Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i can't open pc in normal mode


  • This topic is locked This topic is locked
7 replies to this topic

#1 captain_turkiye

captain_turkiye

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 11 June 2013 - 01:33 PM

Now, I am in safe mode. When i try to open in normal mode, i see only black screen after window's welcome. There is a program named "webcake 3.00" in my computer. I can't remove it. What should i do. I have 2 different hard disk(one have two parts). Last resort, i can move important files to another hard disk and format main hard disk. 



BC AdBot (Login to Remove)

 


#2 captain_turkiye

captain_turkiye
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 11 June 2013 - 04:10 PM

I used adwcleaner and i finally open in normal mode. But i still have got some problems. My computer is slow, sometimes frozen when i open a website, give this error frequently. Should i use combofix?

 

p1sc7.jpg


Edited by captain_turkiye, 11 June 2013 - 04:10 PM.


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 AM

Posted 14 June 2013 - 06:02 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 captain_turkiye

captain_turkiye
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 27 June 2013 - 04:54 PM

I ran combofix. My combofix.txt:

 

ComboFix 13-06-27.02 - win7 28.06.2013   0:07.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1254.90.1055.18.3582.2587 [GMT 3:00]
Running from: f:\programlar\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\win7\AppData\Local\assembly\tmp
c:\users\win7\AppData\Local\Temp\_MEI12802\_ctypes.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\_elementtree.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\_hashlib.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\_multiprocessing.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\_socket.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\_ssl.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\pyexpat.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\pysqlite2._sqlite.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\python27.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\pythoncom27.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\PyWinTypes27.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\select.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\unicodedata.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32api.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32com.shell.shell.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32crypt.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32event.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32file.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32inet.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32pdh.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32process.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32profile.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32security.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\win32ts.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\windows._cacheinvalidation.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._controls_.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._core_.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._gdi_.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._html2.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._misc_.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._windows_.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wx._wizard.pyd
c:\users\win7\AppData\Local\Temp\_MEI12802\wxbase294u_net_vc90.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\wxbase294u_vc90.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\wxmsw294u_adv_vc90.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\wxmsw294u_core_vc90.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\wxmsw294u_html_vc90.dll
c:\users\win7\AppData\Local\Temp\_MEI12802\wxmsw294u_webview_vc90.dll
c:\windows\system32\d2d1debug1.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))
.
.
2013-06-27 21:24 . 2013-06-27 21:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-27 21:24 . 2013-06-27 21:24 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2013-06-27 21:24 . 2013-06-27 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 18:23 . 2013-06-27 17:43 -------- d-----w- c:\program files\mutualpublic
2013-06-26 18:22 . 2013-06-26 18:22 -------- d-----w- c:\programdata\BrowserDefender
2013-06-26 18:22 . 2013-06-26 18:22 -------- d-----w- c:\program files\Delta
2013-06-26 18:22 . 2013-06-26 18:22 -------- d-----w- c:\users\win7\AppData\Roaming\BabSolution
2013-06-26 18:22 . 2013-06-26 18:22 -------- d-----w- c:\users\win7\AppData\Roaming\Delta
2013-06-26 18:22 . 2013-06-26 18:22 -------- d-----w- c:\users\win7\AppData\Local\FlvtoYoutubeDownloader
2013-06-26 18:21 . 2013-06-26 18:21 -------- d-----w- c:\programdata\Babylon
2013-06-26 18:21 . 2013-06-26 18:21 -------- d-----w- c:\users\win7\AppData\Roaming\Babylon
2013-06-26 18:21 . 2013-06-26 18:22 -------- d-----w- c:\program files\Flvto Youtube Downloader
2013-06-14 19:10 . 2013-06-14 19:10 -------- d-----w- c:\users\win7\AppData\Local\PackageAware
2013-06-12 18:32 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 18:32 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 18:28 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-12 18:28 . 2013-05-17 01:25 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 18:28 . 2013-05-17 01:25 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-12 18:28 . 2013-05-17 01:25 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-12 18:28 . 2013-05-17 01:25 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-12 18:28 . 2013-05-17 01:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-12 18:27 . 2013-05-17 01:25 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 18:27 . 2013-05-17 02:32 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-06-12 13:08 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 13:08 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 13:08 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 13:08 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 13:08 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 13:08 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 13:08 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 13:08 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 13:08 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 13:08 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 21:16 . 2013-06-11 21:16 -------- d-----w- c:\program files\SQUARE ENIX
2013-06-11 14:36 . 2013-06-11 14:36 -------- d-----w- c:\programdata\Steam
2013-06-10 23:01 . 2013-06-10 23:01 -------- d-----w- c:\program files\CPUID
2013-06-10 17:41 . 2013-06-10 17:41 -------- d-----w- c:\program files\AGEIA Technologies
2013-06-10 17:38 . 2013-05-12 21:37 9053984 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-06-10 17:38 . 2013-05-12 21:37 893728 ----a-w- c:\windows\system32\nvdispgenco3232018.dll
2013-06-10 17:38 . 2013-05-12 21:37 7682960 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-10 17:38 . 2013-05-12 21:37 6324360 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-10 17:38 . 2013-05-12 21:37 443168 ----a-w- c:\windows\system32\NvFBC.dll
2013-06-10 17:38 . 2013-05-12 21:37 421152 ----a-w- c:\windows\system32\NvIFR.dll
2013-06-10 17:38 . 2013-05-12 21:37 2754336 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-10 17:38 . 2013-05-12 21:37 21096736 ----a-w- c:\windows\system32\nvoglv32.dll
2013-06-10 17:38 . 2013-05-12 21:37 2002720 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-10 17:38 . 2013-05-12 21:37 1024288 ----a-w- c:\windows\system32\nvdispco3232018.dll
2013-06-10 17:38 . 2013-05-12 21:37 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-10 17:09 . 2013-06-10 17:09 -------- d-----w- c:\program files\MagicISO
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 10:44 . 2013-06-27 10:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6E604B3-1D8D-42DB-9E30-27AF54B8E7C2}\offreg.dll
2013-06-12 13:00 . 2012-04-12 17:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 13:00 . 2011-06-25 14:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 04:18 . 2013-06-25 15:33 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6E604B3-1D8D-42DB-9E30-27AF54B8E7C2}\mpengine.dll
2013-06-11 20:52 . 2013-05-11 17:29 517 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-10 15:31 . 2013-06-10 15:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-10 15:31 . 2011-12-24 15:56 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-10 15:31 . 2010-05-29 18:21 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-17 01:25 . 2013-06-12 18:27 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 14:55 . 2013-05-14 19:02 2549088 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-05-14 16:34 . 2012-02-20 19:56 2018272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-05-14 08:40 . 2013-06-12 18:28 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-12 21:37 . 2010-01-28 20:18 2597344 ----a-w- c:\windows\system32\nvapi.dll
2013-05-12 21:37 . 2009-07-13 22:09 13403168 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-05-12 21:37 . 2009-06-10 21:19 12426216 ----a-w- c:\windows\system32\nvd3dum.dll
2013-05-12 19:58 . 2010-01-11 20:18 4188960 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 19:58 . 2010-01-11 20:18 3045664 ----a-w- c:\windows\system32\nvsvc.dll
2013-05-12 19:58 . 2010-01-11 20:18 640288 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 19:58 . 2010-01-11 20:18 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 19:58 . 2010-01-11 20:18 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 19:58 . 2010-01-11 20:18 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 12:43 . 2013-05-12 12:43 566048 ----a-w- c:\windows\system32\nvStreaming.exe
2013-05-11 00:11 . 2013-05-11 00:11 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-11 00:11 . 2013-05-11 00:11 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-11 00:11 . 2013-05-11 00:11 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-11 00:11 . 2013-05-11 00:11 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-11 00:11 . 2013-05-11 00:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-11 00:11 . 2013-05-11 00:11 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-11 00:11 . 2013-05-11 00:11 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-11 00:11 . 2013-05-11 00:11 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-11 00:11 . 2013-05-11 00:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-11 00:11 . 2013-05-11 00:11 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-11 00:11 . 2013-05-11 00:11 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-11 00:11 . 2013-05-11 00:11 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-11 00:11 . 2013-05-11 00:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-11 00:11 . 2013-05-11 00:11 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-11 00:11 . 2013-05-11 00:11 361984 ----a-w- c:\windows\system32\html.iec
2013-05-11 00:11 . 2013-05-11 00:11 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-11 00:11 . 2013-05-11 00:11 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-11 00:08 . 2013-05-11 00:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-11 00:08 . 2013-05-11 00:08 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-11 00:08 . 2013-05-11 00:08 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-11 00:08 . 2013-05-11 00:08 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-11 00:08 . 2013-05-11 00:08 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-11 00:08 . 2013-05-11 00:08 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-05-11 00:08 . 2013-05-11 00:08 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-11 00:08 . 2013-05-11 00:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-05-11 00:08 . 2013-05-11 00:08 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-05-11 00:08 . 2013-05-11 00:08 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-11 00:08 . 2013-05-11 00:08 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-11 00:08 . 2013-05-11 00:08 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-11 00:08 . 2013-05-11 00:08 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-11 00:08 . 2013-05-11 00:08 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-11 00:08 . 2013-05-11 00:08 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-11 00:08 . 2013-05-11 00:08 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-05-11 00:08 . 2013-05-11 00:08 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-05-10 18:55 . 2011-09-20 21:11 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 23:06 . 2010-01-20 14:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 04:55 . 2013-06-12 13:08 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-17 07:02 . 2013-06-12 13:08 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-13 04:45 . 2013-05-15 14:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 14:01 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 14:09 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 14:09 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 14:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 11:50 . 2013-05-08 15:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 00:48 . 2013-04-03 00:48 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-04-17 19:30 . 2013-03-19 22:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06 721840 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 17:38 1725128 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 17:38 1725128 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 17:38 1725128 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\win7\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\win7\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\win7\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\win7\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 20:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 21864 ----a-w- f:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="f:\program files\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
"DU Meter"="f:\program files\DU Meter\DUMeter.exe" [2011-12-20 1030144]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-05-31 557448]
"Steam"="c:\program files\Steam\Steam.exe" [2013-02-25 1602984]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"TorrentStream"="c:\users\win7\AppData\Roaming\TorrentStream\engine\tsengine.exe" [2013-04-15 27256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-26 33792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"AttendeeCommunicator"="c:\program files\Microsoft Lync Attendee\AttendeeCommunicator.exe" [2013-05-25 11996344]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\win7\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ashampoo MouseTracer.lnk - c:\program files\Ashampoo\Ashampoo MouseTracer\MouseTracer.exe /startup [2011-10-25 737184]
FILSHtray.lnk - c:\program files\FILSHtray\FILSHtray.exe [2012-4-18 594432]
Launcher.lnk - c:\program files\AveaConnectionManager\Avea_Launcher.exe [2012-10-24 789488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-1-20 106560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-08-25 77624]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 NDISKIO;NDISKIO;c:\users\win7\AppData\Local\Temp\000010dd.nmc\nse\bin\ndiskio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 100224]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-12-21 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-12-21 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-12-21 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-12-21 100352]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-08-25 181432]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-28 691696]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-03 40136]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-11-30 123280]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-11-30 41616]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-05-31 66952]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-05-31 385416]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 95568]
S2 DUMeterSvc;DU Meter Service;f:\program files\DU Meter\DUMeterSvc.exe [2011-12-20 503808]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-01 217088]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
S2 Mutual Monitor;Mutual Monitor;c:\program files\mutualpublic\Monitor.exe run [x]
S2 NAUpdate;Nero Güncelleme;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [2013-03-25 196616]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2013-03-25 70152]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
S2 WTGService;WTGService;c:\program files\AveaConnectionManager\wtgservice.exe [2012-10-24 343024]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2012-09-18 43704]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2012-09-18 12216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-05 37208]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 100048]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-11-30 110992]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:00]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 18:19]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 18:19]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963929789-2576083818-2759863858-1001Core.job
- c:\users\win7\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 18:14]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963929789-2576083818-2759863858-1001UA.job
- c:\users\win7\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 18:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4E6F00FF4BAA7137&affID=120695&tt=250613_gr4&tsp=4925
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = localhost:8080
IE: Bütün linkleri IDM ile indir - f:\program files\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: IDM ile indir - f:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e Gö&nder
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA8432BD-B34E-4FDB-86F8-2D8E1033BCDE}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\dgu0i44e.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4E6F00FF4BAA7137&affID=120695&tt=250613_gr4&tsp=4925
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 4e6f06fe00000000000000ff4baa7137
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15882
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:22
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - tr
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120695&tt=250613_gr4&tsp=4925
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
HKCU-Run-Boxoft Tools - c:\programdata\Boxtools\Boxofttoolbox.exe
HKLM-Run-VideoCaptureMaster - g:\program files\Video Capture Master\VideoCaptureMaster.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ffdshow_is1 - g:\program files\Video Capture Master\Filters\ffdshow\unins000.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-RealAlt_is1 - g:\program files\Video Capture Master\Filters\Real\unins000.exe
AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="f:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"Currency"=dword:0000001c
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d94
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="E5-E880-EF9F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]
@Allowed: (Read) (RestrictedCode)
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f59
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="E5-E880-EF9F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000058
"StaffSearchFeatureNum"=dword:00000019
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:0000000a
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000059
"HintsFeatureNum"=dword:0000001b
"GenieReportFeatureNum"=dword:00000032
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:0000001c
"VersionOf"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
@Allowed: (Read) (RestrictedCode)
"PicturesNumber"=dword:00000631
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\G*e*n*i*e*"!\FM Genie Scout 12]
@Allowed: (Read) (RestrictedCode)
"GameDir"="c:\\Users\\win7\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\win7\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"="f:\\Program Files\\SEGA\\Football Manager 2012\\"
"ScreenshotsDir"="c:\\Users\\win7\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\win7\\Documents\\Sports Interactive\\Football Manager 2012\\"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a0b4
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cd
"UniqueID"="E5-E880-EF9F"
"Currency"=dword:0000001c
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:0000001b
"StaffSearchFeatureNum"=dword:0000000a
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:0000000d
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000001b
"HintsFeatureNum"=dword:00000005
"GenieReportFeatureNum"=dword:0000000f
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000005
"AdImpressionsNum"=dword:000003e1
"GameLoadedCounter"=dword:00000045
"VersionOf201"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,3b,1b,99,dc,4e,
   1f,b6,df,76,00,bb,bc,5c,f4,5a,84,e1,b2
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,82,9f,
   19,e3,92,34,09,a3,7e,33,0b,7f,2d,a2,a9
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,9e,
   6d,f1,6a,4f,09,ac,fa,40,fc,1f,7e,e1,64
"{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}"=hex:51,66,7a,6c,4c,1d,3b,1b,e9,37,29,
   6b,12,85,52,0d,ab,d9,26,6f,c7,a0,00,84
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,2b,
   8f,36,16,d2,0e,95,cf,1a,24,74,4e,21,dc
"{95A0101D-F8F8-4063-9545-0EDD223B7819}"=hex:51,66,7a,6c,4c,1d,3b,1b,0d,0c,bb,
   8a,cc,a2,0e,04,8e,46,45,9d,20,7d,3a,03
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,3b,1b,a6,d0,e1,
   83,0b,75,1a,05,8f,e9,46,6b,70,95,c6,db
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fd,c6,
   80,5b,d9,6b,0c,b0,1c,5f,15,c9,a9,b0,93
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e8,
   ab,15,54,34,0d,a1,21,09,f3,02,c8,40,e5
"{DB536AF2-E422-402D-B7FD-887297F1A198}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,76,48,
   c4,16,be,40,04,ac,fe,c3,32,95,b7,e3,82
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d3,
   c4,71,fe,36,07,a7,77,d7,65,c3,83,ca,b3
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,3b,1b,97,d7,a7,
   e3,10,c8,e0,0f,aa,14,be,2d,90,0d,a9,02
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,4f,
   35,c2,01,08,02,b3,a0,84,e9,65,68,00,8b
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,93,
   87,19,1e,b0,0d,82,d4,97,c6,69,ae,3f,a6
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,f7,
   31,70,02,f4,0e,af,b5,5f,2b,fa,44,23,21
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,36,
   52,8a,33,17,03,8b,f6,b6,9b,07,73,3b,6f
"{18DBB6CE-3148-4FEC-B481-103CB3290427}"=hex:51,66,7a,6c,4c,1d,3b,1b,de,aa,c0,
   07,7c,6b,81,0b,af,82,5b,7c,b1,6f,46,3d
"{4723AAA8-B2F9-4CC1-9E60-190976DB1FA4}"=hex:51,66,7a,6c,4c,1d,3b,1b,b8,b6,38,
   58,cd,e8,ac,08,85,63,52,49,74,9d,5d,be
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001\Software\SecuROM\License information*]
"datasecu"=hex:5c,ad,2b,8e,96,a7,61,16,59,78,92,25,3f,93,01,3a,9a,24,5d,ec,19,
   58,c2,df,05,dd,56,aa,10,87,1f,a8,54,3d,44,c8,ef,1e,b1,18,05,b0,ba,8c,10,99,\
"rkeysecu"=hex:af,39,e9,a0,14,1f,3d,d5,24,1d,f0,f2,70,97,a9,90
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001_Classes\CLSID\{27856286-2b37-42ca-b8e3-2023ff9f108b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015c
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2963929789-2576083818-2759863858-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):59,81,7b,cb,58,ce,a4,13,e5,a6,5d,a7,ff,9f,40,37,84,60,43,c7,7d,
   eb,66,56,86,c8,5d,6b,69,2d,28,84,d0,65,84,1d,09,43,a6,6c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1028)
c:\users\win7\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
f:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\mutualpublic\Monitor.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Ashampoo\Ashampoo MouseTracer\MouseTracer.exe
c:\users\win7\AppData\Roaming\Dropbox\bin\Dropbox.exe
f:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\win7\AppData\Roaming\TorrentStream\updater\tsupdate.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
.
**************************************************************************
.
Completion time: 2013-06-28  00:38:43 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-27 21:38
.
Pre-Run: 10.755.706.880 bayt boş
Post-Run: 11.381.927.936 bayt boş
.
- - End Of File - - 856C2DA765A228C272530882E222C9A9
A36C5E4F47E84449FF07ED3517B43A31


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 AM

Posted 28 June 2013 - 07:24 PM

Hello captain turkiye,
 
Please go to Start>Control Panel>Programs and uninstall the following (if present):
 

  • Babsolution

  • Babylon

  • Datamngr

  • Delta Toolbar

  • MediaBar

 

Please restart your computer after these program removals.

=====
 
Then, please follow these instructions to remove the remaining malicious entries:

 

  • Please close any open browsers.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Open Notepad and copy/paste the text in the quotebox below into it:


Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.
 

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.
  • Please post the ComboFix.txt in your next reply.
     
  • How is your computer running now?

Edited by The Dark Knight, 28 June 2013 - 07:28 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 captain_turkiye

captain_turkiye
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 30 June 2013 - 06:07 PM

I can't see quetobox. What should i write in CFScript.txt?



#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 AM

Posted 01 July 2013 - 04:35 PM

Hello captain_turkiye,

 

My apologies. The formatting appears to have wiped my box. The quote box should have this:

 

 

 

killall::

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4E6F00FF4BAA7137&affID=120695&tt=250613_gr4&tsp=4925

Firefox::
FF - ProfilePath - c:\users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\dgu0i44e.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4E6F00FF4BAA7137&affID=120695&tt=250613_gr4&tsp=4925
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 4e6f06fe00000000000000ff4baa7137
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15882
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:22
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - tr
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120695&tt=250613_gr4&tsp=4925
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06 721840 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

 



Save this as CFScript.txt, in the same location as ComboFix.exe.

Then follow on from my previous post.


Edited by The Dark Knight, 01 July 2013 - 04:36 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 AM

Posted 10 July 2013 - 04:28 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any [ulr=http://www.bleepingcomputer.com/forums/index.php?act=members&max_results=20&filter=9&sort_order=asc&sort_key=members_display_name]Moderator[/url] a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.  
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users