Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI moneypak virus and firewall disabling


  • Please log in to reply
32 replies to this topic

#1 atekinak

atekinak

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 15 May 2013 - 01:19 PM

Got infected with a FBI moneypak virus that blocked my pc. Used system restore to get rid off it but now my McAfee firewall keeps getting turned off and I can't launch windows defender neither. McAfee support told me that my computer is still infected and suggested me professional assistance. Below is my log. Thanks in advance.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Atakan at 21:03:36 on 2013-05-15
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8086.5213 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\windows\syswow64\mpk\lsynchost.exe
c:\windows\syswow64\mpk\lsynchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\AppStats\MfeASUM.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\windows\syswow64\mpk\MPK.exe
C:\WINDOWS\system32\taskhostex.exe
c:\windows\syswow64\mpk\MPK64.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Atakan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Dell Support Center\uaclauncher.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wwahost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ernie.erau.edu/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={1607B684-87B6-11E2-BEA1-88532E998CC9}
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
uRun: [SkyDrive] "C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Atakan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Atakan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Nike+ Connect] "C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FAStartup] <no file>
StartupFolder: C:\Users\Atakan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.13.0.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\144716B616E6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.2
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\D656469616C696E6B6 : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\WINDOWS\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Atakan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\Drivers\mfehidk.sys [2012-7-17 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\Drivers\mfewfpk.sys [2012-7-17 340216]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2013-3-8 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\Drivers\hssdrv6.sys [2013-4-24 46792]
R1 LUMDriver;LUMDriver;C:\WINDOWS\System32\Drivers\LUMDriver.sys [2008-1-2 24848]
R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-2-14 31408]
R1 nvkflt;nvkflt;C:\WINDOWS\System32\Drivers\nvkflt.sys [2012-10-8 284008]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-1-31 83704]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\Drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\Drivers\CtClsFlt.sys [2012-10-31 175168]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\Drivers\ew_jubusenum.sys [2012-12-16 87040]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\Drivers\iBtFltCoex.sys [2011-12-10 60416]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\Drivers\iwdbus.sys [2012-8-10 25568]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2012-9-18 15160]
R3 ManyCam;ManyCam Virtual Webcam;C:\WINDOWS\System32\Drivers\mcvidrv_x64.sys [2012-10-11 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\WINDOWS\System32\Drivers\mcaudrv_x64.sys [2012-10-11 28160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\Drivers\mfeavfk.sys [2012-11-2 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\Drivers\mfefirek.sys [2012-11-2 515968]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\Drivers\mfeelamk.sys [2012-11-2 69168]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\Drivers\cfwids.sys [2012-11-2 70112]
S3 FACAP;facap, FastAccess Video Capture;C:\WINDOWS\System32\Drivers\facap.sys [2008-9-25 238848]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\Drivers\HipShieldK.sys [2012-11-2 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\Drivers\intelaud.sys [2012-8-10 35296]
S3 massfilter;Mass Storage Filter Driver;C:\WINDOWS\System32\Drivers\massfilter.sys [2012-12-16 11776]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\Drivers\mferkdet.sys [2012-11-2 106552]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-9-4 25584]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-15 08:22:12 -------- d-----w- C:\Intel
2013-05-15 08:21:45 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-05-15 08:21:45 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-05-15 06:58:04 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-15 06:58:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-05-15 06:58:02 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll
2013-05-15 06:58:02 10789888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-15 06:58:01 2767360 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2013-05-15 06:58:01 1593344 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2013-05-15 06:58:00 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-05-15 06:56:55 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-05-15 06:55:36 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-05-15 06:55:35 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-05-15 06:55:29 659456 ----a-w- C:\WINDOWS\SysWow64\mssvp.dll
2013-05-15 06:55:29 503080 ----a-w- C:\WINDOWS\System32\ci.dll
2013-05-15 06:55:29 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-05-15 06:55:29 411136 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-05-15 06:55:29 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2013-05-15 06:55:29 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll
2013-05-15 06:55:29 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll
2013-05-15 06:55:29 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2013-05-15 06:55:16 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-05-15 06:55:10 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2013-05-15 06:55:03 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe
2013-05-15 06:54:56 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-05-15 06:54:56 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-05-15 06:54:50 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-05-15 06:54:50 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-05-15 06:54:37 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe
2013-05-15 06:54:22 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-05-15 06:54:22 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll
2013-05-15 06:54:06 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-14 21:31:59 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-05-14 21:31:40 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-05-14 21:31:38 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-05-14 21:31:05 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2013-05-14 15:09:41 -------- d-----w- C:\Program Files (x86)\MSECache
2013-05-12 23:06:49 -------- d-----w- C:\Users\Atakan\AppData\Roaming\McAFee TechCheck
2013-05-12 23:05:42 244416 ----a-w- C:\WINDOWS\SysWow64\Msflxgrd.ocx
2013-05-12 23:05:42 203976 ----a-w- C:\WINDOWS\SysWow64\RICHTX32.OCX
2013-05-12 23:05:41 209192 ----a-w- C:\WINDOWS\SysWow64\TABCTL32.OCX
2013-05-12 23:05:41 140288 ----a-w- C:\WINDOWS\SysWow64\comdlg32.ocx
2013-05-12 23:05:38 -------- d-----w- C:\Users\Atakan\AppData\Roaming\TechCheck
2013-05-03 06:26:44 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 06:26:44 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 05:53:56 945152 ----a-w- C:\WINDOWS\System32\resetengmig.dll
2013-05-03 05:53:56 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-05-03 05:53:56 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-05-03 05:53:56 132096 ----a-w- C:\WINDOWS\System32\sysreset.exe
2013-05-03 05:53:56 1011200 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-04-24 19:27:42 42184 ----a-w- C:\WINDOWS\System32\drivers\taphss6.sys
2013-04-24 19:18:34 46792 ----a-w- C:\WINDOWS\System32\drivers\hssdrv6.sys
2013-04-23 23:19:41 16384 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\F-35B\Panel\rcb-gauges\sswvtol.dll
2013-04-16 22:37:08 282512 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2013-04-16 22:37:07 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
.
==================== Find3M  ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:36 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll
2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll
2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys
2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys
2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2013-03-19 22:38:32 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 22:38:31 861088 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-03-19 22:38:31 782240 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-03-15 22:05:34 298456 ----a-w- C:\WINDOWS\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
2013-03-08 06:04:31 283200 ----a-w- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
2013-03-02 10:57:48 337128 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\WINDOWS\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\WINDOWS\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32 145408 ----a-w- C:\WINDOWS\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\WINDOWS\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\WINDOWS\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-03-02 02:44:29 1151488 ----a-w- C:\WINDOWS\System32\mcmde.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\WINDOWS\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\WINDOWS\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
2011-09-22 16:12:42 83264 --sha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH: 21:04:14.72 ===============
 

 

Attached File  attach.txt   16.06KB   0 downloads



BC AdBot (Login to Remove)

 


#2 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 16 May 2013 - 03:25 AM

After some research on web, tried removing and re-installing McAfee but it didn't change anything, still can't turn on the firewall. In case if anything had changed I ran the dds again and the log is as below. Thanks in advance.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Atakan at 11:24:06 on 2013-05-16
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8086.5673 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\windows\syswow64\mpk\lsynchost.exe
c:\windows\syswow64\mpk\lsynchost.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wwahost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ernie.erau.edu/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={1607B684-87B6-11E2-BEA1-88532E998CC9}
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [SkyDrive] "C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Atakan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Atakan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Nike+ Connect] "C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FAStartup] <no file>
StartupFolder: C:\Users\Atakan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.13.0.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\144716B616E6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.2
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\D656469616C696E6B6 : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\WINDOWS\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Atakan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-16 05:35; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-16 05:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; C:\Program Files (x86)\Common Files\McAfee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\WINDOWS\System32\Drivers\stdcfltn.sys [2012-11-2 22168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2013-3-8 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\Drivers\hssdrv6.sys [2013-4-24 46792]
R1 LUMDriver;LUMDriver;C:\WINDOWS\System32\Drivers\LUMDriver.sys [2008-1-2 24848]
R1 nvkflt;nvkflt;C:\WINDOWS\System32\Drivers\nvkflt.sys [2012-10-8 284008]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-1-31 83704]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\Drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\Drivers\CtClsFlt.sys [2012-10-31 175168]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\Drivers\ew_jubusenum.sys [2012-12-16 87040]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\Drivers\iBtFltCoex.sys [2011-12-10 60416]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\Drivers\iwdbus.sys [2012-8-10 25568]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2012-9-18 15160]
R3 ManyCam;ManyCam Virtual Webcam;C:\WINDOWS\System32\Drivers\mcvidrv_x64.sys [2012-10-11 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\WINDOWS\System32\Drivers\mcaudrv_x64.sys [2012-10-11 28160]
R3 qicflt;upper Device Filter Driver;C:\WINDOWS\System32\Drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\WINDOWS\System32\Drivers\ST_Accel.sys [2012-11-2 71832]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\WINDOWS\System32\Drivers\taphss6.sys [2013-4-24 42184]
S3 FACAP;facap, FastAccess Video Capture;C:\WINDOWS\System32\Drivers\facap.sys [2008-9-25 238848]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\Drivers\intelaud.sys [2012-8-10 35296]
S3 massfilter;Mass Storage Filter Driver;C:\WINDOWS\System32\Drivers\massfilter.sys [2012-12-16 11776]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-16 02:36:27 34384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2013-05-15 22:41:27 182752 ----a-w- C:\WINDOWS\System32\mfevtps.exe
2013-05-15 22:36:55 -------- d-----w- C:\mfe
2013-05-15 08:22:12 -------- d-----w- C:\Intel
2013-05-15 08:21:45 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-05-15 08:21:45 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-05-15 06:58:04 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-15 06:58:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-05-15 06:58:02 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll
2013-05-15 06:58:02 10789888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-15 06:58:01 2767360 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2013-05-15 06:58:01 1593344 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2013-05-15 06:58:00 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-05-15 06:56:55 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-05-15 06:55:36 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-05-15 06:55:35 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-05-15 06:55:29 659456 ----a-w- C:\WINDOWS\SysWow64\mssvp.dll
2013-05-15 06:55:29 503080 ----a-w- C:\WINDOWS\System32\ci.dll
2013-05-15 06:55:29 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-05-15 06:55:29 411136 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-05-15 06:55:29 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2013-05-15 06:55:29 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll
2013-05-15 06:55:29 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll
2013-05-15 06:55:29 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2013-05-15 06:55:16 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-05-15 06:55:10 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2013-05-15 06:55:03 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe
2013-05-15 06:54:56 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-05-15 06:54:56 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-05-15 06:54:50 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-05-15 06:54:50 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-05-15 06:54:37 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe
2013-05-15 06:54:22 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-05-15 06:54:22 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll
2013-05-15 06:54:06 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-14 21:31:59 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-05-14 21:31:40 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-05-14 21:31:38 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-05-14 21:31:05 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2013-05-14 15:09:41 -------- d-----w- C:\Program Files (x86)\MSECache
2013-05-12 23:06:49 -------- d-----w- C:\Users\Atakan\AppData\Roaming\McAFee TechCheck
2013-05-12 23:05:42 244416 ----a-w- C:\WINDOWS\SysWow64\Msflxgrd.ocx
2013-05-12 23:05:42 203976 ----a-w- C:\WINDOWS\SysWow64\RICHTX32.OCX
2013-05-12 23:05:41 209192 ----a-w- C:\WINDOWS\SysWow64\TABCTL32.OCX
2013-05-12 23:05:41 140288 ----a-w- C:\WINDOWS\SysWow64\comdlg32.ocx
2013-05-12 23:05:38 -------- d-----w- C:\Users\Atakan\AppData\Roaming\TechCheck
2013-05-03 06:26:44 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 06:26:44 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 05:53:56 945152 ----a-w- C:\WINDOWS\System32\resetengmig.dll
2013-05-03 05:53:56 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-05-03 05:53:56 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-05-03 05:53:56 132096 ----a-w- C:\WINDOWS\System32\sysreset.exe
2013-05-03 05:53:56 1011200 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-04-24 19:27:42 42184 ----a-w- C:\WINDOWS\System32\drivers\taphss6.sys
2013-04-24 19:18:34 46792 ----a-w- C:\WINDOWS\System32\drivers\hssdrv6.sys
2013-04-23 23:19:41 16384 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\F-35B\Panel\rcb-gauges\sswvtol.dll
2013-04-16 22:37:08 282512 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2013-04-16 22:37:07 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
.
==================== Find3M  ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:36 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll
2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll
2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys
2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys
2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2013-03-19 22:38:32 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 22:38:31 861088 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-03-19 22:38:31 782240 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-03-15 22:05:34 298456 ----a-w- C:\WINDOWS\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
2013-03-08 06:04:31 283200 ----a-w- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
2013-03-02 10:57:48 337128 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\WINDOWS\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\WINDOWS\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32 145408 ----a-w- C:\WINDOWS\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\WINDOWS\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\WINDOWS\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-03-02 02:44:29 1151488 ----a-w- C:\WINDOWS\System32\mcmde.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\WINDOWS\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\WINDOWS\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
2011-09-22 16:12:42 83264 --sha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH: 11:25:00.08 ===============
 

Attached File  attach.txt   16.34KB   0 downloads



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 PM

Posted 20 May 2013 - 01:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/494694 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 21 May 2013 - 04:46 AM

Got infected with a FBI moneypak virus that blocked my pc. Used system restore to get rid off it but now my McAfee firewall keeps getting turned off and I can't launch windows defender neither. McAfee support told me that my computer is still infected and suggested me professional assistance. After some research on web, tried removing and re-installing McAfee but it didn't change anything, still can't turn on the firewall. I ran the dds again and the log is as below. Thanks in advance.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Atakan at 12:45:28 on 2013-05-21
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8086.4977 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\windows\syswow64\mpk\lsynchost.exe
c:\windows\syswow64\mpk\lsynchost.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\wwahost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\igfxpers.exe
C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wwahost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ernie.erau.edu/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={1607B684-87B6-11E2-BEA1-88532E998CC9}
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [SkyDrive] "C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Atakan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Atakan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Nike+ Connect] "C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FAStartup] <no file>
StartupFolder: C:\Users\Atakan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.13.0.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\144716B616E6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.2
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\D656469616C696E6B6 : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\WINDOWS\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Atakan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-16 05:35; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-16 05:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; C:\Program Files (x86)\Common Files\McAfee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\Drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\Drivers\mfewfpk.sys [2013-2-19 340216]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\WINDOWS\System32\Drivers\stdcfltn.sys [2012-11-2 22168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2013-3-8 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\Drivers\hssdrv6.sys [2013-4-24 46792]
R1 LUMDriver;LUMDriver;C:\WINDOWS\System32\Drivers\LUMDriver.sys [2008-1-2 24848]
R1 nvkflt;nvkflt;C:\WINDOWS\System32\Drivers\nvkflt.sys [2012-10-8 284008]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/31 07:18:29];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-12-29 130320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-2 98208]
R2 BBDemon;Backbone Service;C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-9-26 36864]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-1-31 91248]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-1-31 78960]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-1-31 296048]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2012-2-14 2451440]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-4-26 570664]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-4-26 390440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-5-16 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-5-16 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2013-5-16 182752]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-1-31 83704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\Drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-2 2594584]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-3-8 188760]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\Drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\Drivers\CtClsFlt.sys [2012-10-31 175168]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\Drivers\ew_jubusenum.sys [2012-12-16 87040]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\Drivers\iBtFltCoex.sys [2011-12-10 60416]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\Drivers\iwdbus.sys [2012-8-10 25568]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2012-9-18 15160]
R3 ManyCam;ManyCam Virtual Webcam;C:\WINDOWS\System32\Drivers\mcvidrv_x64.sys [2012-10-11 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\WINDOWS\System32\Drivers\mcaudrv_x64.sys [2012-10-11 28160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\Drivers\mfeavfk.sys [2013-5-16 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\Drivers\mfefirek.sys [2013-5-16 515968]
R3 qicflt;upper Device Filter Driver;C:\WINDOWS\System32\Drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\WINDOWS\System32\Drivers\ST_Accel.sys [2012-11-2 71832]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\WINDOWS\System32\Drivers\taphss6.sys [2013-4-24 42184]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\Drivers\mfeelamk.sys [2013-5-16 69168]
S2 0157031368671535mcinstcleanup;McAfee Application Installer Cleanup (0157031368671535);C:\Users\Atakan\AppData\Local\Temp\015703~1.EXE -cleanup -nolog --> C:\Users\Atakan\AppData\Local\Temp\015703~1.EXE -cleanup -nolog [?]
S2 MainLSyncHost;Local Synchronization Host;C:\Windows\SysWOW64\MPK\lsynchost.exe [2012-11-29 671064]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" --> C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [?]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\WINDOWS\System32\Drivers\wcmvcam64.sys [2012-4-16 1071032]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\Drivers\cfwids.sys [2013-5-16 70112]
S3 FACAP;facap, FastAccess Video Capture;C:\WINDOWS\System32\Drivers\facap.sys [2008-9-25 238848]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\Drivers\HipShieldK.sys [2013-5-16 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\Drivers\intelaud.sys [2012-8-10 35296]
S3 massfilter;Mass Storage Filter Driver;C:\WINDOWS\System32\Drivers\massfilter.sys [2012-12-16 11776]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\Drivers\mferkdet.sys [2013-5-16 106552]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-2 178824]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-26 126976]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\Drivers\usb3Hub.sys [2012-8-10 48096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 wdkmd;Intel WiDi KMD;C:\WINDOWS\System32\Drivers\WDKMD.sys [2010-12-1 42392]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\Drivers\xHCIPort.sys [2012-8-10 188384]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-20 13:40:52 -------- d-----w- C:\Program Files (x86)\Photo Recovery
2013-05-19 05:03:57 -------- d-----w- C:\Users\Atakan\AppData\Roaming\LolClient
2013-05-19 01:51:59 467984 ----a-w- C:\WINDOWS\SysWow64\d3dx10_39.dll
2013-05-19 01:51:59 1493528 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_39.dll
2013-05-19 01:50:07 -------- d-----w- C:\Riot Games
2013-05-18 23:57:58 -------- d-----w- C:\Users\Atakan\AppData\Local\PMB Files
2013-05-18 23:57:58 -------- d-----w- C:\ProgramData\PMB Files
2013-05-18 23:57:27 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-05-18 23:57:20 -------- d-----w- C:\Users\Atakan\.swt
2013-05-16 02:36:27 34384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2013-05-15 22:41:27 182752 ----a-w- C:\WINDOWS\System32\mfevtps.exe
2013-05-15 22:36:55 -------- d-----w- C:\mfe
2013-05-15 08:22:12 -------- d-----w- C:\Intel
2013-05-15 08:21:45 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-05-15 08:21:45 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-05-15 06:58:04 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-15 06:58:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-05-15 06:58:02 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll
2013-05-15 06:58:02 10789888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-15 06:58:01 2767360 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2013-05-15 06:58:01 1593344 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2013-05-15 06:58:00 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-05-15 06:56:55 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-05-15 06:55:36 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-05-15 06:55:35 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-05-15 06:55:29 659456 ----a-w- C:\WINDOWS\SysWow64\mssvp.dll
2013-05-15 06:55:29 503080 ----a-w- C:\WINDOWS\System32\ci.dll
2013-05-15 06:55:29 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-05-15 06:55:29 411136 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-05-15 06:55:29 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2013-05-15 06:55:29 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll
2013-05-15 06:55:29 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll
2013-05-15 06:55:29 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2013-05-15 06:55:16 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-05-15 06:55:10 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2013-05-15 06:55:03 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe
2013-05-15 06:54:56 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-05-15 06:54:56 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-05-15 06:54:50 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-05-15 06:54:50 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-05-15 06:54:37 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe
2013-05-15 06:54:22 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-05-15 06:54:22 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll
2013-05-15 06:54:06 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-14 21:31:59 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-05-14 21:31:40 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-05-14 21:31:38 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-05-14 21:31:05 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2013-05-14 15:09:41 -------- d-----w- C:\Program Files (x86)\MSECache
2013-05-12 23:06:49 -------- d-----w- C:\Users\Atakan\AppData\Roaming\McAFee TechCheck
2013-05-12 23:05:42 244416 ----a-w- C:\WINDOWS\SysWow64\Msflxgrd.ocx
2013-05-12 23:05:42 203976 ----a-w- C:\WINDOWS\SysWow64\RICHTX32.OCX
2013-05-12 23:05:41 209192 ----a-w- C:\WINDOWS\SysWow64\TABCTL32.OCX
2013-05-12 23:05:41 140288 ----a-w- C:\WINDOWS\SysWow64\comdlg32.ocx
2013-05-12 23:05:38 -------- d-----w- C:\Users\Atakan\AppData\Roaming\TechCheck
2013-05-03 06:26:44 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 06:26:44 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 05:53:56 945152 ----a-w- C:\WINDOWS\System32\resetengmig.dll
2013-05-03 05:53:56 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-05-03 05:53:56 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-05-03 05:53:56 132096 ----a-w- C:\WINDOWS\System32\sysreset.exe
2013-05-03 05:53:56 1011200 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-04-24 19:27:42 42184 ----a-w- C:\WINDOWS\System32\drivers\taphss6.sys
2013-04-24 19:18:34 46792 ----a-w- C:\WINDOWS\System32\drivers\hssdrv6.sys
2013-04-23 23:19:41 16384 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\F-35B\Panel\rcb-gauges\sswvtol.dll
.
==================== Find3M  ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-04-16 22:37:08 282512 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2013-04-16 22:37:07 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:36 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll
2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll
2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys
2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys
2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2013-03-19 22:38:32 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 22:38:31 861088 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-03-19 22:38:31 782240 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-03-15 22:05:34 298456 ----a-w- C:\WINDOWS\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
2013-03-08 06:04:31 283200 ----a-w- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
2013-03-02 10:57:48 337128 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\WINDOWS\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\WINDOWS\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32 145408 ----a-w- C:\WINDOWS\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\WINDOWS\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\WINDOWS\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-03-02 02:44:29 1151488 ----a-w- C:\WINDOWS\System32\mcmde.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\WINDOWS\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\WINDOWS\System32\discan.dll
2011-09-22 16:12:42 83264 --sha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH: 12:46:10.66 ===============
 
Attached File  attach.txt   16.2KB   0 downloads

 



#5 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 21 May 2013 - 04:48 AM

Also I have updated my system from win 7 to win 8, and don't have any of their original Windows CD/DVD available.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 22 May 2013 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

  • Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    Please run the DDS tool again and post a fresh log.

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#7 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 May 2013 - 01:49 AM

The RogueKiller (64bit) created 2 log files RKreport[1] and RKreport[2]. I am pasting both of their content below.

Also I couldn't find a way to "Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer."

 

Windows defender has a program for that but I can't run it. (windows defender doesn't turn on)

 

Below are the logs.

 

RKreport[1]

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Atakan [Admin rights]
Mode : Scan -- Date : 05/23/2013 15:43:15
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4102341212-899281304-1506112622-1001[...]\Run : Nike+ Connect ("C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe") [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG SSD PM830 2.5" 7mm 256GB +++++
--- User ---
[MBR] d7774ed2df6d647b7a9a9c10051a7393
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 224093 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_05232013_02d1543.txt >>
RKreport[1]_S_05232013_02d1543.txt
 

 

RKreport[2]

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Atakan [Admin rights]
Mode : Remove -- Date : 05/23/2013 15:45:55
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Nike+ Connect ("C:\Users\Atakan\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe") [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG SSD PM830 2.5" 7mm 256GB +++++
--- User ---
[MBR] d7774ed2df6d647b7a9a9c10051a7393
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 224093 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_05232013_02d1545.txt >>
RKreport[1]_S_05232013_02d1543.txt ; RKreport[2]_D_05232013_02d1545.txt
 

 

AdwCleaner[S1]

 

 

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 20:05:19
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8 Pro with Media Center  (64 bits)
# User : Atakan - DELLXPS
# Boot Mode : Normal
# Running from : C:\Users\Atakan\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\Atakan\AppData\Local\PackageAware
Folder Deleted : C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\SweetPacksToolbarData
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={1607B684-87B6-11E2-BEA1-88532E998CC9} --> hxxp://www.google.com
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\prefs.js
 
Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;&crg=$car[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITE[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{1607B684-87B6-11E2-BEA1-88532E998CC9}");
Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$too[...]
Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://www.sweetim.com");
Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy");
Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id[...]
Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/");
Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Atakan\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3507] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043[...]
 
*************************
 
AdwCleaner[S1].txt - [12739 octets] - [23/05/2013 20:05:19]
 
########## EOF - C:\AdwCleaner[S1].txt - [12800 octets] ##########
 

 

DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Atakan at 20:50:01 on 2013-05-23
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8086.5896 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\AppStats\MfeASUM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ernie.erau.edu/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [SkyDrive] "C:\Users\Atakan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Atakan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Atakan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Google Update] "C:\Users\Atakan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FAStartup] <no file>
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.13.0.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\144716B616E6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.22.0.2
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3904FEF9-67A9-4A88-8EC5-0DF61DFE1ED8}\D656469616C696E6B6 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{49EDAE79-8715-4A14-A73F-2FDD2960A003} : DHCPNameServer = 8.8.8.8
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\WINDOWS\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli FAPassSync
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130516053628.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Atakan\AppData\Roaming\Mozilla\Firefox\Profiles\37ty4xxc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Atakan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Atakan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Atakan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-16 05:35; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-16 05:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; C:\Program Files (x86)\Common Files\McAfee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\Drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\Drivers\mfewfpk.sys [2013-2-19 340216]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\Drivers\nvpciflt.sys [2012-10-8 30056]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\WINDOWS\System32\Drivers\stdcfltn.sys [2012-11-2 22168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\Drivers\dtsoftbus01.sys [2013-3-8 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\WINDOWS\System32\Drivers\hssdrv6.sys [2013-4-24 46792]
R1 LUMDriver;LUMDriver;C:\WINDOWS\System32\Drivers\LUMDriver.sys [2008-1-2 24848]
R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-5-23 31408]
R1 nvkflt;nvkflt;C:\WINDOWS\System32\Drivers\nvkflt.sys [2012-10-8 284008]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/31 07:18:29];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-12-29 130320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-2 98208]
R2 BBDemon;Backbone Service;C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-9-26 36864]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-1-31 91248]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-1-31 78960]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-1-31 296048]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2012-2-14 2451440]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-4-26 570664]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-4-26 390440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-5-16 241456]
R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-5-23 335216]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-5-16 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2013-5-16 182752]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-1-31 83704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\Drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-2 2594584]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-3-8 188760]
R3 btmhsf;btmhsf;C:\WINDOWS\System32\Drivers\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\Drivers\CtClsFlt.sys [2012-10-31 175168]
R3 huawei_enumerator;huawei_enumerator;C:\WINDOWS\System32\Drivers\ew_jubusenum.sys [2012-12-16 87040]
R3 iBtFltCoex;iBtFltCoex;C:\WINDOWS\System32\Drivers\iBtFltCoex.sys [2011-12-10 60416]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\Drivers\iwdbus.sys [2012-8-10 25568]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2012-9-18 78648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2012-9-18 15160]
R3 ManyCam;ManyCam Virtual Webcam;C:\WINDOWS\System32\Drivers\mcvidrv_x64.sys [2012-10-11 44544]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\WINDOWS\System32\Drivers\mcaudrv_x64.sys [2012-10-11 28160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\Drivers\mfeavfk.sys [2013-5-16 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\Drivers\mfefirek.sys [2013-5-16 515968]
R3 qicflt;upper Device Filter Driver;C:\WINDOWS\System32\Drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\WINDOWS\System32\Drivers\ST_Accel.sys [2012-11-2 71832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\Drivers\mfeelamk.sys [2013-5-16 69168]
S2 0327441369328987mcinstcleanup;McAfee Application Installer Cleanup (0327441369328987);C:\WINDOWS\TEMP\032744~1.EXE -cleanup -nolog --> C:\WINDOWS\TEMP\032744~1.EXE -cleanup -nolog [?]
S2 MainLSyncHost;Local Synchronization Host;c:\windows\syswow64\mpk\lsynchost.exe /startedbyscm:E4233B4F-40E3FE91-MPKService --> c:\windows\syswow64\mpk\lsynchost.exe  [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-5-16 201304]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" --> C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [?]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\WINDOWS\System32\Drivers\wcmvcam64.sys [2012-4-16 1071032]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\Drivers\cfwids.sys [2013-5-16 70112]
S3 FACAP;facap, FastAccess Video Capture;C:\WINDOWS\System32\Drivers\facap.sys [2008-9-25 238848]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\Drivers\HipShieldK.sys [2013-5-16 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\Drivers\intelaud.sys [2012-8-10 35296]
S3 massfilter;Mass Storage Filter Driver;C:\WINDOWS\System32\Drivers\massfilter.sys [2012-12-16 11776]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\Drivers\mferkdet.sys [2013-5-16 106552]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-2 178824]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\WINDOWS\System32\Drivers\taphss6.sys [2013-4-24 42184]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-26 126976]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\Drivers\usb3Hub.sys [2012-8-10 48096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 wdkmd;Intel WiDi KMD;C:\WINDOWS\System32\Drivers\WDKMD.sys [2010-12-1 42392]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\Drivers\xHCIPort.sys [2012-8-10 188384]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-23 00:02:50 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-20 13:40:52 -------- d-----w- C:\Program Files (x86)\Photo Recovery
2013-05-19 05:03:57 -------- d-----w- C:\Users\Atakan\AppData\Roaming\LolClient
2013-05-19 01:51:59 467984 ----a-w- C:\WINDOWS\SysWow64\d3dx10_39.dll
2013-05-19 01:51:59 1493528 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_39.dll
2013-05-19 01:50:07 -------- d-----w- C:\Riot Games
2013-05-18 23:57:58 -------- d-----w- C:\Users\Atakan\AppData\Local\PMB Files
2013-05-18 23:57:58 -------- d-----w- C:\ProgramData\PMB Files
2013-05-18 23:57:27 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-05-18 23:57:20 -------- d-----w- C:\Users\Atakan\.swt
2013-05-16 02:36:27 34384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2013-05-15 22:41:27 182752 ----a-w- C:\WINDOWS\System32\mfevtps.exe
2013-05-15 22:36:55 -------- d-----w- C:\mfe
2013-05-15 08:22:12 -------- d-----w- C:\Intel
2013-05-15 08:21:45 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-05-15 08:21:45 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-05-15 06:58:04 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-15 06:58:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-05-15 06:58:02 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll
2013-05-15 06:58:02 10789888 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-15 06:58:01 2767360 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2013-05-15 06:58:01 1593344 ----a-w- C:\WINDOWS\SysWow64\mssrch.dll
2013-05-15 06:58:00 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-05-15 06:56:55 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-05-15 06:55:36 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys
2013-05-15 06:55:35 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe
2013-05-15 06:55:29 659456 ----a-w- C:\WINDOWS\SysWow64\mssvp.dll
2013-05-15 06:55:29 503080 ----a-w- C:\WINDOWS\System32\ci.dll
2013-05-15 06:55:29 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2013-05-15 06:55:29 411136 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-05-15 06:55:29 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll
2013-05-15 06:55:29 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll
2013-05-15 06:55:29 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll
2013-05-15 06:55:29 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2013-05-15 06:55:16 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-05-15 06:55:10 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2013-05-15 06:55:03 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe
2013-05-15 06:54:56 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-05-15 06:54:56 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-05-15 06:54:50 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys
2013-05-15 06:54:50 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-05-15 06:54:37 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe
2013-05-15 06:54:22 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-05-15 06:54:22 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll
2013-05-15 06:54:06 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-14 21:31:59 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-05-14 21:31:40 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-05-14 21:31:38 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-05-14 21:31:05 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2013-05-14 15:09:41 -------- d-----w- C:\Program Files (x86)\MSECache
2013-05-12 23:06:49 -------- d-----w- C:\Users\Atakan\AppData\Roaming\McAFee TechCheck
2013-05-12 23:05:42 244416 ----a-w- C:\WINDOWS\SysWow64\Msflxgrd.ocx
2013-05-12 23:05:42 203976 ----a-w- C:\WINDOWS\SysWow64\RICHTX32.OCX
2013-05-12 23:05:41 209192 ----a-w- C:\WINDOWS\SysWow64\TABCTL32.OCX
2013-05-12 23:05:41 140288 ----a-w- C:\WINDOWS\SysWow64\comdlg32.ocx
2013-05-12 23:05:38 -------- d-----w- C:\Users\Atakan\AppData\Roaming\TechCheck
2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-03 06:26:44 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 06:26:44 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-05-03 05:53:56 945152 ----a-w- C:\WINDOWS\System32\resetengmig.dll
2013-05-03 05:53:56 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-05-03 05:53:56 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-05-03 05:53:56 132096 ----a-w- C:\WINDOWS\System32\sysreset.exe
2013-05-03 05:53:56 1011200 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-04-24 19:27:42 42184 ----a-w- C:\WINDOWS\System32\drivers\taphss6.sys
2013-04-24 19:18:34 46792 ----a-w- C:\WINDOWS\System32\drivers\hssdrv6.sys
2013-04-23 23:19:41 16384 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\F-35B\Panel\rcb-gauges\sswvtol.dll
.
==================== Find3M  ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-04-16 22:37:08 282512 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2013-04-16 22:37:07 76888 ----a-w- C:\WINDOWS\SysWow64\PnkBstrA.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll
2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll
2013-04-09 04:49:36 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll
2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll
2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys
2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys
2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys
2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr
2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi
2013-03-19 22:38:32 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 22:38:31 861088 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-03-19 22:38:31 782240 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-03-15 22:05:34 298456 ----a-w- C:\WINDOWS\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
2013-03-08 06:04:31 283200 ----a-w- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
2013-03-02 10:57:48 337128 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\WINDOWS\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\WINDOWS\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\WINDOWS\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\WINDOWS\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-03-02 08:21:32 145408 ----a-w- C:\WINDOWS\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\WINDOWS\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\WINDOWS\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\WINDOWS\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\WINDOWS\System32\mstscax.dll
2013-03-02 02:44:29 1151488 ----a-w- C:\WINDOWS\System32\mcmde.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\WINDOWS\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\WINDOWS\System32\discan.dll
2011-09-22 16:12:42 83264 --sha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH: 20:50:43.82 ===============
 

Attach

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2012 4:08:35 AM
System Uptime: 5/23/2013 8:06:31 PM (0 hours ago)
.
Motherboard: Dell Inc.          |  | 0XN71K
Processor: Intel® Core™ i7-2860QM CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 44.258 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Description: USB-IF xHCI USB Host Controller
Device ID: ROOT\UOIP_BUS_DRIVER\0000
Manufacturer: Intel Corporation
Name: USB-IF xHCI USB Host Controller
PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000
Service: XHCIPort
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Anchorfree HSS VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Anchorfree HSS VPN Adapter
Name: Anchorfree HSS VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: taphss6
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP47: 5/14/2013 9:39:40 AM - Scheduled Checkpoint
RP48: 5/19/2013 4:49:44 AM - Yüklenen League of Legends
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.03)
Advanced Audio FX Engine
Akamai NetSession Interface
Amazon Add to Wish List IE Extension 1.2
Amazon Cloud Drive
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Bonjour
Camtasia Studio 8
CCleaner
Citrix Presentation Server Client - Web Only
CopyTrans Suite Remove Only
CutePDF Writer 2.7
CyberLink PowerDVD 12
D3DX10
DAEMON Tools Lite
Dassault Systemes Software B20
Dassault Systemes Software Prerequisites x86-x64
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell System Detect
Dell Webcam Central
Dotfuscator and Analytics Community Edition
Dropbox
EA SPORTS Game Face Browser Plugin 1.8.0.0
Entity Framework Designer for Visual Studio 2012 - enu
eReg
Face Recognition
Facebook Messenger 2.1.4814.0
Facebook Video Calling 1.2.0.287
Far Cry 3
Flight Simulator X
Flight Simulator X Service Pack 1
Football Manager 2013
FXCM Trading Station
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Graph 4.4.2
Hitman Absolution
Hotspot Shield 2.93
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Update
HUAWEI DataCard Driver 4.23.13.00
iCloud
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Internet Explorer Toolbar 4.7 by SweetPacks
iTunes
Java 7 Update 17
Java Auto Updater
K-Lite Mega Codec Pack 9.5.5
League of Legends
LocalESPC
LocalESPCui for en-us
Logitech SetPoint 6.51
ManyCam 3.1.53
MathType 6
MATLAB R2011a
McAfee SecurityCenter
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Groove MUI (English) 2013
Microsoft Help Viewer 2.0
Microsoft InfoPath MUI (English) 2013
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft Lync MUI (English) 2013
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2013 Yazim Denetleme Araçlari - Türkçe
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft PowerPoint MUI (English) 2013
Microsoft Project MUI (English) 2013
Microsoft Project Professional 2013
Microsoft Publisher MUI (English) 2013
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visio MUI (English) 2013
Microsoft Visio Professional 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft Word MUI (English) 2013
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 Parser and SDK
Nike+ Connect
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Octoshape Streaming Services
Outils de vérification linguistique 2013 de Microsoft Office - Français
Pando Media Booster
PDF Settings CS6
Photo Common
Photo Gallery
Picasa 3
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT 
Prism Video File Converter
PunkBuster Services
Quickset64
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Secure Download Manager
Security Update for Microsoft Expression Design 4 (KB2667730)
Shared C Run-time for x64
Skype™ 6.3
SpeedSim
ST Microelectronics 3 Axis Digital Accelerometer Solution
Steam
System Requirements Lab
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Turkcell 3G VINN
Unity Web Player
Update for  (KB2504637)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2768004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760343) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768333) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768349) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768355) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2760334) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2810015) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2810019) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
Update for Microsoft Word 2013 (KB2768007) 64-Bit Edition
Update for Microsoft Word 2013 (KB2768337) 64-Bit Edition
Updater By SweetPacks 2.0.0.566
Uplay
VBA (3821b)
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20512
VLC media player 2.0.6
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.20 (32-bit)
Wondershare Photo Recovery (build 3.0.3)
Xvid Video Codec
ZTE USB Driver
.
==== Event Viewer Messages From Past Week ========
.
5/23/2013 8:49:28 PM, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends on the following service: MpsSvc. This service might not be installed.
5/23/2013 8:08:47 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/23/2013 8:08:47 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
5/23/2013 8:06:44 PM, Error: Service Control Manager [7003]  - The Network Connectivity Assistant service depends on the following service: iphlpsvc. This service might not be installed.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7000]  - The WebcamMax, WDM Video Capture service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7000]  - The TuneUp Utilities Service service failed to start due to the following error:  The system cannot find the file specified.
5/23/2013 8:06:40 PM, Error: Service Control Manager [7000]  - The Local Synchronization Host service failed to start due to the following error:  The system cannot find the file specified.
5/19/2013 4:01:52 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/19/2013 4:01:52 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/17/2013 7:49:25 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.2.2 with the system having network hardware address 94-94-26-CE-F8-C0. Network operations on this system may be disrupted as a result.
5/16/2013 5:35:22 AM, Error: Service Control Manager [7023]  - The Interactive Services Detection service terminated with the following error:  Incorrect function.
5/16/2013 5:21:06 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
.
==== End Of File ===========================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 24 May 2013 - 08:05 AM



Open your TaskManager and delete this process in bold.
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
Or anything related to SweetPacks.
===


Then delete the folder in bold.
C:\Program Files\Updater By SweetPacks
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Please post the logs for my review.

#9 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 May 2013 - 10:17 AM

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by Atakan on Fri 05/24/2013 at 18:09:02.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] updater by sweetpacks 
Successfully deleted: [Service] updater by sweetpacks 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Atakan\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\Wondershare"
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Emptied folder: C:\Users\Atakan\AppData\Roaming\mozilla\firefox\profiles\37ty4xxc.default\minidumps [67 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/24/2013 at 18:12:41.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

FSS Log

 

Farbar Service Scanner Version: 14-04-2013
Ran by Atakan (administrator) on 24-05-2013 at 18:15:33
Running from "C:\Users\Atakan\Desktop"
Windows 8 Pro with Media Center  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-12 22:02] - [2013-03-02 12:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2013-05-15 09:53] - [2013-04-09 07:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A
 
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-12 22:02] - [2013-03-02 05:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-23 00:22] - [2013-01-29 02:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1
 
C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-23 00:22] - [2013-01-29 04:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 24 May 2013 - 12:46 PM

You will have to bear with me on this.

You have Windows 8 and some of out tools are not ready for this operating system.

I have some information on this possible ZeroAccess infection but it refers to a Windows 7.

I do not want to do or suggest something that will create additional problems.

For now I just want to get some additional information from your system.

Once I have that I will contact the experts and will see what we can do.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :dir
    C:\Program Files\Windows Defender /subl
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#11 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 May 2013 - 02:03 PM

SystemLook x64 Log
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 22:02 on 24/05/2013 by Atakan
Administrator - Elevation successful
 
========== dir ==========
 
C:\Program Files\Windows Defender - Parameters: "/subl"
 
---Files---
DbgHelp.dll --a---- 1558912 bytes [21:22 22/03/2013] [23:04 07/11/2012]
EppManifest.dll --a---- 161744 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpAsDesc.dll --a---- 150608 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpClient.dll --a---- 873448 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpCmdRun.exe --a---- 334064 bytes [21:22 22/03/2013] [01:57 29/01/2013]
MpCommu.dll --a---- 334312 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpEvMsg.dll --a---- 109624 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpOAV.dll --a---- 75240 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpRtp.dll --a---- 493032 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpSvc.dll --a---- 1555920 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpTpmAtt.dll --a---- 50664 bytes [21:22 22/03/2013] [23:08 28/01/2013]
mpuxhostproxy.dll --a---- 27600 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpUXSrv.exe --a---- 55272 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MSASCui.exe --a---- 1345488 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MsMpCom.dll --a---- 70656 bytes [21:22 22/03/2013] [23:24 28/01/2013]
MsMpEng.exe --a---- 14920 bytes [21:22 22/03/2013] [01:57 29/01/2013]
MsMpLics.dll --a---- 19408 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MsMpRes.dll --a---- 438840 bytes [21:22 22/03/2013] [23:08 28/01/2013]
SymSrv.dll --a---- 149264 bytes [21:22 22/03/2013] [23:04 07/11/2012]
SymSrv.yes --a---- 1 bytes [21:22 22/03/2013] [23:04 07/11/2012]
 
---Folders---
en-US d------ [07:49 26/07/2012]
 
-= EOF =-


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 25 May 2013 - 07:15 AM

:dir
C:\Program Files\Windows Defender /sub


Sorry I made an error in my script, there should not be an [b]l[/b after /sub

Please repeat the scan.

#13 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 26 May 2013 - 03:48 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:47 on 26/05/2013 by Atakan
Administrator - Elevation successful
 
========== dir ==========
 
C:\Program Files\Windows Defender - Parameters: "/sub"
 
---Files---
DbgHelp.dll --a---- 1558912 bytes [21:22 22/03/2013] [23:04 07/11/2012]
EppManifest.dll --a---- 161744 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpAsDesc.dll --a---- 150608 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpClient.dll --a---- 873448 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpCmdRun.exe --a---- 334064 bytes [21:22 22/03/2013] [01:57 29/01/2013]
MpCommu.dll --a---- 334312 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpEvMsg.dll --a---- 109624 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpOAV.dll --a---- 75240 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpRtp.dll --a---- 493032 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpSvc.dll --a---- 1555920 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpTpmAtt.dll --a---- 50664 bytes [21:22 22/03/2013] [23:08 28/01/2013]
mpuxhostproxy.dll --a---- 27600 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MpUXSrv.exe --a---- 55272 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MSASCui.exe --a---- 1345488 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MsMpCom.dll --a---- 70656 bytes [21:22 22/03/2013] [23:24 28/01/2013]
MsMpEng.exe --a---- 14920 bytes [21:22 22/03/2013] [01:57 29/01/2013]
MsMpLics.dll --a---- 19408 bytes [21:22 22/03/2013] [23:08 28/01/2013]
MsMpRes.dll --a---- 438840 bytes [21:22 22/03/2013] [23:08 28/01/2013]
SymSrv.dll --a---- 149264 bytes [21:22 22/03/2013] [23:04 07/11/2012]
SymSrv.yes --a---- 1 bytes [21:22 22/03/2013] [23:04 07/11/2012]
 
C:\Program Files\Windows Defender\en-US d------ [07:49 26/07/2012]
MpAsDesc.dll.mui --a---- 47672 bytes [21:22 22/03/2013] [23:07 28/01/2013]
MpEvMsg.dll.mui --a---- 36944 bytes [21:22 22/03/2013] [23:07 28/01/2013]
MsMpRes.dll.mui --a---- 93752 bytes [21:22 22/03/2013] [23:08 28/01/2013]
 
-= EOF =-


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:31 PM

Posted 27 May 2013 - 06:24 AM

Download Malwarebytes Anti-Rootkit. Follow the instructions on this page.

How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer.
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/

When completed please make sure the computer was restarted.

Then run the Farbar Service Scanner tool and post a fresh log.

Let me know if the problem persists.

#15 atekinak

atekinak
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 May 2013 - 01:51 PM

Anti-rootkit found forty something on first scan, and zero on the second run after manual reboot. McAfee firewall still cannot be turned-on, or the windows security center is still unable to run. Below is the FSS log
 
 
FSS
 
Farbar Service Scanner Version: 14-04-2013
Ran by Atakan (administrator) on 28-05-2013 at 21:48:02
Running from "C:\Users\Atakan\Desktop"
Windows 8 Pro with Media Center  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-12 22:02] - [2013-03-02 12:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2013-05-15 09:53] - [2013-04-09 07:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A
 
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-12 22:02] - [2013-03-02 05:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-23 00:22] - [2013-01-29 02:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1
 
C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-23 00:22] - [2013-01-29 04:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users