Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker


  • Please log in to reply
32 replies to this topic

#1 fenx07

fenx07

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 03 May 2014 - 05:17 PM

When i start my windows firefox starts and set my homepage to some search engine site. i cant change my homepage and it seems it slow my internet speed with mozilla firefox. I cant rid of it.Search engine name is soraxi.When i uninstall my firefox then it will come up with Windows Explorer.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.55.2
Run by 123 at 1:15:00 on 2014-05-04
Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1033.18.3971.1997 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Program Files\WinRAR\Formats\ace32loader.exe
C:\Program Files\WinRAR\Formats\ace32loader.exe
C:\Program Files\WinRAR\Formats\ace32loader.exe
C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.soraxi.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{662C8ABA-0667-4866-B70C-703E1BE50324} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{662C8ABA-0667-4866-B70C-703E1BE50324}\4545E45445F5A5978554C4F505A46495 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{662C8ABA-0667-4866-B70C-703E1BE50324}\B495B475946494 : DHCPNameServer = 10.106.4.20
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-2-24 31872]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-2 208416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-24 16152]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\drivers\SMR410.SYS [2014-5-3 96856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-2 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-2 423240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-2-24 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-2 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-2 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-5-2 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-2 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2014-2-25 64624]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2014-2-24 109184]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-5-2 127752]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-8-24 158944]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-2-24 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-5-2 418376]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-24 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-11-30 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2014-2-24 211856]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-2-24 331264]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2014-2-24 14745600]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-24 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-24 788760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-2 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-24 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-5-2 701512]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-5-3 57024]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-2-24 317584]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-3-4 239680]
.
=============== Created Last 30 ================
.
2014-05-03 07:46:55    96856    ----a-w-    C:\Windows\System32\drivers\SMR410.SYS
2014-05-03 00:56:23    --------    d-----w-    C:\FRST
2014-05-03 00:32:33    --------    d-----w-    C:\EEK
2014-05-02 20:53:00    --------    d-----w-    C:\NPE
2014-05-02 20:51:45    --------    d-----w-    C:\ProgramData\Norton
2014-05-02 20:51:41    --------    d-----w-    C:\Users\123\AppData\Local\NPE
2014-05-02 18:34:52    --------    d-----w-    C:\Program Files\HitmanPro
2014-05-02 18:33:18    --------    d-----w-    C:\ProgramData\HitmanPro
2014-05-02 15:37:13    61440    ----a-w-    C:\Windows\SysWow64\drivers\bwhc.sys
2014-05-02 15:34:56    61440    ----a-w-    C:\Windows\SysWow64\drivers\xnzdxjwh.sys
2014-05-02 14:31:35    --------    d-----w-    C:\Users\123\AppData\Roaming\AVAST Software
2014-05-02 14:30:30    85328    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-05-02 14:30:30    208416    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-05-02 14:30:29    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-05-02 14:30:28    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-05-02 14:30:27    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-02 14:30:27    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-05-02 14:30:26    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-05-02 14:30:18    43152    ----a-w-    C:\Windows\avastSS.scr
2014-05-02 14:30:06    --------    d-----w-    C:\Program Files\AVAST Software
2014-05-02 13:42:11    --------    d-----w-    C:\ProgramData\AVAST Software
2014-05-02 12:26:09    413184    ----a-w-    C:\Windows\SysWow64\winnet.exe
2014-05-02 12:24:12    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-05-02 12:19:04    98816    ----a-w-    C:\Windows\sed.exe
2014-05-02 12:19:04    256000    ----a-w-    C:\Windows\PEV.exe
2014-05-02 12:19:04    208896    ----a-w-    C:\Windows\MBR.exe
2014-05-02 12:07:33    10536864    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-02 12:07:30    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{87C6C130-462F-46F9-AC18-0ABB52AF5725}\mpengine.dll
2014-05-02 11:51:27    --------    d-----w-    C:\Windows\ERUNT
2014-05-02 10:03:42    --------    d-----w-    C:\Users\123\AppData\Roaming\Malwarebytes
2014-05-02 10:03:33    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-02 10:03:33    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-02 10:03:33    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-01 08:14:53    --------    d-----w-    C:\Users\123\New folder
2014-05-01 08:07:42    --------    d-----w-    C:\AdwCleaner
2014-04-26 23:24:04    --------    d-----w-    C:\Program Files (x86)\Common Files\3DO Shared
2014-04-26 23:24:04    --------    d-----w-    C:\Program Files (x86)\3DO
2014-04-25 18:10:05    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
2014-04-25 18:08:11    --------    d-----w-    C:\1
2014-04-25 10:17:40    --------    d-----w-    C:\Users\123\AppData\Roaming\ScummVM
2014-04-25 10:17:40    --------    d-----w-    C:\Program Files (x86)\ScummVM
2014-04-24 21:45:14    --------    d-----w-    C:\Users\123\AppData\Local\Daedalic Entertainment
2014-04-24 07:50:33    --------    d-----w-    C:\Users\123\AppData\Roaming\LucasArts
2014-04-20 23:35:12    --------    d-----w-    C:\Users\123\AppData\Local\Wizards of the Coast
2014-04-20 23:34:50    --------    d-----w-    C:\ProgramData\Gibraltar
2014-04-20 20:15:48    --------    d-----w-    C:\Users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 16:32:34    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 20:12:03    1021916    ----a-w-    C:\ProgramData\Microsoft\Windows\Librarys\wutt.exe
2014-04-13 09:19:17    412672    ----a-w-    C:\Windows\System32\winnet.exe
2014-04-13 09:19:17    401408    ----a-w-    C:\Windows\SysWow64\wget.exe
2014-04-13 09:19:17    401408    ----a-w-    C:\Windows\System32\wget.exe
2014-04-13 09:19:17    266240    ----a-w-    C:\Windows\SysWow64\unrar.exe
2014-04-13 09:19:17    266240    ----a-w-    C:\Windows\System32\unrar.exe
2014-04-12 21:04:47    1456128    ----a-w-    C:\Windows\System32\AdobeSystems.exe
2014-04-11 17:42:01    --------    d-----w-    C:\Users\123\AppData\Local\My Games
2014-04-11 15:57:44    --------    d-----w-    C:\Users\123\AppData\Roaming\Sid Meier's Civilization 5
2014-04-11 10:16:35    --------    d-----w-    C:\ProgramData\Oracle
2014-04-06 00:51:41    --------    d-----w-    C:\Program Files (x86)\Oto Pc Kapat
2014-04-04 17:56:01    --------    d-----w-    C:\ProgramData\RELOADED
.
==================== Find3M  ====================
.
2014-05-01 09:26:01    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 09:26:01    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-31 06:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-13 22:49:20    172032    ----a-w-    C:\Windows\SysWow64\AniGIF.ocx
2014-02-24 20:29:39    0    ----a-w-    C:\Windows\ativpsrm.bin
.
============= FINISH:  1:15:39,92 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 03 May 2014 - 05:54 PM


Hello fenx07

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 03 May 2014 - 06:51 PM

# AdwCleaner v3.205 - Report created 04/05/2014 at 02:40:37
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : 123 - 123-PC
# Running from : C:\Users\123\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v29.0 (tr)

[ File : C:\Users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\prefs.js ]


*************************

AdwCleaner[R0].txt - [5399 octets] - [01/05/2014 11:07:44]
AdwCleaner[R1].txt - [1100 octets] - [02/05/2014 14:47:59]
AdwCleaner[R2].txt - [1086 octets] - [02/05/2014 18:44:57]
AdwCleaner[R3].txt - [1218 octets] - [02/05/2014 21:17:27]
AdwCleaner[R4].txt - [1338 octets] - [04/05/2014 02:39:54]
AdwCleaner[S0].txt - [4978 octets] - [01/05/2014 11:08:54]
AdwCleaner[S1].txt - [1170 octets] - [02/05/2014 14:48:30]
AdwCleaner[S2].txt - [1150 octets] - [02/05/2014 18:47:01]
AdwCleaner[S3].txt - [1282 octets] - [02/05/2014 21:17:55]
AdwCleaner[S4].txt - [1262 octets] - [04/05/2014 02:40:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1322 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by 123 on 04.05.2014 at  2:44:04,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskil_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskil_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskil_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskil_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\123\AppData\Roaming\mozilla\firefox\profiles\w9x4hl1x.default-1399054228495\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2014 at  2:49:48,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

There is a soraxi line in target of my firefox shortcut.Im deleting it but when i restart its coming back.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 03 May 2014 - 09:55 PM


Hello fenx07

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 04 May 2014 - 06:59 AM

ComboFix 14-04-30.01 - 123 04.05.2014  14:49:00.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1033.18.3971.2778 [GMT 3:00]
Running from: c:\users\123\Downloads\Programs\ComboFix_2.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-04 to 2014-05-04  )))))))))))))))))))))))))))))))
.
.
2014-05-04 11:53 . 2014-05-04 11:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-03 23:45 . 2014-05-03 23:45    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-05-03 00:56 . 2014-05-04 00:05    --------    d-----w-    C:\FRST
2014-05-03 00:32 . 2014-05-03 00:32    --------    d-----w-    C:\EEK
2014-05-02 20:53 . 2014-05-02 20:53    --------    d-----w-    C:\NPE
2014-05-02 20:51 . 2014-05-02 20:51    --------    d-----w-    c:\programdata\Norton
2014-05-02 20:51 . 2014-05-03 07:47    --------    d-----w-    c:\users\123\AppData\Local\NPE
2014-05-02 18:33 . 2014-05-02 18:39    --------    d-----w-    c:\programdata\HitmanPro
2014-05-02 14:31 . 2014-05-02 14:31    --------    d-----w-    c:\users\123\AppData\Roaming\AVAST Software
2014-05-02 14:30 . 2014-05-02 14:30    85328    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-05-02 14:30 . 2014-05-02 14:30    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-02 14:30 . 2014-05-02 14:30    1039096    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-05-02 14:30 . 2014-05-02 14:30    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 14:30 . 2014-05-02 14:30    423240    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-05-02 14:30 . 2014-05-02 14:30    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-02 14:30 . 2014-05-02 14:30    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-02 14:30 . 2014-05-02 14:30    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-02 14:30 . 2014-05-02 14:30    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 14:30 . 2014-05-02 14:30    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-02 14:30 . 2014-05-02 14:30    --------    d-----w-    c:\program files\AVAST Software
2014-05-02 13:42 . 2014-05-02 14:29    --------    d-----w-    c:\programdata\AVAST Software
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\users\123\AppData\Local\Mozilla
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-05-02 12:26 . 2014-05-02 12:26    413184    ----a-w-    c:\windows\SysWow64\winnet.exe
2014-05-02 12:07 . 2014-04-17 02:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{87C6C130-462F-46F9-AC18-0ABB52AF5725}\mpengine.dll
2014-05-02 11:51 . 2014-05-02 11:51    --------    d-----w-    c:\windows\ERUNT
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\users\123\AppData\Roaming\Malwarebytes
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-02 10:03 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-01 08:07 . 2014-05-03 23:40    --------    d-----w-    C:\AdwCleaner
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\Common Files\3DO Shared
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\3DO
2014-04-25 18:10 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\DOSBox-0.74
2014-04-25 18:08 . 2014-04-25 18:44    --------    d-----w-    C:\1
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\ScummVM
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\ScummVM
2014-04-24 21:45 . 2014-04-24 21:45    --------    d-----w-    c:\users\123\AppData\Local\Daedalic Entertainment
2014-04-24 07:50 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\LucasArts
2014-04-20 23:35 . 2014-04-20 23:35    --------    d-----w-    c:\users\123\AppData\Local\Wizards of the Coast
2014-04-20 23:34 . 2014-04-20 23:34    --------    d-----w-    c:\programdata\Gibraltar
2014-04-20 20:15 . 2014-04-20 20:17    --------    d-----w-    c:\users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 16:32 . 2014-03-17 19:11    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-11 10:16 . 2014-04-11 10:16    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-04-11 10:16 . 2014-04-16 16:32    --------    d-----w-    c:\program files (x86)\Java
2014-04-10 18:55 . 2014-04-10 18:55    --------    d-----w-    c:\users\123\AppData\Roaming\dvdcss
2014-04-06 00:51 . 2014-04-06 10:42    --------    d-----w-    c:\program files (x86)\Oto Pc Kapat
2014-04-04 17:56 . 2014-04-05 13:16    --------    d-----w-    c:\programdata\RELOADED
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 09:26 . 2014-02-27 18:29    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 09:26 . 2014-02-27 18:29    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 06:35 . 2014-02-24 21:46    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-13 22:49 . 2014-03-13 22:49    172032    ----a-w-    c:\windows\SysWow64\AniGIF.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-27 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 14:30    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49    23432    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.soraxi.com/
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.106.4.20
FF - ProfilePath - c:\users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):04,32,6c,81,9b,88,ca,a1,2f,7e,64,23,7d,8c,7e,b7,50,46,df,62,a2,
   a3,12,85,b4,05,0a,28,06,b4,6b,72,1a,39,e8,94,1f,f7,31,c2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{e5afa224-b4be-4c2a-adf9-928c5aa91b39}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000079
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-04  14:54:39
ComboFix-quarantined-files.txt  2014-05-04 11:54
ComboFix2.txt  2014-05-02 12:24
ComboFix3.txt  2014-05-01 08:53
.
Pre-Run: 53.374.205.952 bytes free
Post-Run: 53.222.903.808 bytes free
.
- - End Of File - - D0AF293EBBFCDB5010ECEA9501B24DF4
A36C5E4F47E84449FF07ED3517B43A31
 

 

ComboFix 14-04-30.01 - 123 04.05.2014  14:49:00.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1033.18.3971.2778 [GMT 3:00]
Running from: c:\users\123\Downloads\Programs\ComboFix_2.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-04 to 2014-05-04  )))))))))))))))))))))))))))))))
.
.
2014-05-04 11:53 . 2014-05-04 11:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-03 23:45 . 2014-05-03 23:45    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-05-03 00:56 . 2014-05-04 00:05    --------    d-----w-    C:\FRST
2014-05-03 00:32 . 2014-05-03 00:32    --------    d-----w-    C:\EEK
2014-05-02 20:53 . 2014-05-02 20:53    --------    d-----w-    C:\NPE
2014-05-02 20:51 . 2014-05-02 20:51    --------    d-----w-    c:\programdata\Norton
2014-05-02 20:51 . 2014-05-03 07:47    --------    d-----w-    c:\users\123\AppData\Local\NPE
2014-05-02 18:33 . 2014-05-02 18:39    --------    d-----w-    c:\programdata\HitmanPro
2014-05-02 14:31 . 2014-05-02 14:31    --------    d-----w-    c:\users\123\AppData\Roaming\AVAST Software
2014-05-02 14:30 . 2014-05-02 14:30    85328    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-05-02 14:30 . 2014-05-02 14:30    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-02 14:30 . 2014-05-02 14:30    1039096    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-05-02 14:30 . 2014-05-02 14:30    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 14:30 . 2014-05-02 14:30    423240    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-05-02 14:30 . 2014-05-02 14:30    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-02 14:30 . 2014-05-02 14:30    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-02 14:30 . 2014-05-02 14:30    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-02 14:30 . 2014-05-02 14:30    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 14:30 . 2014-05-02 14:30    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-02 14:30 . 2014-05-02 14:30    --------    d-----w-    c:\program files\AVAST Software
2014-05-02 13:42 . 2014-05-02 14:29    --------    d-----w-    c:\programdata\AVAST Software
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\users\123\AppData\Local\Mozilla
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-05-02 12:26 . 2014-05-02 12:26    413184    ----a-w-    c:\windows\SysWow64\winnet.exe
2014-05-02 12:07 . 2014-04-17 02:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{87C6C130-462F-46F9-AC18-0ABB52AF5725}\mpengine.dll
2014-05-02 11:51 . 2014-05-02 11:51    --------    d-----w-    c:\windows\ERUNT
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\users\123\AppData\Roaming\Malwarebytes
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-02 10:03 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-01 08:07 . 2014-05-03 23:40    --------    d-----w-    C:\AdwCleaner
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\Common Files\3DO Shared
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\3DO
2014-04-25 18:10 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\DOSBox-0.74
2014-04-25 18:08 . 2014-04-25 18:44    --------    d-----w-    C:\1
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\ScummVM
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\ScummVM
2014-04-24 21:45 . 2014-04-24 21:45    --------    d-----w-    c:\users\123\AppData\Local\Daedalic Entertainment
2014-04-24 07:50 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\LucasArts
2014-04-20 23:35 . 2014-04-20 23:35    --------    d-----w-    c:\users\123\AppData\Local\Wizards of the Coast
2014-04-20 23:34 . 2014-04-20 23:34    --------    d-----w-    c:\programdata\Gibraltar
2014-04-20 20:15 . 2014-04-20 20:17    --------    d-----w-    c:\users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 16:32 . 2014-03-17 19:11    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-11 10:16 . 2014-04-11 10:16    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-04-11 10:16 . 2014-04-16 16:32    --------    d-----w-    c:\program files (x86)\Java
2014-04-10 18:55 . 2014-04-10 18:55    --------    d-----w-    c:\users\123\AppData\Roaming\dvdcss
2014-04-06 00:51 . 2014-04-06 10:42    --------    d-----w-    c:\program files (x86)\Oto Pc Kapat
2014-04-04 17:56 . 2014-04-05 13:16    --------    d-----w-    c:\programdata\RELOADED
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 09:26 . 2014-02-27 18:29    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 09:26 . 2014-02-27 18:29    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 06:35 . 2014-02-24 21:46    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-13 22:49 . 2014-03-13 22:49    172032    ----a-w-    c:\windows\SysWow64\AniGIF.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-27 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 14:30    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49    23432    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.soraxi.com/
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.106.4.20
FF - ProfilePath - c:\users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):04,32,6c,81,9b,88,ca,a1,2f,7e,64,23,7d,8c,7e,b7,50,46,df,62,a2,
   a3,12,85,b4,05,0a,28,06,b4,6b,72,1a,39,e8,94,1f,f7,31,c2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{e5afa224-b4be-4c2a-adf9-928c5aa91b39}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000079
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-04  14:54:39
ComboFix-quarantined-files.txt  2014-05-04 11:54
ComboFix2.txt  2014-05-02 12:24
ComboFix3.txt  2014-05-01 08:53
.
Pre-Run: 53.374.205.952 bytes free
Post-Run: 53.222.903.808 bytes free
.
- - End Of File - - D0AF293EBBFCDB5010ECEA9501B24DF4
A36C5E4F47E84449FF07ED3517B43A31
 

I think it doesn't slow my internet.It was my ISP. Everything is normal in computer.And after restart it still coming back.


Edited by fenx07, 04 May 2014 - 07:03 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 04 May 2014 - 01:24 PM


Hello fenx07,

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 04 May 2014 - 02:29 PM

ComboFix 14-04-30.01 - 123 04.05.2014  22:17:53.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1033.18.3971.2764 [GMT 3:00]
Running from: c:\users\123\Desktop\ComboFix.exe
Command switches used :: c:\users\123\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\winnet.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-04 to 2014-05-04  )))))))))))))))))))))))))))))))
.
.
2014-05-04 19:22 . 2014-05-04 19:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-03 23:45 . 2014-05-03 23:45    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-05-03 00:56 . 2014-05-04 00:05    --------    d-----w-    C:\FRST
2014-05-03 00:32 . 2014-05-03 00:32    --------    d-----w-    C:\EEK
2014-05-02 20:53 . 2014-05-02 20:53    --------    d-----w-    C:\NPE
2014-05-02 20:51 . 2014-05-02 20:51    --------    d-----w-    c:\programdata\Norton
2014-05-02 20:51 . 2014-05-03 07:47    --------    d-----w-    c:\users\123\AppData\Local\NPE
2014-05-02 18:33 . 2014-05-02 18:39    --------    d-----w-    c:\programdata\HitmanPro
2014-05-02 14:31 . 2014-05-02 14:31    --------    d-----w-    c:\users\123\AppData\Roaming\AVAST Software
2014-05-02 14:30 . 2014-05-02 14:30    85328    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-05-02 14:30 . 2014-05-02 14:30    208416    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-02 14:30 . 2014-05-02 14:30    1039096    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-05-02 14:30 . 2014-05-02 14:30    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-02 14:30 . 2014-05-02 14:30    423240    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-05-02 14:30 . 2014-05-02 14:30    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-02 14:30 . 2014-05-02 14:30    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-02 14:30 . 2014-05-02 14:30    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-02 14:30 . 2014-05-02 14:30    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2014-05-02 14:30 . 2014-05-02 14:30    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-02 14:30 . 2014-05-02 14:30    --------    d-----w-    c:\program files\AVAST Software
2014-05-02 13:42 . 2014-05-02 14:29    --------    d-----w-    c:\programdata\AVAST Software
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\users\123\AppData\Local\Mozilla
2014-05-02 13:01 . 2014-05-02 13:01    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-05-02 12:07 . 2014-04-17 02:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{87C6C130-462F-46F9-AC18-0ABB52AF5725}\mpengine.dll
2014-05-02 11:51 . 2014-05-02 11:51    --------    d-----w-    c:\windows\ERUNT
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\users\123\AppData\Roaming\Malwarebytes
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-02 10:03 . 2014-05-02 10:03    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-02 10:03 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-01 08:07 . 2014-05-03 23:40    --------    d-----w-    C:\AdwCleaner
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\Common Files\3DO Shared
2014-04-26 23:24 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\3DO
2014-04-25 18:10 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\DOSBox-0.74
2014-04-25 18:08 . 2014-04-25 18:44    --------    d-----w-    C:\1
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\program files (x86)\ScummVM
2014-04-25 10:17 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\ScummVM
2014-04-24 21:45 . 2014-04-24 21:45    --------    d-----w-    c:\users\123\AppData\Local\Daedalic Entertainment
2014-04-24 07:50 . 2014-05-01 20:21    --------    d-----w-    c:\users\123\AppData\Roaming\LucasArts
2014-04-20 23:35 . 2014-04-20 23:35    --------    d-----w-    c:\users\123\AppData\Local\Wizards of the Coast
2014-04-20 23:34 . 2014-04-20 23:34    --------    d-----w-    c:\programdata\Gibraltar
2014-04-20 20:15 . 2014-04-20 20:17    --------    d-----w-    c:\users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 16:32 . 2014-03-17 19:11    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-11 10:16 . 2014-04-11 10:16    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-04-11 10:16 . 2014-04-16 16:32    --------    d-----w-    c:\program files (x86)\Java
2014-04-10 18:55 . 2014-04-10 18:55    --------    d-----w-    c:\users\123\AppData\Roaming\dvdcss
2014-04-06 00:51 . 2014-04-06 10:42    --------    d-----w-    c:\program files (x86)\Oto Pc Kapat
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 09:26 . 2014-02-27 18:29    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 09:26 . 2014-02-27 18:29    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 06:35 . 2014-02-24 21:46    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-13 22:49 . 2014-03-13 22:49    172032    ----a-w-    c:\windows\SysWow64\AniGIF.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-02 3873704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-27 09:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-02 14:30    290888    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49    23432    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.soraxi.com/
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 10.106.4.20
FF - ProfilePath - c:\users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):04,32,6c,81,9b,88,ca,a1,2f,7e,64,23,7d,8c,7e,b7,50,46,df,62,a2,
   a3,12,85,b4,05,0a,28,06,b4,6b,72,1a,39,e8,94,1f,f7,31,c2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2058663568-426532604-1624010319-1000_Classes\Wow6432Node\CLSID\{e5afa224-b4be-4c2a-adf9-928c5aa91b39}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000079
"Therad"=dword:0000000c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-04  22:23:16
ComboFix-quarantined-files.txt  2014-05-04 19:23
ComboFix2.txt  2014-05-04 11:54
ComboFix3.txt  2014-05-02 12:24
ComboFix4.txt  2014-05-01 08:53
.
Pre-Run: 53.109.637.120 bytes free
Post-Run: 52.675.076.096 bytes free
.
- - End Of File - - 325C66EB026EF7C34725AA2BAF3B2FA3
A36C5E4F47E84449FF07ED3517B43A31
 

 

Problem still going. It can be somekind spy at explorer.exe? When i open my computer i check task manager.When explorer going top of list firefox launching.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 05 May 2014 - 07:05 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 05 May 2014 - 08:30 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.05.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
123 :: 123-PC [administrator]

Protection: Disabled

05.05.2014 16:23:23
mbam-log-2014-05-05 (16-23-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237076
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:36, on 05.05.2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\123\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soraxi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CyberGhost VPN 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 8389 bytes
 

 

When i first use malwarebytes there was that homepagecontrol hijack.I was deleted it but still coming back i think. And its opening again. It can be cleared or i should reinstall my windows?


Edited by fenx07, 05 May 2014 - 08:33 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 05 May 2014 - 09:00 AM

Hello Fenx07

That is most likely one of the security programs setting it


These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 05 May 2014 - 12:52 PM

C:\Users\123\Downloads\Programs\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\123\Downloads\Programs\Free3GPVideoConverter.exe    Win32/OpenCandy potentially unsafe application
C:\Users\123\Downloads\Programs\YouTubeToMP3.exe    Win32/OpenCandy potentially unsafe application
D:\dc\Dustforce.v1.0r9.cracked-THETA [ALEX]\Dustforce.exe    Win32/HackTool.Crack.B potentially unsafe application
D:\Games\Sid Meier's Civilization 5\3DM_CEG.dll    a variant of Win32/Packed.VMProtect.ABD trojan
D:\Games\Sid Meier's Civilization 5\steam_api.dll    a variant of Win32/Packed.VMProtect.ABD trojan
D:\Windows.7.Loader.eXtreme.Edition.v3.503-NAPALUM\w7lxe.exe    Win32/HackTool.WinActivator.J potentially unsafe application
D:\yedek\Advanced SystemCare Pro 6.4 Final ML - SceneDL   (PimpRG)\Installer\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
 

After last hijack this run i restart my computer and mozilla not starting at beginning. Thank you very much. But still cant change my homepage. Should i reinstall?

 

Edit: After a restart again, firefox still opening :( It was good before.And still its put soraxi line at my firefox and internet explorer shortcuts.


Edited by fenx07, 05 May 2014 - 12:56 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 05 May 2014 - 02:56 PM



I would like you to download shortcut cleaner andf save it to your desktop - http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/

Once it is on your desktop I would like you to double click on it to run it please.

Once it is complete as logfile will open with its findings.

Click on file at the upper left corner and select "Save As"

Be sure that the desktop is selected as the location to save it to the desktop

Please attach this report to your next reply to me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 05 May 2014 - 03:03 PM

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Ultimate
Program started at: 05/05/2014 11:03:04 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\123\Desktop


0 bad shortcuts found.

Program finished at: 05/05/2014 11:03:05 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 06 May 2014 - 07:15 AM

I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button. This time I would also like the shortcuts selected for this scan
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 fenx07

fenx07
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 06 May 2014 - 08:07 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by 123 (administrator) on 123-PC on 06-05-2014 16:04:00
Running from C:\Users\123\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2780048 2012-10-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2058663568-426532604-1624010319-1000\...\Run: [GoogleChromeAutoLaunch_E9B5D4249CCEA13E75406E6F6F1B4400] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soraxi.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 10.106.4.20

FireFox:
========
FF ProfilePath: C:\Users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Adblock Plus - C:\Users\123\AppData\Roaming\Mozilla\Firefox\Profiles\w9x4hl1x.default-1399054228495\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-02]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\123\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\123\AppData\Roaming\IDM\idmmzcc5 [2014-02-24]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\123\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\123\AppData\Roaming\IDM\idmmzcc5 [2014-02-24]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.tr
CHR Extension: (Google Docs) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]
CHR Extension: (Google Drive) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (YouTube) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-06]
CHR Extension: (Google Search) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-06]
CHR Extension: (ZenMate for Google Chrome™) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-05-06]
CHR Extension: (AdBlock) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (Gmail) - C:\Users\123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
S4 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-05-03] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-05-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 16:04 - 2014-05-06 16:04 - 00011370 _____ () C:\Users\123\Desktop\FRST.txt
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\123\Desktop\FRST-OlderVersion
2014-05-06 11:32 - 2014-05-06 11:32 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-06 11:32 - 2014-05-06 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 11:30 - 2014-05-06 15:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 11:30 - 2014-05-06 11:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 11:30 - 2014-05-06 11:30 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 11:30 - 2014-05-06 11:30 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 11:29 - 2014-05-06 11:29 - 00884680 _____ (Google Inc.) C:\Users\123\Downloads\ChromeSetup(1).exe
2014-05-05 23:18 - 2014-05-05 23:22 - 00000000 ____D () C:\Users\123\Desktop\ygopro-1.033.0V2.1Percy-full
2014-05-05 23:01 - 2014-05-05 23:02 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\123\Desktop\sc-cleaner_2.exe
2014-05-05 20:49 - 2014-05-05 20:49 - 00000903 _____ () C:\Users\123\Desktop\ESET SCAN.txt
2014-05-05 16:34 - 2014-05-05 17:13 - 727680287 _____ () C:\Users\123\Desktop\8da3e0f4985a.720.mp4
2014-05-05 16:31 - 2014-05-06 10:06 - 00000280 _____ () C:\Windows\setupact.log
2014-05-05 16:31 - 2014-05-05 16:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:21 - 2014-05-06 06:30 - 00021790 _____ () C:\Windows\WindowsUpdate.log
2014-05-04 22:25 - 2014-05-04 22:25 - 00413184 _____ (Windows Inc) C:\Windows\SysWOW64\winnet.exe
2014-05-04 22:23 - 2014-05-04 22:23 - 00016111 _____ () C:\ComboFix.txt
2014-05-04 22:15 - 2014-05-02 14:41 - 05197895 ____R (Swearware) C:\Users\123\Desktop\ComboFix.exe
2014-05-04 02:49 - 2014-05-04 02:49 - 00001188 _____ () C:\Users\123\Desktop\JRT.txt
2014-05-04 02:45 - 2014-05-04 02:45 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-04 01:14 - 2014-05-04 01:14 - 00688992 ____R (Swearware) C:\Users\123\Downloads\dds(1).com
2014-05-04 01:07 - 2014-05-04 01:07 - 00000976 _____ () C:\Users\123\Desktop\joey_pc - Shortcut.lnk
2014-05-04 00:31 - 2014-05-04 00:34 - 00000000 ____D () C:\Users\123\Desktop\Yu-Gi-Oh! - Joey the Passion
2014-05-03 03:56 - 2014-05-06 16:04 - 00000000 ____D () C:\FRST
2014-05-03 03:56 - 2014-05-03 03:56 - 00002128 _____ () C:\Users\123\Desktop\a2scan_140503-033452.txt
2014-05-03 03:32 - 2014-05-03 03:32 - 00000546 _____ () C:\Users\123\Desktop\Emsisoft Emergency Kit.lnk
2014-05-03 03:32 - 2014-05-03 03:32 - 00000000 ____D () C:\EEK
2014-05-03 03:29 - 2014-05-06 16:02 - 02063872 _____ (Farbar) C:\Users\123\Desktop\FRST64.exe
2014-05-03 00:10 - 2014-05-04 01:15 - 00017767 _____ () C:\Users\123\Desktop\dds.txt
2014-05-03 00:10 - 2014-05-03 00:10 - 00688992 ____R (Swearware) C:\Users\123\Downloads\dds.com
2014-05-02 23:53 - 2014-05-02 23:53 - 00000000 ____D () C:\NPE
2014-05-02 23:51 - 2014-05-03 10:47 - 00000000 ____D () C:\Users\123\AppData\Local\NPE
2014-05-02 23:51 - 2014-05-02 23:51 - 00000000 ____D () C:\ProgramData\Norton
2014-05-02 21:39 - 2014-05-02 21:39 - 00002800 _____ () C:\Windows\system32\.crusader
2014-05-02 21:33 - 2014-05-02 21:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-02 21:28 - 2014-05-05 23:03 - 00001748 _____ () C:\sc-cleaner.txt
2014-05-02 21:10 - 2014-05-02 21:10 - 00000000 ____D () C:\Users\123\Desktop\Eski Firefox verileri
2014-05-02 17:31 - 2014-05-02 17:31 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-02 17:31 - 2014-05-02 17:31 - 00000000 ____D () C:\Users\123\AppData\Roaming\AVAST Software
2014-05-02 17:31 - 2014-05-02 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-02 17:30 - 2014-05-06 10:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-02 17:30 - 2014-05-02 17:30 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-02 17:30 - 2014-05-02 17:30 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-02 17:30 - 2014-05-02 17:30 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-02 16:42 - 2014-05-02 17:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-02 16:01 - 2014-05-05 16:19 - 00001193 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-02 16:01 - 2014-05-02 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 16:01 - 2014-05-02 16:01 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Users\123\AppData\Roaming\Mozilla
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Users\123\AppData\Local\Mozilla
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 15:19 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-02 15:19 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-02 15:19 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-02 15:19 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-02 15:19 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-02 15:19 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-02 15:19 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-02 15:19 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-02 15:18 - 2014-05-02 15:23 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 14:51 - 2014-05-02 14:51 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 14:32 - 2014-05-02 14:31 - 00557354 _____ () C:\Users\123\Downloads\homepage-remover.exe
2014-05-02 13:03 - 2014-05-02 13:03 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\Users\123\AppData\Roaming\Malwarebytes
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-02 13:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 09:34 - 2014-05-02 09:36 - 00000000 ____D () C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]
2014-05-01 16:34 - 2014-05-01 18:22 - 00000000 ____D () C:\Users\123\Desktop\Inquisitor-SKIDROW
2014-05-01 12:34 - 2014-05-01 12:35 - 00884680 _____ (Google Inc.) C:\Users\123\Downloads\ChromeSetup.exe
2014-05-01 11:46 - 2014-05-04 22:23 - 00000000 ____D () C:\Qoobox
2014-05-01 11:07 - 2014-05-04 02:40 - 00000000 ____D () C:\AdwCleaner
2014-04-30 16:37 - 2014-04-30 16:38 - 00575687 _____ () C:\Users\123\Downloads\extension_1_4_0.crx
2014-04-28 21:51 - 2014-04-28 22:19 - 74446578 _____ () C:\Users\123\Desktop\ASMR Role Play Relaxation Session with an ASMR Artist 4 - Hair, Brushing & Crinkle.mp4
2014-04-28 16:34 - 2014-04-28 17:14 - 756676727 _____ () C:\Users\123\Desktop\583bf2495032.720.mp4
2014-04-27 02:24 - 2014-05-01 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-04-27 02:24 - 2014-05-01 23:21 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-04-26 18:42 - 2014-04-26 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2014-04-26 17:25 - 2014-04-26 17:25 - 00005391 _____ () C:\Users\123\Downloads\[kickass.to]zork.anthology.the.july.14.1989.gog.torrent
2014-04-26 17:24 - 2014-04-26 17:24 - 00015811 _____ () C:\Users\123\Downloads\[kickass.to]cypher.cyberpunk.text.adventure.standard.edition.eng.repack.by.rg.catalyst.torrent
2014-04-26 17:24 - 2014-04-26 17:24 - 00015811 _____ () C:\Users\123\Downloads\[kickass.to]cypher.cyberpunk.text.adventure.standard.edition.eng.repack.by.rg.catalyst (1).torrent
2014-04-25 21:10 - 2014-05-01 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-04-25 21:10 - 2014-05-01 23:21 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-04-25 21:08 - 2014-04-25 21:44 - 00000000 ____D () C:\1
2014-04-25 13:29 - 2014-04-25 13:29 - 00000000 ____D () C:\Users\123\Desktop\The Dig (CD DOS)
2014-04-25 13:17 - 2014-05-01 23:21 - 00000000 ____D () C:\Users\123\AppData\Roaming\ScummVM
2014-04-25 13:17 - 2014-05-01 23:21 - 00000000 ____D () C:\Program Files (x86)\ScummVM
2014-04-25 02:39 - 2014-04-25 02:39 - 00043760 _____ () C:\Users\123\Downloads\[kickass.to]the.dig.1.cd.1995.torrent
2014-04-25 00:45 - 2014-04-25 00:57 - 142296413 _____ () C:\Users\123\Desktop\=}}(~_~){{=Steamy Dreamy SPAtenious ASMR (binaural).mp4
2014-04-25 00:45 - 2014-04-25 00:45 - 00000000 ____D () C:\Users\123\AppData\Local\Daedalic Entertainment
2014-04-24 10:50 - 2014-05-01 23:21 - 00000000 ____D () C:\Users\123\AppData\Roaming\LucasArts
2014-04-24 01:24 - 2014-04-24 01:24 - 07332685 _____ () C:\Users\123\Downloads\DotA v6.78c AI 1.4e.w3x
2014-04-22 20:42 - 2014-04-22 21:50 - 829432856 _____ () C:\Users\123\Desktop\a06aca9ab1a1.720.mp4
2014-04-22 19:40 - 2014-04-22 20:33 - 752672940 _____ () C:\Users\123\Desktop\097ea1edf12c.720.mp4
2014-04-22 19:29 - 2014-04-22 19:39 - 168119186 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_4.mp4
2014-04-22 19:22 - 2014-04-22 19:29 - 89154479 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_3.mp4
2014-04-22 19:08 - 2014-04-22 19:22 - 179513982 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_2.mp4
2014-04-22 18:50 - 2014-04-22 19:02 - 180285824 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi.mp4
2014-04-22 01:03 - 2014-05-02 01:07 - 00000000 ____D () C:\Users\123\Desktop\Rome Season 1
2014-04-21 15:37 - 2014-04-24 16:20 - 00000000 ____D () C:\Users\123\Desktop\saykan
2014-04-21 02:35 - 2014-04-21 02:35 - 00000000 ____D () C:\Users\123\AppData\Local\Wizards of the Coast
2014-04-21 02:34 - 2014-04-21 02:34 - 00000320 _____ () C:\Users\123\Desktop\Magic The Gathering Online .appref-ms
2014-04-21 02:34 - 2014-04-21 02:34 - 00000000 ____D () C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-04-21 02:34 - 2014-04-21 02:34 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-04-20 23:15 - 2014-04-20 23:17 - 00000000 ____D () C:\Users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 19:32 - 2014-04-16 19:32 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 19:32 - 2014-04-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-16 19:32 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-16 19:32 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-16 19:32 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-16 19:32 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-16 19:25 - 2014-04-16 19:26 - 00022276 _____ () C:\Users\123\Downloads\[kickass.to]rome.complete.season.1.torrent
2014-04-14 18:36 - 2014-05-02 12:48 - 00003242 _____ () C:\Windows\System32\Tasks\Taskil Application
2014-04-14 18:36 - 2014-04-14 18:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-13 18:04 - 2013-06-27 19:30 - 10821938 _____ (Adobe Systems, Inc.) C:\Users\123\Desktop\Nv2-PC.exe
2014-04-13 12:24 - 2014-05-01 12:25 - 00000000 ____D () C:\Users\123\Desktop\Arteezy
2014-04-13 12:19 - 2014-05-04 22:25 - 00003504 _____ () C:\Windows\System32\Tasks\Windows Internet Services
2014-04-13 12:19 - 2014-05-02 12:48 - 00412672 _____ (Windows Inc) C:\Windows\system32\winnet.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00401408 _____ () C:\Windows\SysWOW64\wget.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00401408 _____ () C:\Windows\system32\wget.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00266240 _____ () C:\Windows\SysWOW64\unrar.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00266240 _____ () C:\Windows\system32\unrar.exe
2014-04-13 00:04 - 2014-04-13 00:04 - 01456128 _____ (Adobe Systems Inc) C:\Windows\system32\AdobeSystems.exe
2014-04-13 00:04 - 2014-04-13 00:04 - 00003448 _____ () C:\Windows\System32\Tasks\Adobe Systems
2014-04-11 20:42 - 2014-04-11 20:42 - 00000000 ____D () C:\Users\123\AppData\Local\My Games
2014-04-11 18:57 - 2014-04-11 18:57 - 00000000 ____D () C:\Users\123\AppData\Roaming\Sid Meier's Civilization 5
2014-04-11 18:57 - 2014-04-11 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-04-11 13:16 - 2014-04-16 19:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-11 13:16 - 2014-04-16 19:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-11 13:16 - 2014-04-11 13:16 - 00000000 ____D () C:\ProgramData\Sun
2014-04-11 13:12 - 2014-04-11 13:12 - 00921000 _____ (Oracle Corporation) C:\Users\123\Downloads\chromeinstall-7u51.exe
2014-04-10 21:55 - 2014-04-10 21:55 - 00000000 ____D () C:\Users\123\AppData\Roaming\dvdcss
2014-04-10 20:42 - 2013-11-01 16:55 - 00000000 ____D () C:\Users\123\Desktop\Colonel Bagshot
2014-04-06 21:03 - 2014-04-06 21:03 - 00000000 ____D () C:\Users\123\Documents\Paradox Interactive
2014-04-06 19:16 - 2014-05-01 12:25 - 00000000 ____D () C:\Users\123\Desktop\new1
2014-04-06 03:51 - 2014-04-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Oto Pc Kapat
2014-04-06 01:56 - 2014-04-06 03:52 - 00000352 _____ () C:\console.log

==================== One Month Modified Files and Folders =======

2014-05-06 16:04 - 2014-05-06 16:04 - 00011370 _____ () C:\Users\123\Desktop\FRST.txt
2014-05-06 16:04 - 2014-05-03 03:56 - 00000000 ____D () C:\FRST
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\123\Desktop\FRST-OlderVersion
2014-05-06 16:02 - 2014-05-03 03:29 - 02063872 _____ (Farbar) C:\Users\123\Desktop\FRST64.exe
2014-05-06 15:35 - 2014-05-06 11:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 15:23 - 2014-02-27 21:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 11:35 - 2014-05-06 11:30 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 11:32 - 2014-05-06 11:32 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-06 11:32 - 2014-05-06 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 11:32 - 2014-02-24 23:23 - 00000000 ____D () C:\Users\123\AppData\Local\Google
2014-05-06 11:32 - 2014-02-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-06 11:30 - 2014-05-06 11:30 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 11:30 - 2014-05-06 11:30 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 11:29 - 2014-05-06 11:29 - 00884680 _____ (Google Inc.) C:\Users\123\Downloads\ChromeSetup(1).exe
2014-05-06 10:12 - 2009-07-14 08:13 - 00787998 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 10:11 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 10:11 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 10:09 - 2014-05-05 16:21 - 00021790 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 10:06 - 2014-05-05 16:31 - 00000280 _____ () C:\Windows\setupact.log
2014-05-06 10:06 - 2014-05-02 17:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-06 10:06 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 00:02 - 2009-07-14 08:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 00:01 - 2014-02-24 23:26 - 00000000 ____D () C:\Users\123\AppData\Roaming\DMCache
2014-05-05 23:22 - 2014-05-05 23:18 - 00000000 ____D () C:\Users\123\Desktop\ygopro-1.033.0V2.1Percy-full
2014-05-05 23:21 - 2014-02-24 23:36 - 00000000 ____D () C:\Users\123\AppData\Roaming\Winamp
2014-05-05 23:14 - 2014-02-24 23:26 - 00000000 ____D () C:\Users\123\Downloads\Compressed
2014-05-05 23:03 - 2014-05-02 21:28 - 00001748 _____ () C:\sc-cleaner.txt
2014-05-05 23:02 - 2014-05-05 23:01 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\123\Desktop\sc-cleaner_2.exe
2014-05-05 20:49 - 2014-05-05 20:49 - 00000903 _____ () C:\Users\123\Desktop\ESET SCAN.txt
2014-05-05 20:49 - 2014-02-25 10:52 - 00000000 ____D () C:\Users\123\AppData\Roaming\vlc
2014-05-05 18:22 - 2014-02-25 20:01 - 00000000 ____D () C:\Users\123\AppData\Roaming\TS3Client
2014-05-05 17:18 - 2014-02-24 23:26 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-05-05 17:13 - 2014-05-05 16:34 - 727680287 _____ () C:\Users\123\Desktop\8da3e0f4985a.720.mp4
2014-05-05 16:34 - 2014-02-24 23:26 - 00000000 ____D () C:\Users\123\AppData\Roaming\IDM
2014-05-05 16:31 - 2014-05-05 16:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 16:19 - 2014-05-02 16:01 - 00001193 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-05 01:52 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-04 22:25 - 2014-05-04 22:25 - 00413184 _____ (Windows Inc) C:\Windows\SysWOW64\winnet.exe
2014-05-04 22:25 - 2014-04-13 12:19 - 00003504 _____ () C:\Windows\System32\Tasks\Windows Internet Services
2014-05-04 22:23 - 2014-05-04 22:23 - 00016111 _____ () C:\ComboFix.txt
2014-05-04 22:23 - 2014-05-01 11:46 - 00000000 ____D () C:\Qoobox
2014-05-04 22:23 - 2014-02-24 23:21 - 00000000 ____D () C:\Users\123\AppData\Local\Apps\2.0
2014-05-04 22:22 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-04 03:05 - 2014-02-24 22:44 - 00000000 ____D () C:\Users\123
2014-05-04 02:49 - 2014-05-04 02:49 - 00001188 _____ () C:\Users\123\Desktop\JRT.txt
2014-05-04 02:45 - 2014-05-04 02:45 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-04 02:40 - 2014-05-01 11:07 - 00000000 ____D () C:\AdwCleaner
2014-05-04 01:15 - 2014-05-03 00:10 - 00017767 _____ () C:\Users\123\Desktop\dds.txt
2014-05-04 01:14 - 2014-05-04 01:14 - 00688992 ____R (Swearware) C:\Users\123\Downloads\dds(1).com
2014-05-04 01:07 - 2014-05-04 01:07 - 00000976 _____ () C:\Users\123\Desktop\joey_pc - Shortcut.lnk
2014-05-04 00:34 - 2014-05-04 00:31 - 00000000 ____D () C:\Users\123\Desktop\Yu-Gi-Oh! - Joey the Passion
2014-05-03 21:50 - 2014-02-24 23:21 - 00000000 ____D () C:\Users\123\AppData\Local\Deployment
2014-05-03 10:47 - 2014-05-02 23:51 - 00000000 ____D () C:\Users\123\AppData\Local\NPE
2014-05-03 03:56 - 2014-05-03 03:56 - 00002128 _____ () C:\Users\123\Desktop\a2scan_140503-033452.txt
2014-05-03 03:32 - 2014-05-03 03:32 - 00000546 _____ () C:\Users\123\Desktop\Emsisoft Emergency Kit.lnk
2014-05-03 03:32 - 2014-05-03 03:32 - 00000000 ____D () C:\EEK
2014-05-03 00:10 - 2014-05-03 00:10 - 00688992 ____R (Swearware) C:\Users\123\Downloads\dds.com
2014-05-02 23:53 - 2014-05-02 23:53 - 00000000 ____D () C:\NPE
2014-05-02 23:51 - 2014-05-02 23:51 - 00000000 ____D () C:\ProgramData\Norton
2014-05-02 21:39 - 2014-05-02 21:39 - 00002800 _____ () C:\Windows\system32\.crusader
2014-05-02 21:39 - 2014-05-02 21:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-02 21:10 - 2014-05-02 21:10 - 00000000 ____D () C:\Users\123\Desktop\Eski Firefox verileri
2014-05-02 17:31 - 2014-05-02 17:31 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-02 17:31 - 2014-05-02 17:31 - 00000000 ____D () C:\Users\123\AppData\Roaming\AVAST Software
2014-05-02 17:31 - 2014-05-02 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-02 17:30 - 2014-05-02 17:30 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-02 17:30 - 2014-05-02 17:30 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-02 17:30 - 2014-05-02 17:30 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-02 17:30 - 2014-05-02 17:30 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-02 17:29 - 2014-05-02 16:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-02 17:29 - 2014-05-02 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 16:01 - 2014-05-02 16:01 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Users\123\AppData\Roaming\Mozilla
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Users\123\AppData\Local\Mozilla
2014-05-02 16:01 - 2014-05-02 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 15:23 - 2014-05-02 15:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 15:17 - 2014-03-01 02:22 - 00000000 ____D () C:\Users\123\AppData\Roaming\uTorrent
2014-05-02 15:06 - 2014-02-25 20:00 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-05-02 14:51 - 2014-05-02 14:51 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 14:41 - 2014-05-04 22:15 - 05197895 ____R (Swearware) C:\Users\123\Desktop\ComboFix.exe
2014-05-02 14:31 - 2014-05-02 14:32 - 00557354 _____ () C:\Users\123\Downloads\homepage-remover.exe
2014-05-02 13:03 - 2014-05-02 13:03 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\Users\123\AppData\Roaming\Malwarebytes
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 13:03 - 2014-05-02 13:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-02 12:48 - 2014-04-14 18:36 - 00003242 _____ () C:\Windows\System32\Tasks\Taskil Application
2014-05-02 12:48 - 2014-04-13 12:19 - 00412672 _____ (Windows Inc) C:\Windows\system32\winnet.exe
2014-05-02 09:36 - 2014-05-02 09:34 - 00000000 ____D () C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]
2014-05-02 01:07 - 2014-04-22 01:03 - 00000000 ____D () C:\Users\123\Desktop\Rome Season 1
2014-05-01 23:21 - 2014-04-27 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2014-05-01 23:21 - 2014-04-27 02:24 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-05-01 23:21 - 2014-04-25 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-05-01 23:21 - 2014-04-25 21:10 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2014-05-01 23:21 - 2014-04-25 13:17 - 00000000 ____D () C:\Users\123\AppData\Roaming\ScummVM
2014-05-01 23:21 - 2014-04-25 13:17 - 00000000 ____D () C:\Program Files (x86)\ScummVM
2014-05-01 23:21 - 2014-04-24 10:50 - 00000000 ____D () C:\Users\123\AppData\Roaming\LucasArts
2014-05-01 23:21 - 2014-03-01 15:33 - 00000000 ____D () C:\Users\123\Desktop\JoyToKey_en
2014-05-01 23:21 - 2014-02-27 21:29 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-01 23:21 - 2014-02-25 00:14 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-05-01 23:21 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-05-01 23:21 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-01 18:22 - 2014-05-01 16:34 - 00000000 ____D () C:\Users\123\Desktop\Inquisitor-SKIDROW
2014-05-01 12:35 - 2014-05-01 12:34 - 00884680 _____ (Google Inc.) C:\Users\123\Downloads\ChromeSetup.exe
2014-05-01 12:26 - 2014-02-27 21:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 12:26 - 2014-02-27 21:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 12:26 - 2014-02-27 21:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 12:25 - 2014-04-13 12:24 - 00000000 ____D () C:\Users\123\Desktop\Arteezy
2014-05-01 12:25 - 2014-04-06 19:16 - 00000000 ____D () C:\Users\123\Desktop\new1
2014-04-30 16:38 - 2014-04-30 16:37 - 00575687 _____ () C:\Users\123\Downloads\extension_1_4_0.crx
2014-04-28 22:19 - 2014-04-28 21:51 - 74446578 _____ () C:\Users\123\Desktop\ASMR Role Play Relaxation Session with an ASMR Artist 4 - Hair, Brushing & Crinkle.mp4
2014-04-28 17:14 - 2014-04-28 16:34 - 756676727 _____ () C:\Users\123\Desktop\583bf2495032.720.mp4
2014-04-26 18:44 - 2014-02-25 00:15 - 00000000 ____D () C:\Users\123\AppData\Local\CyberGhost
2014-04-26 18:42 - 2014-04-26 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2014-04-26 18:34 - 2014-04-03 17:30 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-04-26 17:25 - 2014-04-26 17:25 - 00005391 _____ () C:\Users\123\Downloads\[kickass.to]zork.anthology.the.july.14.1989.gog.torrent
2014-04-26 17:24 - 2014-04-26 17:24 - 00015811 _____ () C:\Users\123\Downloads\[kickass.to]cypher.cyberpunk.text.adventure.standard.edition.eng.repack.by.rg.catalyst.torrent
2014-04-26 17:24 - 2014-04-26 17:24 - 00015811 _____ () C:\Users\123\Downloads\[kickass.to]cypher.cyberpunk.text.adventure.standard.edition.eng.repack.by.rg.catalyst (1).torrent
2014-04-25 21:44 - 2014-04-25 21:08 - 00000000 ____D () C:\1
2014-04-25 13:29 - 2014-04-25 13:29 - 00000000 ____D () C:\Users\123\Desktop\The Dig (CD DOS)
2014-04-25 02:39 - 2014-04-25 02:39 - 00043760 _____ () C:\Users\123\Downloads\[kickass.to]the.dig.1.cd.1995.torrent
2014-04-25 00:57 - 2014-04-25 00:45 - 142296413 _____ () C:\Users\123\Desktop\=}}(~_~){{=Steamy Dreamy SPAtenious ASMR (binaural).mp4
2014-04-25 00:45 - 2014-04-25 00:45 - 00000000 ____D () C:\Users\123\AppData\Local\Daedalic Entertainment
2014-04-24 16:20 - 2014-04-21 15:37 - 00000000 ____D () C:\Users\123\Desktop\saykan
2014-04-24 01:24 - 2014-04-24 01:24 - 07332685 _____ () C:\Users\123\Downloads\DotA v6.78c AI 1.4e.w3x
2014-04-22 21:50 - 2014-04-22 20:42 - 829432856 _____ () C:\Users\123\Desktop\a06aca9ab1a1.720.mp4
2014-04-22 20:33 - 2014-04-22 19:40 - 752672940 _____ () C:\Users\123\Desktop\097ea1edf12c.720.mp4
2014-04-22 19:39 - 2014-04-22 19:29 - 168119186 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_4.mp4
2014-04-22 19:29 - 2014-04-22 19:22 - 89154479 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_3.mp4
2014-04-22 19:22 - 2014-04-22 19:08 - 179513982 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi_2.mp4
2014-04-22 19:02 - 2014-04-22 18:50 - 180285824 _____ () C:\Users\123\Desktop\Game of Thrones 4. Sezon 1. Bölüm izle, yabancı dizi.mp4
2014-04-21 04:25 - 2014-03-30 21:25 - 00000000 ____D () C:\Users\123\AppData\Local\Battle.net
2014-04-21 04:19 - 2014-03-30 21:25 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-21 02:35 - 2014-04-21 02:35 - 00000000 ____D () C:\Users\123\AppData\Local\Wizards of the Coast
2014-04-21 02:34 - 2014-04-21 02:34 - 00000320 _____ () C:\Users\123\Desktop\Magic The Gathering Online .appref-ms
2014-04-21 02:34 - 2014-04-21 02:34 - 00000000 ____D () C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-04-21 02:34 - 2014-04-21 02:34 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-04-21 02:24 - 2014-02-25 00:56 - 00773910 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-20 23:17 - 2014-04-20 23:15 - 00000000 ____D () C:\Users\123\AppData\Roaming\Wizards of the Coast
2014-04-16 19:32 - 2014-04-16 19:32 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 19:32 - 2014-04-16 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-16 19:32 - 2014-04-11 13:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 19:32 - 2014-04-11 13:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-16 19:26 - 2014-04-16 19:25 - 00022276 _____ () C:\Users\123\Downloads\[kickass.to]rome.complete.season.1.torrent
2014-04-14 18:36 - 2014-04-14 18:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-13 12:19 - 2014-04-13 12:19 - 00401408 _____ () C:\Windows\SysWOW64\wget.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00401408 _____ () C:\Windows\system32\wget.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00266240 _____ () C:\Windows\SysWOW64\unrar.exe
2014-04-13 12:19 - 2014-04-13 12:19 - 00266240 _____ () C:\Windows\system32\unrar.exe
2014-04-13 00:11 - 2014-02-27 21:20 - 00000000 ____D () C:\Users\123\AppData\Local\Adobe
2014-04-13 00:04 - 2014-04-13 00:04 - 01456128 _____ (Adobe Systems Inc) C:\Windows\system32\AdobeSystems.exe
2014-04-13 00:04 - 2014-04-13 00:04 - 00003448 _____ () C:\Windows\System32\Tasks\Adobe Systems
2014-04-11 20:42 - 2014-04-11 20:42 - 00000000 ____D () C:\Users\123\AppData\Local\My Games
2014-04-11 18:57 - 2014-04-11 18:57 - 00000000 ____D () C:\Users\123\AppData\Roaming\Sid Meier's Civilization 5
2014-04-11 18:57 - 2014-04-11 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-04-11 18:57 - 2014-03-03 23:59 - 00000000 ____D () C:\Users\123\Documents\My Games
2014-04-11 18:42 - 2014-03-04 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-04-11 13:16 - 2014-04-11 13:16 - 00000000 ____D () C:\ProgramData\Sun
2014-04-11 13:12 - 2014-04-11 13:12 - 00921000 _____ (Oracle Corporation) C:\Users\123\Downloads\chromeinstall-7u51.exe
2014-04-10 21:55 - 2014-04-10 21:55 - 00000000 ____D () C:\Users\123\AppData\Roaming\dvdcss
2014-04-07 23:30 - 2014-04-03 16:18 - 265763442 _____ () C:\Users\123\Desktop\57569-360_2.mp4
2014-04-07 18:35 - 2014-02-24 23:26 - 00000000 ____D () C:\Users\123\Downloads\Video
2014-04-06 21:03 - 2014-04-06 21:03 - 00000000 ____D () C:\Users\123\Documents\Paradox Interactive
2014-04-06 13:42 - 2014-04-06 03:51 - 00000000 ____D () C:\Program Files (x86)\Oto Pc Kapat
2014-04-06 03:52 - 2014-04-06 01:56 - 00000352 _____ () C:\console.log
2014-04-06 01:24 - 2014-03-06 23:31 - 00000000 ____D () C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 20:20

==================== End Of Log ============================

 

 

Users shortcut scan result (x64) Version: 06-05-2014
Ran by 123 at 2014-05-06 16:04:35
Running from C:\Users\123\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\Users\123\Links\Desktop.lnk -> C:\Users\123\Desktop ()
Shortcut: C:\Users\123\Links\Downloads.lnk -> C:\Users\123\Downloads ()
Shortcut: C:\Users\123\Desktop\Baldur's Gate.lnk -> D:\Games\Baldur's Gate 1\baldur.exe (US Outpost 31 Productions)
Shortcut: C:\Users\123\Desktop\CyberGhost 5.lnk -> C:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: C:\Users\123\Desktop\Emsisoft Emergency Kit.lnk -> C:\EEK\start.exe (Emsisoft GmbH)
Shortcut: C:\Users\123\Desktop\I Wanna Be The Boshy - Shortcut.lnk -> D:\yedek\IWBTB\I Wanna Be The Boshy.exe (Solgryn.org                                                                                         )
Shortcut: C:\Users\123\Desktop\joey_pc - Shortcut.lnk -> C:\Users\123\Desktop\Yu-Gi-Oh! - Joey the Passion\YUGIOHPC\YUGIOHPC\joey_pc.exe ()
Shortcut: C:\Users\123\Desktop\LoL.lnk -> D:\yedek\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\123\Desktop\MediaHuman YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMp3.exe ()
Shortcut: C:\Users\123\Desktop\Path Of Exile.lnk -> D:\Games\Path Of Exile\Client.exe ()
Shortcut: C:\Users\123\Desktop\Steam.lnk -> D:\steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\123\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Konsol RAR kılavuzu.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR yardımı.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files (x86)\Internet Download Manager\grabber.chm ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files (x86)\Internet Download Manager\idman.chm ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files (x86)\Internet Download Manager\license.txt ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files (x86)\Internet Download Manager\tutor.chm ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files (x86)\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Alarmset 6\Alarmset 6 Yardım ve Destek.lnk -> C:\Users\123\AppData\Roaming\Microsoft\Installer\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}\_5df81f92.exe ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Alarmset 6\Alarmset 6.lnk -> C:\Users\123\AppData\Roaming\Microsoft\Installer\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}\_5d513b2b.exe ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk -> C:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\123\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LoL.lnk -> D:\yedek\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\123\AppData\Local\Microsoft\Windows\GameExplorer\{CC835F64-98C0-44A9-97D2-87C3C82E565C}\PlayTasks\0\Play.lnk -> D:\Games\Divine Divinity\div.exe (No File)
Shortcut: C:\Users\123\AppData\Local\Microsoft\Windows\GameExplorer\{A8A3D596-EF35-4BDF-A953-2574D604D6FE}\PlayTasks\0\Play.lnk -> D:\Games\Siege Of Avalon\DTLoader.exe (No File)
Shortcut: C:\Users\123\AppData\Local\Microsoft\Windows\GameExplorer\{79359072-71A3-4C98-8092-2B2638D4AA85}\PlayTasks\0\Play.lnk -> C:\Users\123\Desktop\cstrike\hl.exe (No File)
Shortcut: C:\Users\123\AppData\Local\Microsoft\Windows\GameExplorer\{62B09D80-93EF-4BC7-8291-EA3D6E7E4C80}\PlayTasks\0\Play.lnk -> D:\Games\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Alert 2.lnk -> D:\Games\Red Alert 2\Game.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XWIS Client.lnk -> D:\Games\Red Alert 2\XWIS Client.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Konsol RAR kılavuzu.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR yardımı.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files (x86)\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files (x86)\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Sid Meier's Civilization 5\Play Sid Meier's Civilization 5.lnk -> D:\Games\Sid Meier's Civilization 5\Language.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Sid Meier's Civilization 5\Uninstall Sid Meier's Civilization 5.lnk -> C:\Users\123\AppData\Roaming\Sid Meier's Civilization 5\Uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman\YouTube to MP3 Converter\MediaHuman YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMp3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\Uninstall MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KUR YAZILIM\Sözlük\Onar-Kaldır.lnk -> C:\Program Files (x86)\KUR YAZILIM\Kurulum Bilgileri\Sozluk\Kur.exe (KUR YAZILIM)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KUR YAZILIM\Sözlük\Sözlük.lnk -> C:\Program Files (x86)\KUR YAZILIM\Sozluk\Sozluk.exe (KUR YAZILIM)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KUR YAZILIM\Sözlük\Yardım.lnk -> C:\Program Files (x86)\KUR YAZILIM\Sozluk\Sozluk.hlp ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk -> C:\Program Files (x86)\Internet Download Manager\grabber.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk -> C:\Program Files (x86)\Internet Download Manager\idman.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk -> C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk -> C:\Program Files (x86)\Internet Download Manager\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk -> C:\Program Files (x86)\Internet Download Manager\tutor.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk -> C:\Program Files (x86)\Internet Download Manager\Uninstall.exe (Tonec Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Turbo Boost Teknolojisi Gözleyicisi 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Baldur's Gate 2 Complete.lnk -> D:\GOG Games\Baldur's Gate 2\bgmain.exe (BioWare Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Config.lnk -> D:\GOG Games\Baldur's Gate 2\BGConfig.exe (BioWare Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Uninstall Baldur's Gate 2 Complete.lnk -> D:\GOG Games\Baldur's Gate 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Tools\Character Viewer.lnk -> D:\GOG Games\Baldur's Gate 2\CharView.exe (BioWare Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Documents\Manual.lnk -> D:\GOG Games\Baldur's Gate 2\manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Documents\Readme - ToB.lnk -> D:\GOG Games\Baldur's Gate 2\readme_addon.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Documents\Readme.lnk -> D:\GOG Games\Baldur's Gate 2\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Baldur's Gate - The Original Saga.lnk -> D:\GOG Games\Baldur's Gate\BGMain.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Config.lnk -> D:\GOG Games\Baldur's Gate\Config.exe (Bioware Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Uninstall Baldur's Gate -  The Original Saga.lnk -> D:\GOG Games\Baldur's Gate\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Manual - TotSC.lnk -> D:\GOG Games\Baldur's Gate\MANUAL_addon.PDF ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Manual.lnk -> D:\GOG Games\Baldur's Gate\MANUAL.PDF ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Map.lnk -> D:\GOG Games\Baldur's Gate\MAP.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Readme - TotSC.lnk -> D:\GOG Games\Baldur's Gate\Readme_totsc.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Readme.lnk -> D:\GOG Games\Baldur's Gate\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Rue\Gemini Rue Setup.lnk -> D:\Games\Gemini Rue\winsetup.exe (Chris Jones)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Rue\Play Gemini Rue.lnk -> D:\Games\Gemini Rue\Gemini Rue.exe (TheJBurger                    )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Rue\Uninstall Gemini Rue.lnk -> D:\Games\Gemini Rue\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free 3GP Video Converter.lnk -> C:\Free 3GP Video Converter\Free3GPVideoConverter.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> D:\Games\Diablo III\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> D:\Games\Diablo III\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> D:\Games\Diablo III\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> D:\Games\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\CyberGhost 5.lnk -> C:\Program Files\CyberGhost 5\CyberGhost.exe (CyberGhost S.R.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\Uninstall CyberGhost 5.lnk -> C:\Program Files\CyberGhost 5\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO\Heroes 3 Complete\Uninstall Heroes of Might and Magic Complete.lnk -> C:\Windows\IsUninst.exe (No File)
Shortcut: C:\ProgramData\Media Center Programs\UO.lnk -> D:\Games\Electronic Arts\Ultima Online Classic\GDF\UO-MCE.mcl (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Baldur's Gate 2 Complete.lnk -> D:\GOG Games\Baldur's Gate 2\bgmain.exe (BioWare Corp.)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> D:\Games\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Free 3GP Video Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free 3GP Video Converter\Free3GPVideoConverter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\Public\Desktop\Gemini Rue.lnk -> D:\Games\Gemini Rue\Gemini Rue.exe (TheJBurger                    )
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)


ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.soraxi.com/
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.soraxi.com/
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.soraxi.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.soraxi.com/


ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\Users\123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard SingleAspectPage LeafName=Leaf_PowerXpress
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk -> C:\Windows\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}\wmdc.exe (Microsoft Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> /SAFE=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Kablosuz\WiFi Elle Tanılama.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Wireless Diagnostics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Kablosuz\WiFi Gelişmiş İstatistikler.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Advanced Statistics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Kablosuz\WiFi Olay Görüntüleyici.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel® Corporation) -> /sf Wireless Event Viewer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset KeyMapper.lnk -> C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe (DOSBox Team) -> -erasemapper
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


InternetURL: C:\Users\123\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\123\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\123\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\123\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\123\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\123\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\123\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\123\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\123\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\123\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\123\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\123\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\123\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\123\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\123\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\123\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\Facebook De GamesTorrents.url -> hxxp://www.facebook.com/pages/GamesTorrents/104243949657612?ref=ts
InternetURL: C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\GamesTorrents En YOUTUBE.url -> hxxp://www.youtube.com/user/o0changoboyGT0o?feature=mhee
InternetURL: C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\Twitter De GamesTorrents.url -> https://twitter.com/GamesTorrents
InternetURL: C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\UPLOADED - A Que Esperas En Ser PREMIUM.url -> hxxp://ul.to/ref/3158812
InternetURL: C:\Users\123\Desktop\Nihilumbra [MULTI11][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\WwW.GamesTorrents.CoM.url -> hxxp://www.gamestorrents.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst\CYPHER - Cyberpunk Text Adventure\Release of BestRepack.NET.url -> hxxp://bestrepack.net
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman\YouTube to MP3 Converter\Website.url -> hxxp://www.mediahuman.com/?utm_source=youtubetomp3&utm_medium=win-start&utm_content=3.4
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate 2\Documents\Support.url -> hxxp://www.gog.com/support/baldurs_gate_2_complete
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Baldur's Gate\Documents\Support.url -> hxxp://www.gog.com/support/baldurs_gate_the_original_saga
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Rue\Gemini Rue on the Web.url -> hxxp://www.geminirue.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner

==================== End of log =============================
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by 123 at 2014-05-06 16:07:58
Running from C:\Users\123\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Alarmset 6 (HKLM-x32\...\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}) (Version: 6.0.5.0 - Melsis Electronics)
AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.2.0.20305 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Baldur's Gate -  The Original Saga (HKLM-x32\...\GOGPACKBALDURSGATE1_is1) (Version: 2.0.0.20 - GOG.com)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.29.0 - Conexant)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.3.5 - ELAN Microelectronic Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free 3GP Video Converter version 5.0.35.304 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
Gemini Rue version 1.0 (HKLM-x32\...\{C018A7CD-4974-4B91-BCC7-F547A8F48F2A}_is1) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel® Turbo Boost Teknolojisi Gözleyicisi 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Kablosuz WiFi Yazılımı (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Livestreamer 1.7.5 (HKLM-x32\...\Livestreamer) (Version:  - )
Magic The Gathering Online  (HKCU\...\35c9d60442fbb010) (Version: 3.4.80.400 - Wizards of the Coast)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter version 3.4 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.4 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (x32 Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (x32 Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (x32 Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (x32 Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (x32 Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (x32 Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False (x32 Version: 11.0.50727.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False (x32 Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0 (x86 tr) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 tr)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Sözlük (HKLM-x32\...\Sozluk) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

02-05-2014 11:57:49 Windows Defender Checkpoint
02-05-2014 12:07:17 Windows Update
02-05-2014 13:44:30 avast! antivirus system restore point
02-05-2014 14:29:43 avast! antivirus system restore point
02-05-2014 20:57:11 Norton_Power_Eraser_20140502235705454
04-05-2014 11:48:03 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 05:34 - 2014-05-04 22:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08C62726-CD0D-4DE0-9786-002F441C917F} - System32\Tasks\Taskil Application => C:\ProgramData\Adobe\Taskil\taskil.exe [2014-05-02] (Adobe System Inc)
Task: {184E6BA5-9CA1-4F90-B4FC-C900F015255C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {27D72E0E-B209-4B62-9A39-240659555FFF} - \{552C6F6F-D905-4AE4-AF58-37394D7781F6} No Task File <==== ATTENTION
Task: {393F61CD-7DB0-4DFB-A32D-F01656C9928F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {3B5EFB52-E32C-43BE-A00C-77D9185D12CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02] (AVAST Software)
Task: {616263D9-F067-491E-85D2-15EB2F011F53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {8F376854-CEB4-4DD6-9659-925614A16A9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C67CE4E6-495A-4DEE-B6CB-0005B4D8CB13} - System32\Tasks\Adobe Systems => AdobeSystems
Task: {EA01A923-7965-4AB5-8920-15FF22F7E6CE} - System32\Tasks\Windows Internet Services => Winnet
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-24 23:11 - 2012-03-19 16:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-05 20:54 - 2014-05-05 20:54 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14050501\algo.dll
2014-05-06 14:08 - 2014-05-06 14:08 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14050600\algo.dll
2014-05-02 16:01 - 2014-04-22 12:25 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-02 17:30 - 2014-05-02 17:30 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-01 12:26 - 2014-05-01 12:26 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2014-02-24 23:09 - 2012-01-21 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-05-06 11:32 - 2014-04-24 03:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel® Turbo Boost Teknolojisi Gözleyicisi 2.0.lnk => C:\Windows\pss\Intel® Turbo Boost Teknolojisi Gözleyicisi 2.0.lnk.Startup
MSCONFIG\startupfolder: C:^Users^123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: ETDCtrl => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 08:36:28 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.


System errors:
=============
Error: (05/06/2014 10:07:09 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:58 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:48 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 10:06:38 AM) (Source: Schannel) (User: NT AUTHORITY) (EventID: 4120)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2014 06:30:22 AM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (05/05/2014 08:36:28 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2014-05-05 18:22:44.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-05 18:16:39.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-05 18:16:39.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-05 18:16:39.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 22:21:40.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-04 22:21:40.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-04 15:03:53.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 15:03:47.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 15:03:47.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-04 15:03:47.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3971.36 MB
Available physical RAM: 1827.52 MB
Total Pagefile: 7940.86 MB
Available Pagefile: 5620.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.9 GB) (Free:44.02 GB) NTFS
Drive d: () (Fixed) (Total:365.46 GB) (Free:35.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A441B47C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by fenx07, 06 May 2014 - 08:08 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users