-14 10:17	--------	d-----w-	c:\program files\WinPcap
2013-04-14 10:16 . 2013-04-14 10:20	--------	d-----w-	c:\program files\VDownloader
2013-04-12 15:53 . 2013-04-12 15:53	--------	d-----w-	c:\windows\Sun
2013-04-11 15:24 . 2013-04-11 15:25	--------	d-----w-	C:\0525957f4b4a13a917e8569118e3
2013-04-10 21:55 . 2013-04-10 21:55	--------	d-----w-	C:\ccdc973f206111e90dd20d901e
2013-04-10 21:53 . 2013-02-21 10:15	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-10 21:53 . 2013-02-21 10:14	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-04-10 21:53 . 2013-02-21 10:15	2240512	----a-w-	c:\windows\system32\wininet.dll
2013-04-10 21:53 . 2013-02-21 10:14	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-04-10 21:53 . 2013-02-21 10:14	19230208	----a-w-	c:\windows\system32\mshtml.dll
2013-04-10 20:54 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 20:54 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 20:54 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 20:54 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 20:54 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 20:54 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:54 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 20:54 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 20:54 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 20:54 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-09 15:36 . 2009-07-22 08:17	78872	----a-w-	c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-04-09 15:36 . 2009-07-22 08:17	111640	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-04-09 15:34 . 2013-04-09 15:34	--------	d-----w-	c:\windows\system32\RsFx
2013-04-09 15:32 . 2013-04-09 15:32	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2013-04-09 14:06 . 2013-04-09 14:14	--------	d-----w-	c:\program files (x86)\Microsoft F#
2013-04-09 14:06 . 2013-04-09 14:11	--------	d-----w-	c:\program files (x86)\HTML Help Workshop
2013-04-09 14:06 . 2013-04-29 19:38	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2013-04-09 14:06 . 2013-04-11 15:29	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2013-04-09 13:58 . 2013-04-09 13:58	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 9.0
2013-04-09 13:57 . 2013-04-09 13:57	--------	d-----w-	c:\windows\symbols
2013-04-09 13:57 . 2013-04-09 15:31	--------	d-----w-	c:\windows\system32\1033
2013-04-09 13:57 . 2013-04-09 15:18	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2013-04-09 13:57 . 2013-04-09 13:57	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2013-04-09 13:57 . 2013-04-09 13:57	--------	d-----w-	c:\program files\Microsoft Help Viewer
2013-04-08 21:36 . 2013-04-08 21:36	--------	d-----w-	C:\Yeni klasör
2013-04-08 21:36 . 2013-04-08 21:36	--------	d-----w-	c:\programdata\NexonUS
2013-04-08 21:36 . 2013-04-08 21:36	--------	d-----w-	C:\ca eu f
2013-04-08 20:03 . 2011-12-01 08:41	237056	----a-w-	c:\windows\system32\drivers\ZTEusbwwan.sys
2013-04-08 20:03 . 2011-07-04 07:04	123264	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2013-04-08 20:03 . 2011-07-04 07:04	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmeaext2.sys
2013-04-08 20:03 . 2011-07-04 07:04	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2013-04-08 20:03 . 2011-07-04 07:04	123264	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2013-04-08 20:03 . 2011-04-13 12:42	11776	----a-w-	c:\windows\system32\drivers\massfilter.sys
2013-04-08 20:03 . 2013-04-08 20:03	--------	d-----w-	c:\windows\massfilter
2013-04-07 22:29 . 2013-04-07 22:29	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-04-07 22:29 . 2013-04-07 22:29	--------	d-----w-	c:\program files\Microsoft Security Client
2013-04-07 22:26 . 2013-04-07 22:47	--------	d-----w-	c:\windows\system32\appmgmt
2013-04-07 21:37 . 2012-12-11 09:12	441104	----a-w-	c:\windows\system32\HMIPCore64.dll
2013-04-07 21:37 . 2012-12-11 09:12	342288	----a-w-	c:\windows\SysWow64\HMIPCore.dll
2013-04-07 20:32 . 2013-01-29 16:53	--------	d-----w-	c:\windows\Onhax-temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2011-01-09 11:25	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-11 22:47 . 2013-04-11 22:47	0	----a-w-	c:\windows\SysWow64\sho4A79.tmp
2013-04-11 16:05 . 2012-09-02 10:33	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-11 16:02 . 2013-04-09 15:04	3640672	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-04-02 18:21 . 2013-04-02 18:21	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 18:21 . 2013-04-02 18:21	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-02 18:21 . 2013-04-02 18:21	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-02 18:21 . 2013-04-02 18:21	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-02 18:21 . 2013-04-02 18:21	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-02 18:21 . 2013-04-02 18:21	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-02 18:21 . 2013-04-02 18:21	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-02 18:21 . 2013-04-02 18:21	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 18:21 . 2013-04-02 18:21	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 18:21 . 2013-04-02 18:21	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-02 18:21 . 2013-04-02 18:21	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-02 18:21 . 2013-04-02 18:21	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-02 18:21 . 2013-04-02 18:21	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-02 18:21 . 2013-04-02 18:21	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-02 18:21 . 2013-04-02 18:21	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-02 18:21 . 2013-04-02 18:21	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-02 18:21 . 2013-04-02 18:21	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 18:21 . 2013-04-02 18:21	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-02 18:21 . 2013-04-02 18:21	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-02 18:21 . 2013-04-02 18:21	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-02 18:21 . 2013-04-02 18:21	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-02 18:21 . 2013-04-02 18:21	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-02 18:21 . 2013-04-02 18:21	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-02 18:21 . 2013-04-02 18:21	441856	----a-w-	c:\windows\system32\html.iec
2013-04-02 18:21 . 2013-04-02 18:21	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-02 18:21 . 2013-04-02 18:21	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-02 18:21 . 2013-04-02 18:21	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-02 18:21 . 2013-04-02 18:21	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-02 18:21 . 2013-04-02 18:21	235008	----a-w-	c:\windows\system32\url.dll
2013-04-02 18:21 . 2013-04-02 18:21	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-02 18:21 . 2013-04-02 18:21	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-02 18:21 . 2013-04-02 18:21	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-02 18:21 . 2013-04-02 18:21	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-02 18:21 . 2013-04-02 18:21	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-02 18:21 . 2013-04-02 18:21	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-02 18:21 . 2013-04-02 18:21	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-02 18:21 . 2013-04-02 18:21	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-02 18:21 . 2013-04-02 18:21	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-02 18:21 . 2013-04-02 18:21	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 18:21 . 2013-04-02 18:21	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-02 18:21 . 2013-04-02 18:21	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-02 18:21 . 2013-04-02 18:21	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-02 18:21 . 2013-04-02 18:21	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-02 18:21 . 2013-04-02 18:21	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-02 18:21 . 2013-04-02 18:21	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-02 18:21 . 2013-04-02 18:21	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-02 18:21 . 2013-04-02 18:21	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-02 18:21 . 2013-04-02 18:21	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-02 18:21 . 2013-04-02 18:21	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-02 18:17 . 2013-04-02 18:17	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-02 18:17 . 2013-04-02 18:17	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-02 18:17 . 2013-04-02 18:17	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-02 18:17 . 2013-04-02 18:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-02 18:17 . 2013-04-02 18:17	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 18:17 . 2013-04-02 18:17	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-02 18:17 . 2013-04-02 18:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-02 18:17 . 2013-04-02 18:17	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-02 18:17 . 2013-04-02 18:17	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 18:17 . 2013-04-02 18:17	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-02 18:17 . 2013-04-02 18:17	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-04-02 18:17 . 2013-04-02 18:17	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-04-02 18:17 . 2013-04-02 18:17	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 18:17 . 2013-04-02 18:17	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-02 18:17 . 2013-04-02 18:17	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-02 18:17 . 2013-04-02 18:17	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-02 18:17 . 2013-04-02 18:17	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-02 18:17 . 2013-04-02 18:17	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-02 18:17 . 2013-04-02 18:17	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-02 18:17 . 2013-04-02 18:17	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 18:17 . 2013-04-02 18:17	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 18:17 . 2013-04-02 18:17	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-02 18:17 . 2013-04-02 18:17	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-02 18:17 . 2013-04-02 18:17	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-02 18:17 . 2013-04-02 18:17	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-04-02 18:17 . 2013-04-02 18:17	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-02 18:17 . 2013-04-02 18:17	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-04-02 18:17 . 2013-04-02 18:17	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-04-02 18:17 . 2013-04-02 18:17	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-04-02 18:17 . 2013-04-02 18:17	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-05 11:55	1966768	----a-w-	c:\program files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files (x86)\Yandex\YandexBarIE\yndbar.dll" [2012-03-05 8921400]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll" [2013-05-05 1966768]
.
[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"Facebook Update"="c:\users\hewlet\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-10 138096]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-04-07 3573624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-08 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe" [2010-03-24 76584]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-25 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
.
c:\users\hewlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cs Serverlarý.lnk - c:\program files (x86)\valve\Cs Serverlarý.url [2012-12-16 95]
Facebook Messenger.lnk - c:\users\hewlet\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2007 Ekran Kýrpýcý ve Baþlatýcý.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [N/A]
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2010-1-11 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 dgejfyfu;dgejfyfu;c:\windows\system32\drivers\dgejfyfu.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/01/09 03:28;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hlwinnt;hlwinnt;c:\windows\system32\hlwinnt.sys [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 LOGO_GOPLUS_Service_6104_100008_2_5;LOGO_GOPLUS_Service 2.5.0.0 (6104-100008);c:\program files (x86)\LOGO\GO PLUS\LOGO_GOPLUS_Service.exe [x]
R2 MSSQL$SA;MSSQL$SA;c:\program files (x86)\Microsoft SQL Server\MSSQL$SA\Binn\sqlservr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 cpuz134;cpuz134;c:\users\hewlet\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 EWSASERV;EWSA Control Service;c:\program files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-05-31 415744]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2012-12-11 3587856]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-04-13 11776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Að Ýnceleme;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-08-29 243712]
R3 SQLAgent$SA;SQLAgent$SA;c:\program files (x86)\Microsoft SQL Server\MSSQL$SA\Binn\sqlagent.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleþtirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-27 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys [2011-07-04 123264]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2011-12-01 237056]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-05 40736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-25 283200]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2012-06-09 26768]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-12-13 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-08 203264]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-08-12 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Depolama Teknolojisi;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-09-07 2464400]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-04-05 166576]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-05-05 1008816]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-03-23 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-11-12 12252064]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-12-26 805088]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-28 23:00	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 19:42]
.
2013-04-09 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2013-03-05 11:29]
.
2013-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4107708886-2277950623-4007447883-1000Core.job
- c:\users\hewlet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04 19:51]
.
2013-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4107708886-2277950623-4007447883-1000UA.job
- c:\users\hewlet\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-04 19:51]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 22:57]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28 22:57]
.
2013-04-20 c:\windows\Tasks\HPCeeScheduleForhewlet.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-03-31 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-02-21 13:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-12 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-12-03 464744]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=5ADA183DA2485418
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{77C07103-05F3-4D65-9C1B-0F47CFAD9937}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{77C07103-05F3-4D65-9C1B-0F47CFAD9937}\2657C656E647F513: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{77C07103-05F3-4D65-9C1B-0F47CFAD9937}\4616C6B696C69636: NameServer = 208.67.222.222,208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hewlet\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={637EFEC9-5531-4D9C-9BF6-39D57470CEA1}&mid=a7f7be3baa5147d39be71d1be9e36c2a-dd5732549107365f6f669e5d9256d281856c0dd0&lang=tr&ds=gm011&pr=sa&d=2013-05-05 14:56&v=15.1.0.2&pid=safeguard&sg=2&sap=hp
FF - prefs.js: keyword.URL - 
FF - ExtSQL: 2013-04-29 22:04; mozilla_cc@internetdownloadmanager.com; c:\users\hewlet\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-04-30 19:15; yasearch@yandex.ru; c:\users\hewlet\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru
FF - ExtSQL: 2013-04-30 19:31; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\hewlet\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-04-30 19:31; vb@yandex.ru; c:\users\hewlet\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 5adab5f8000000000000183da2485418
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15824
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1622:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-All Video Sound Extractor_is1 - c:\program files (x86)\All Video Sound Extractor\unins000.exe
AddRemove-hata düzelt 2.00 - c:\program files (x86)\Internet Download Manager\hata düzelt\Uninstall.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
AddRemove-Video mp3 Extractor_is1 - c:\program files (x86)\Video mp3 Extractor\unins000.exe
AddRemove-Zirve Müþavir .Net (SQL)_is1 - h:\zirvenet\unins000.exe
AddRemove-{B993DC58-6926-42E8-A959-FC9D70DF7A58} - c:\program files (x86)\InstallShield Installation Information\{B993DC58-6926-42E8-A959-FC9D70DF7A58}\setup.exe
AddRemove-{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3} - c:\program files (x86)\CommViewWiFi\Uninst_CommViewWiFi.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-{F38ADD30-FB36-11E1-3D6C-0095FA964AE1} - c:\program files (x86)\Essential NetTools\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4107708886-2277950623-4007447883-1000_Classes\Wow6432Node\CLSID\{2a469444-9956-48a3-af78-bb1d73c1a062}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000060
"Therad"=dword:00000024
.
[HKEY_USERS\S-1-5-21-4107708886-2277950623-4007447883-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c8,68,98,95,d5,db,21,55,d8,32,f3,39,fe,ee,6f,31,14,a1,e4,ca,cc,
   62,f1,9f,db,c9,9a,1e,0e,25,bd,40,fb,e7,17,7e,03,f0,40,d1,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-05-05  20:36:58 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-05 17:36
.
Pre-Run: 737.765.765.120 bayt boþ
Post-Run: 740.694.745.088 bayt boþ
.
- - End Of File - - 983B25464E7CF31730B082304B972646

Thank you in advance


Edited by bloopie, 05 May 2013 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 08 May 2013 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 14 May 2013 - 08:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users